TikTok’s Project Texas is underway

Happy Thursday, everybody! In this edition of Privacy Insider, I wanted to highlight the kickoff of TikTok’s “Project Texas.”

Many will remember the controversy that TikTok faced in recent years. The social media app is both highly popular and owned by a Chinese company, which raises concern given Beijing’s track record regarding data privacy. In fact, ByteDance — the company that owns TikTok — was ordered to sell off TikTok in 2020 by the Trump administration.

That never came to pass. Instead, TikTok promised to work with a US-based technology partner to create clones of its internal systems that would be based in and designed for the US. In theory, the Chinese government wouldn’t be able to access these US-based systems even if they wanted to. The initiative was called “Project Texas,” after the home state of Oracle, TikTok’s chosen technology partner.

The idea is that Oracle, as a neutral partner, will evaluate TikTok’s systems and host its data centers, preventing outside influence by Chinese authorities.

It’s a warranted move. In the past, TikTok employees have asserted that user data was regularly accessed by Chinese officials, and the Guardian reported that TikTok censored stories that displeased Beijing. 

Creating a US-based team with US-based infrastructure and promising that China won’t influence its operations is all well and good. Given its history of data privacy violations, however, it remains to be seen whether the US team will truly be free from the influence of its Chinese counterparts.

But if Project Texas succeeds, it will be an interesting use case. International companies bump up against different countries’ data privacy practices all the time, so one solution might be to create segregated systems and teams for each jurisdiction. It’s certainly the approach that TikTok is taking: they have plans to replicate Project Texas in Europe as a means of handling the EU’s far more stringent data privacy laws.

Maybe this is an image of what the future internet will look like — a collection of cloned systems tweaked to fit the rules and regulations of different countries and jurisdictions.

Best,
Arlo

Oracle begins auditing TikTok's algorithms
As part of the social media company’s “Project Texas,” TikTok has allowed Oracle to begin vetting its algorithms and content moderation models to ensure they aren’t being manipulated by Chinese authorities. The Project Texas initiative is meant to give US TikTok users confidence that their data is safe and their content recommendations aren’t being manipulated, since TikTok’s parent company ByteDance is a Chinese company.
Read more

Lawmakers investigate allegations of law enforcement agencies purchasing personal data
Two Democrats in the House of Representatives have demanded details from seven law enforcement agencies regarding the alleged purchases of Americans’ personal data in a move intended to sidestep the process of obtaining a warrant. In the letter, the representatives stated that these law enforcement agencies had purchased personal data through data brokers “instead of obtaining it through statutory authorities, court order, or legal process.”
Read more

Digital medical companies shown to funnel patient data to Facebook
A new study shows that digital health companies are funneling sensitive patient data to Facebook to conduct targeted advertising.  The researchers studied the online activities of 10 participants active in the online cancer community who had used digital health tools from five different companies. These companies used third-party ad trackers to follow the patients online and market to them, violating three of the companies’ own privacy policies.
Read more

Indian shipping logistics company exposed thousands of customers’ personal data
Shipyaari, an e-commerce logistics solution, was discovered to have exposed customer data over the course of a months-long spill of its internal shipment information. The data included customers’ names, addresses, phone numbers, order invoice amounts, and delivery statuses.
Read more 

Spotlight on Osanians: Get to know Chris
Ever wished you could get to know the people hard at work keeping the world compliant with data privacy regulations? Our Spotlight on Osanians series shines a light on the people we’re proud to call our coworkers. This post focuses on Chris Washington, an Implementation Manager here at Osano. Check out Chris’s interview here.

If you want to keep up with the Spotlight on Osanians series, bookmark this page — we’ll update it regularly as new interviews come out.

And if you someday aspire to be featured on the Spotlight series, why not check out our Careers page? We might have the perfect opportunity for you.