The "TikTok"-ing Clock of American Data Policy

By now I’m sure you’ve read most of the hot takes about Kesha’s 2009 hit single the Congressional testimony of TikTok CEO Shou Zi Chew. I chose not to subject myself directly to the numerous questions née soapboxing of legislators. I was not expecting it to provide us with any real insight as to what we can expect from Congress on data privacy legislation or concerns of mass surveillance of Americans. To some degree this was mostly a correct assumption, however, I think there is a major question underlying the six hours of testimony: What happens when America is not in the driver’s seat?

Nationalism or National Security?

Six out of ten of the most downloaded apps in 2023 were from American-based companies. TikTok is one of the first services that has an influence rivaling those of Twitter and Meta that originates outside of the United States. It’s a perfect storm to have the first rivaling social media platform come from a country that has had historically chilled relationships with the Pax Americana.

The result is a debate that makes it hard to distinguish genuine policy concerns from political fodder or thinly veiled racism. In the lead up to the hearing we’ve heard lawmakers calling for bans on the app to a full divestment of the company by ByteDance. The criticisms thrown at the company use much harsher language than what was used against their American counterparts (including one lawmaker stating the company was dealing in “digital fentanyl”).

When Mark Zuckerberg or Sundar Pichai spoke to legislators about their platforms and apps, the tone was significantly more muted. Comparatively tame remarks about the safety of children, corporate surveillance, or freedom of speech escalated without hesitation to levels that appear more as fear-mongering.

Welcome to the Rest of the World

The questions raised by TikTok’s increasing popularity aren’t new, many other countries have had to deal with these questions for years. In fact, in October, President Biden issued an Executive Order to stake a third attempt to resolve the concerns with the EU-US Privacy Shield Framework to resolve the same type of concern: worries by European lawmakers over American surveillance and data protection practices. But these countries don’t necessarily have many options, they can either deal with American dominance of the tech sector or be disconnected from large parts of digital world.

Different countries have attempted to resolve these same concerns in several ways. For example, India has begun requiring that payment data must be processed inside the country. Indonesia has attempted to exercise data access by requiring companies to register with the government licensing scheme or else be blocked. Others simply attempt to block services that don’t comply with their policies using their own mini-Great Firewalls (to the criticism of many American diplomats).

Following the Money

The other point raised by the hearings are whether TikTok should be sold to an American company and completely divested from CCP-aligned stakeholders. The problem is that this doesn’t offer a great solution either. Chinese companies like Tencent have been investing heavily into American companies (particularly in video games). Riot Games is fully owned by Tencent and yet doesn’t receive nearly the same level of scrutiny as TikTok is receiving. In fact, foreign investments into US businesses exceeded $300 billion in 2022. By adopting a policy where the government can simply ask for divestment of the firm as a condition to operating there at best deters motivation for building global technology at all and at worst forces “siloed” internet services that hinder the connectivity that people are used to in this century.

I would be lying if I did not have concerns over the growth of soft power by the CCP and it’s potential downstream effects to an open society as a whole. However, a reactionary approach that reduces the predictability of online life can cause long term consequences for the internet as a whole.

“Project Texas” and Nationally Federated Data

Chow repeatedly raised the prospect of Project Texas; a proposed partnership with Oracle to host American user data and content moderation decisions through a new American-controlled entity. The proposal is designed to create an entity that satisfies the national security concerns of state surveillance, content censorship, and transparency. It seems to be a replication of what ByteDance does for TikTok’s China-only counterpart, Douyin. While there are some novel elements of the Project Texas proposal, the approach in some components is similar to what American companies have proposed in order to operate in other jurisdictions.

The unfortunate consequence of this policy is that “most data held outside the U.S. will not be able to flow into” the U.S. This may result in a much more siloed experience—in other words, the TikTok that American users will experience will be a “America Only” experience, vastly different from what people are used to on the internet. I’ll admit as a TikTok user myself, I enjoy seeing content from all over the world and not just from the United States. Other countries are going to watch the model that the U.S. develops with TikTok and likely attempt to replicate that in other countries with companies that want to serve their users.

What remains to be seen is how the dust settles as this model expands. The world won’t be better —or necessarily safer—with each country having their own version of each major application. The scope of challenges the world faces require a more connected world, not a more divided one. Part of the appeal of the internet age is the ability to seamlessly share information with anybody in the world, regardless of the format.

There is a lot of evidence that we need better regulation in the tech industry; staging a boogeyman through a convenient scapegoat doesn’t solve that problem. This could have been the perfect test case for an American tech policy framework; in lieu of that, there are some lessons we can learn from this experience. Whichever direction TikTok or a broader data policy framework goes, it should consider the following points (synthesized musically of course):

1. Go until they kick us out: American data protection regimes need to consider other national security policies
   International lawmakers have been dealing with this since the fallout of the Snowden leaks. American technology policy needs to also identify how to balance the desire for an internationally connected world with the protection of it’s own citizens.
2. Money in the pocket that’s already here: Careful consideration of the balance of soft power with an interconnected community is paramount.
   There are concerns about the growth of soft power and the use of companies as economic means to push national agendas. But these questions need to be more carefully considered at how we choose to limit and influence them much more than fear-mongering.
3. Kick em’ to the curb?: Federating data in each country can alleviate influence concerns but risk removing the benefits of the internet as a whole.
   Federating data into respective countries can help some of the concerns lawmakers have about citizen data being used for nefarious purposes, but the Project Texas approach may open Pandora’s Box Datacenter and severely hinder connectivity and innovation in the tech sector.
4. Apps blowing up my phone (phone): Stable regulations is going to be critical for all players.
   Ensuring that domestic and foreign companies play by a similarly predictable set of rules is going to be critical in maintaining this balance of concerns.