TikTok’s Project Texas - Social Media Data Governance Across Geopolitical Lines

TikTok, a video sharing social media platform, is a subsidiary of ByteDance, a Chinese-owned company, with its headquarters in Singapore. There’s an ongoing concern in the United States Congress that American users’ data may be exposed to unauthorized access or manipulated by foreign entities. In an effort to alleviate these concerns and retain user trust, TikTok launched Project Texas, aimed at safeguarding American users’ data. This commentary examines the broader implications of Project Texas on data governance, particularly in the context of geopolitical boundaries. It delves into the geopolitics of social media and the autonomy of data governance in the digital age, offering advice for all social media platforms regarding these issues.


TIKTOK'S PROJECT TEXAS
On March 23, 2023, U.S. Congress held a high-profile hearing to discuss the national security issues associated with TikTok, a social media platform released in September 2016 that primarily features user-generated video content ranging from 3 seconds to 10 minutes in length.TikTok is a branch of ByteDance, a Chinese-owned company.As of 2023, the platform reportedly has around 834 million monthly users worldwide [13].The application's escalating popularity among American teenagers and young adults has sparked worries that it might compromise American national security through clandestine data collection and influence operations [5].
The main focus of the congressional hearing was the potential banning of the TikTok app in America.Such a ban would affect millions of Americans who use the platform for creative expression and also grant the government new power to police online speech.Throughout the hearing, TikTok representatives defended their stance, assuring Congress and the American public of their commitment to data privacy.They highlighted the measures they had implemented to safeguard American user data and isolate it from Chinese jurisdiction.27:2 • R. K.-W. Lee and L. H. X. Ng In response to national security concerns, TikTok proposed Project Texas, an extensive $1.5 billion initiative designed to address perceived vulnerabilities and protect American user data from external interference or manipulation [12].The project establishes an American subsidiary, TikTok U.S. Data Security Inc.(USDS), responsible for owning American user data and managing TikTok's deployment on Oracle's cloud.This entity will independently manage business functions needing enhanced user data protection and ensure the U.S. app content remains free from foreign influence.USDS is led by Andy Bonillo and Will Farrell, both experienced in U.S. national and cyber security.Employees of USDS will undergo stringent vetting processes, and the subsidiary will be supervised by an independent board specialized in U.S. national security.Importantly, the USDS team will only report to this board.In essence, TikTok USDS will strictly oversee access to protected U.S. user data and its operations.It will function independently from TikTok or ByteDance executives, ensuring no unauthorized data access or external pressures.
Project Texas focuses on two main strategies: (1) the independent governance of user data, systems, and employees across geographical boundaries to shield the company and its workforce from external pressure to allow unauthorized access, and (2) enhanced data protection and access control, with a reputable U.S. company overseeing data transactions within the U.S. platform.Specifically, to ensure the global experience of TikTok remains intact while enhancing U.S. user data protection, a separate version of TikTok has been created for the U.S. within Oracle's cloud environment.This version contains U.S.-generated content and other critical components and manages 100% of U.S. user traffic.Data communication is strictly regulated through gateways overseen by an American-based trusted technology provider (TTP) and USDS, with certain exceptions for public safety and business metrics.Meanwhile, all source code, including updates, entering the secure environment is rigorously inspected by the TTP and an independent third-party.Only approved code can run, and the mobile app, reviewed and compiled by the TTP, is directly delivered to app stores, ensuring it only interacts with authorized systems.
At its core, Project Texas signifies a shift in social media data governance in the context of geopolitics.The approach of TikTok in the United States is deeply intertwined with broader geopolitical conflicts between the two superpowers.The sentiments of lawmakers reflect broader national concerns about data governance, economic influence, and national security.The TikTok hearing is relevant not just for the platform itself but also for the broader social media industry.It will likely influence how governments regulate digital platforms and the strategies social media companies adopt for data governance.

GEOPOLITICS OF SOCIAL MEDIA
The TikTok hearing is part of an escalating rivalry between the U.S. and China, revolving around the strategic importance of digital space and the economic worth derived from digital platforms [3].
In this landscape of platform geopolitics, as China enhances its information and communication capabilities, the U.S. is taking strategic policy measures to safeguard its advantages [7].Historically, the U.S. has had a commanding presence in many areas of the digital world, in terms of both economics and culture [8].However, the recent emergence of Chinese technology firms, coupled with China's expanding economic and strategic abilities, poses a threat to U.S. supremacy, thereby triggering competitive and political tensions between the U.S. and China [3].The assertions made by U.S. lawmakers align with the U.S. 's dominant geopolitical strategy, which is influenced by its "territorial nation-state identity" that it has pursued since the end of the Cold War [11].
As the U.S. scrutinized TikTok, lawmakers worldwide also started questioning the influence of U.S.-based platforms.Ireland's Data Protection Commission used the European Union's General Data Protection Regulation (GDPR) to hold Meta accountable for transferring Facebook user data collected in Europe to the U.S., thereby potentially enabling U.S. intelligence agencies to intercept the data [10].Additionally, the Australian Competition and Consumer Commission investigated the effects of Facebook and Google on advertising competition [4].The TikTok hearing highlighted the evolving role of social media platforms, which are not just mediums for communication, social networking, and entertainment, but can also act as channels for data misuse and foreign influence, thereby posing risks to national security.

