A new bill was introduced last week that would ban TikTok and other foreign technology. The bipartisan bill would provide the federal government with the authority to restrict or ban the Chinese-owned video app TikTok, along with technologies produced in six different countries with which the United States has tense relations. The targeted countries include China, Cuba, Iran, North Korea, Russia and Venezuela.
The bill, called the Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act, or the RESTRICT Act, would require the secretary of commerce to identify and address foreign threats to information and communications. It also would give the secretary broad power to restrict or ban applications identified to present a threat to the interests of the United States and its citizens.
White House Officials Back the Legislation
White House officials backed the legislation, affirming recent efforts by numerous lawmakers to ban TikTok. Although TikTok is not directly named in the RESTRICT Act, lawmakers have openly remarked on fears that TikTok is exploiting millions of American users by channeling personal information to the Chinese government.
The RESTRICT Act states that it would apply to technology that could be used to interfere with elections, is designed with deceptive intent or present risks to national security. Although the bill does not specifically address how the secretary would make these determinations or how the technology would be restricted, it does give the secretary broad regulatory discretion, up to and including a full ban.
TikTok Claims That American Data Is Protected, Lawmakers Disagree
The RESTRICT Act is not the U.S.’s first attempt at banning foreign applications like TikTok. In 2020, former President Donald Trump issued an executive order to try to force TikTok’s Chinese-based parent company, ByteDance Ltd., to sell TikTok. These efforts were paused by the court and later rescinded by President Joe Biden. Late last year, FBI Director Christopher Wray warned lawmakers that China could weaponize TikTok by controlling suggested content to carry out influence operations, hacking into private devices and monitoring private user data, including the geolocation of each American user.
Earlier this week, the U.S. Committee on Foreign Investment indicated that it is also threatening a ban unless ByteDance sells its share of TikTok. The Committee has been investigating TikTok for more than two years, including whether this application poses threats to consumer privacy and national security.
TikTok representatives have repeatedly denied storing U.S. data in China and state that the company has taken steps to mitigate any possibility of improper influence by the Chinese government. Over the last two years, TikTok claims to have spent approximately $1.5 million on data security. TikTok CEO Shou Zi Chew is schedule to appear before a House panel next week to answer data privacy related questions and dispel U.S. concerns related to national security. Though TikTok claims it is taking all necessary steps to protect American data, lawmakers disagree.
Federal Employees Instructed to Delete the App
TikTok’s self-regulation did not stop the White House from instructing all federal employees to delete the app from all work devices by the end of this month. Congress also passed a ban on the app on all government devices late last year, following a number of state governments and universities who also blocked or banned access to the app.
The RESTRICT Act represents one of many bills that have been introduced to regulate data collection by foreign actors via technology-based applications. While there seems to be broad bipartisan support for the RESTRICT Act, some lawmakers expressed reservations to its narrow scope. Certain lawmakers and interested parties are instead calling on the government to address data security in a more comprehensive way. Others express concerns that providing the government with broad discretion in banning technology implicates free speech rights under the First Amendment.
The Confusing State of Data Privacy Law in the United States
There is no overarching data privacy law in the United States. Rather, residents must navigate a hodgepodge of state and federal laws to protect their privacy interests on social media. Currently, only five states – California, Colorado, Connecticut, Utah and Virginia – have data protection laws. Furthermore, some existing laws are not available for individuals to assert as a cause of action. For example, the Federal Trade Commission Act provides the United States Federal Trade Commission (FTC) with the authority to bring enforcement actions against companies engaging in “deceptive practices,” including a company’s failure to adhere to its established privacy policies or its failure to provide adequate security when storing data. While this protection is ultimately aimed at protecting individuals from deceptive trade practices, including those perpetuated by tech giants misusing private information, it cannot be brought as a private cause of action by an individual who is harmed as a result of a social media platform’s actions. Thus, consumers must be scrupulous in protecting their own information before providing it to a platform. For more tips on protecting your data privacy on social media, check out our article: Ten Ways to Protect your Privacy on Social Media.
Social Media Platforms and Data Brokers Are Already Using and Misusing your Private Data
TikTok is not unique in its quest to obtain and store the data of American social media users. In fact, any time you create a profile or log into a website, that website stores your private personal information, including but not limited to the storage of passwords and security questions, contact information, geographic location, browsing history and interests, IP addresses and more. On top of that, outside companies surveil, scrap and store information pulled from social media sites.
This widespread data collection is extremely valuable, and it opens the door for people in possession of this information to use it for commercial gain. Data brokers already buy, sell and trade Americans’ personal information. Unfortunately, this data collection is often used for nefarious purposes, and not just by foreign actors. In the last year, there has been an influx of litigation against social media platforms for misusing the private data of its users. For example, last year, the FTC charged Twitter with deceptively using data that was purportedly collected for security reasons, but instead was used to sell targeted ads to users. The DOJ ordered the tech giant to pay a $150 million penalty. Facebook has also been under fire by the FTC for deceiving its users about data privacy, perhaps most significantly in 2019 when it was ordered to pay out a record $5 billion penalty – the largest ever imposed on any company for violating consumer privacy.
With no major data privacy law in the U.S., data privacy advocates are calling on lawmakers to implement greater protections governing data collection on social media, including regulations that would govern the millions of other applications besides TikTok that collect and store user data. Nevertheless, if the RESTRICT Act is enacted, it would represent a step in the direction of greater social media regulation.
For further questions or clarifications regarding the content of this article, please contact KJK attorney Ali Arko (ALA@kjk.com; 216.716.5642) or Emily Stoerkel (ELS@kjk.com; 614.427.5755).