Regardless of what TikTok declares publicly, it appears the short-form video hosting service has been sharing US user data with China. As BuzzFeed reports(Opens in a new window), leaked audio from over 80 internal TikTok meetings shows engineers working for ByteDance (TikTok's parent company) in China could see everything. In total, 14 announcements from nine different TikTok employees confirmed access to the data by individuals located in China. [tweet_embed] June 22, 2022[/tweet_embed] The proof is quite damning, with US employees either not having authorization to or knowledge of how to access US user data themselves. Rather, someone in China had to access it for them, with at least one ByteDance engineer in Beijing referred to as a "Master Admin." It's unclear precisely how long US data has been accessible in China, yet the leaked audio proves it was available from Sept. 2021 to Jan. 2022 at the very least. That's a key bit of information to keep in mind when you consider TikTok issued an announcement back in 2019(Opens in a new window) which stated, "We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law." [tweet_embed] June 22, 2022[/tweet_embed] While that announcement above may be real, the company further declared, "TikTok does not operate in China, nor do we have any intention of doing so in the future," clearly ByteDance employees in China are treated separately. In response to the leaked audio, TikTok spokesperson Maureen Shanahan said to BuzzFeed: "We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That's why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses." On the same day BuzzFeed disclosed details of the leaked audio, TikTok declared it has been working with Oracle for over a year to "better safeguard our app, systems, and the security of US user data." All US user traffic is now routed through the Oracle Cloud Infrastructure and TikTok expects to erase US users' private data from its own data centers in the US and Singapore. TikTok firtjer clarifies how it has a new department "with US-based leadership, to solely manage US user data for TikTok." [tweet_embed] June 22, 2022[/tweet_embed] Changing to Oracle's cloud and promising to manage US data in the US suggests no more ByteDance engineers will have access to it. Although, TikTok's management would be naive to believe this was the end of the matter. If anything, it's more likely to be only the start of fresh scrutiny over the company's practices.