TikTok, which is owned by China's ByteDance, has confirmed that China-based employees can access U.S. user data under certain circumstances.
Responding to U.S. Republican senators' inquires, TikTok has said in a letter that China-based employees who clear internal security protocols can access information on TikTok's U.S. users, including public videos and comments.
"Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team," TikTok's CEO Shou Zi Chew wrote in the letter.
TikTok has further added that it is currently working with the U.S. government on strengthening data security, anything defined as "protected" by the Committee on Foreign Investment in the U.S. or CFIUS.
"TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data's classification and requires approvals for access to U.S. user data," Chew added.
According to a recent report, ByteDance employees accessed U.S. user data over at least four months. However, U.S.-based employees did not have access permission.
Last year, during a U.S. congressional hearing, TikTok denied sharing any data with the Chinese government and said it had taken steps to safeguard the data.
TikTok had said that outside researchers have found that TikTok has collected less data on users than its tech industry peers. The U.S. user data is stored in the United States, with backups in Singapore.