atisusanti
San Francisco – In a significant shift in its data collection practices, TikTok’s newly formed U.S. joint venture has updated its privacy policy, enabling the collection of precise user location data from its substantial American user base of 200 million individuals. This move comes on the heels of investors finalizing a deal with TikTok’s Chinese parent company, ByteDance, to manage the popular short-form video application’s operations within the United States. The updated terms of service now explicitly state that the joint venture "may now collect precise location data, depending on your settings," a departure from the previous policy that permitted only the collection of "approximate" location information. TikTok has not yet provided a comment to the BBC regarding this policy alteration.
The company has emphasized that this sensitive personal information will be processed in compliance with "applicable law," and users retain the ability to disable location services through their device settings at any time. Prior to the establishment of the new venture, TikTok already gathered location information derived from a user’s SIM card or IP address, or a combination of both. However, according to the 2024 iteration of its privacy policy, the platform had previously refrained from collecting even approximate GPS information from American users operating the most current version of the app. Precise location sharing has not yet been activated in the U.S. and is anticipated to be an opt-in feature, meaning it will be turned off by default and users will be prompted with a pop-up message to consent to its use. TikTok has not disclosed a specific timeline for when this update will be rolled out to American users.
This expansion of location data collection in the U.S. mirrors practices already in place in the United Kingdom and Europe, where TikTok utilizes similar data for its "Nearby Feed" feature, designed to help users discover local events and businesses. Beyond location data, the new American TikTok joint venture is also broadening its permissions for gathering information related to user interactions with TikTok’s artificial intelligence (AI) tools. This includes the content of prompts and questions submitted by users, as well as details concerning how, when, and where AI-generated content was initiated or produced.
The newly established entity, TikTok USDS Joint Venture LLC, is structured with three managing investors. Among them is the cloud computing giant Oracle, a company heavily invested in AI infrastructure and which has incurred significant debt to fuel its ambitions in this rapidly expanding sector. Oracle is chaired by Larry Ellison, a prominent Republican megadonor and a long-standing associate of former U.S. President Donald Trump. Notably, the Trump administration played a role in brokering the initial U.S. deal concerning TikTok. This agreement emerged after years of diplomatic friction between Washington and Beijing, a dispute that commenced during Trump’s first presidential term when he attempted, unsuccessfully, to ban the app citing national security concerns.
In 2024, the U.S. enacted legislation mandating a ban on the platform within the United States by January 2025, unless ByteDance divested its U.S. operations to American investors. Trump, prior to the finalization of the joint venture this week, had repeatedly delayed the enforcement of this legislation. The 2024 law was partly a response to apprehensions regarding the potential for Beijing to access the data of TikTok’s American users. In a statement issued on Thursday, the new joint venture articulated its mission as being "to secure U.S. user data, apps and the algorithm through comprehensive data privacy and cybersecurity measures." Oracle is slated to oversee the retraining of TikTok’s sophisticated content recommendation algorithm using existing American user data, with the joint venture specifying that the algorithm "will be secured in Oracle’s U.S. cloud environment." ByteDance will retain a minority stake, just under 20%, in the joint venture. Additional managing investors include the U.S. technology investment firm Silver Lake and the Abu Dhabi state-owned investment fund MGX, which has previously engaged in business dealings with the Trump family’s cryptocurrency venture, World Liberty Financial.
On Friday, Republican Representative John Moolenaar, who chairs the House Select Committee on China, voiced his reservations about ByteDance’s continued involvement in TikTok’s U.S. operations. He stated, "Does this deal ensure China does not have influence over the algorithm? Can the parties involved assure Americans their data is secure? Those are questions that need to be answered as the Select Committee does oversight of this deal." The committee’s oversight responsibilities will be crucial in scrutinizing the implications of this new arrangement.
The implications of collecting precise location data are far-reaching. For users, it can enable more personalized content, location-based services, and improved discovery features. However, it also raises significant privacy concerns. Precise location data can reveal a user’s home address, workplace, travel patterns, and even sensitive details about their daily routines. This information, if mishandled or breached, could be exploited for surveillance, targeted advertising that feels intrusive, or even physical safety risks. The explicit mention of "depending on your settings" suggests a degree of user control, but the effectiveness and clarity of these settings will be paramount. The shift from "approximate" to "precise" data collection indicates a strategic decision by TikTok to leverage more granular user information, likely to enhance its platform’s engagement metrics and advertising capabilities.
The involvement of Oracle and its chairman, Larry Ellison, a known ally of former President Trump, adds another layer of complexity. Oracle’s significant investment in AI infrastructure and its role in securing the algorithm within its U.S. cloud environment are intended to assuage concerns about Chinese government access to data and algorithmic manipulation. However, the continued minority stake held by ByteDance, even if below 20%, will likely remain a point of contention for lawmakers and national security experts. The historical context of U.S.-China tech tensions, particularly concerning data security and intellectual property, underpins the ongoing scrutiny of this deal. The 2024 law was a direct consequence of these deep-seated anxieties, aiming to sever the operational ties that could potentially compromise American user data.
The joint venture’s stated mandate to "secure U.S. user data, apps and the algorithm" through robust data privacy and cybersecurity measures is a critical promise. However, the devil will be in the details of its implementation. The transparency surrounding the data handling practices, the robustness of the cybersecurity protocols, and the independent oversight mechanisms will be key determinants of whether this joint venture successfully navigates the complex landscape of data privacy and national security concerns. The focus on retraining the algorithm within Oracle’s U.S. cloud is a tangible step, but the ongoing influence and operational involvement of ByteDance, however indirect, will continue to be a focal point for regulators and members of Congress like Representative Moolenaar. The broader implications for the digital privacy of millions of Americans and the future of data governance in the social media landscape will unfold as this new chapter in TikTok’s U.S. operations begins.
Ramos Leo
Nakalama John
George Anjay