THE INDEPENDENCE OF DATA GOVERNANCE
The national security concerns voiced by the U.S. Congress underscore the issue of territoriality.In today's interconnected world, a social media company may be registered in one country, establish subsidiaries in numerous other countries, operate across various regions, and cater to a global user base.This multinational organizational structure begs the question: who ultimately governs the data?
Data governance encompasses aspects such as data storage, management, and communication.It also involves monitoring data quality and security, and ensuring compliance with regulatory policies [1].Given that these companies operate across multiple jurisdictions, it becomes crucial to segment data governance measures, ensuring that user data collected and processed in each region aligns with that region's regulations.For instance, data gathered and processed within the EU should adhere to the GDPR; similarly, data originating from Canada must comply with the DCIA (Digital Charter Implementation Act), and so on.
In order to operate efficiently across borders, social media companies need to establish independent data governance structures within each operating region.Each of these structures should be responsible for overseeing data storage and ensuring regulatory compliance for data within their respective territories.Companies should also adopt a three-pronged approach to data governance, integrating technical planning and implementation, organizational accountability and reporting, and a risk-based evaluation of data security measures and monitoring [9].
An interesting facet of data governance regulations is the extraterritoriality effect, which applies to data processing occurring outside the region's borders.The GDPR, for instance, governs the processing of data from EU residents, irrespective of where this processing takes place.Brazil's LGPD (Lei Geral de Proteçao de Dados), modeled after the GDPR, includes a similar provision.Thus, for countries whose regulations include extraterritoriality clauses, social media companies must ensure appropriate segregation of user data to confirm that processing in data centers worldwide meets the required standards.
TikTok has implemented multiple layers of review and oversight to ensure regulatory compliance, technological security, and content security [12].This approach to data governance is groundbreaking within the tech industry and sets a benchmark for user data protection and security.

DATA GOVERNANCE FOR SOCIAL MEDIA PLATFORMS
In light of the TikTok congressional hearing and the issues of data governance, there are several pieces of advice that can be offered to social media platforms as a whole.
Globally, social media companies can manage geographical tensions by: (1) Diversifying Ownership and Geographic Presence: Social media platforms could reduce exposure to geopolitical discord by adopting a multinational ownership structure and operating across various jurisdictions.This approach might mitigate fears of foreign interference and boost the platform's credibility in various geopolitical scenarios.(2) Enhancing Independent Data Governance across Regions: Given their global connectivity [2], social media platforms need to operate within transnational boundaries and respect the data governance laws of each jurisdiction.Consequently, segmenting user data by regions and implementing independent data governance measures can help protect user privacy according to regional laws.strive for active engagement with regulatory bodies, sharing security insights, and collaborating on policy development.This cooperation can lead to balanced and effective regulatory frameworks that consider national security while encouraging creativity, innovation, and freedom of speech.
At the corporate level, social media companies can fortify their data governance by: (1) Improving Transparency and Accountability: It's crucial for social media platforms to be transparent about their operations and data management practices.This involves providing understandable information about their data collection, storage, and sharing practices to foster trust among users and regulators.Like TikTok, which has been disclosing aggregated data on government information requests since 2019 [6], other platforms should follow suit.This not only enhances transparency but also prevents the unchecked exercise of governmental power.For superior privacy and security standards, platforms could establish accountability mechanisms, such as an independent oversight committee, like TikTok has done through Project Texas.
(2) Strengthen Data Privacy and Security Measures: In light of concerns about data privacy and national security, social media platforms must dedicate resources to robust data privacy and security measures and commit to protecting sensitive user data.This entails implementing cutting-edge encryption protocols, imposing strict access controls, conducting regular security audits, and identifying and mitigating vulnerabilities.(3) Prioritizing User Education and Awareness: Social media platforms should focus on user education and application design to help users make informed choices about their online activities.This includes providing straightforward information about privacy settings, data-sharing options, and potential risks associated with using the platform.By promoting digital literacy and responsible online behavior through user-centric design and education, platforms can cultivate a safer and more informed online community.

CONCLUSION
The TikTok hearing attracted global attention, as its outcomes could fundamentally alter the social media landscape and its function within our societies.Through Project Texas, TikTok aimed to transition from being viewed as a potential national security risk to becoming a responsible global entity, dedicated to the protection of its users and the broader national welfare.Despite having users all over the world, social media companies must adhere to the data governance regulations of the regions they operate in, while also navigating geopolitical tensions between countries.By proactively working towards independent data governance, enhancing data privacy and security, and fostering collaboration with local governments, these platforms can maneuver through the ever-changing geopolitical landscape while preserving user interests and addressing national security concerns.

( 3 )
Collaborating with Governments and Regulatory Bodies: Following the example of Project Texas, social media platforms can cultivate stronger relationships with local law enforcement and intelligence agencies.As shown by TikTok, sharing information on potential security threats and illegal activities on the platform can strengthen the platform's ability to detect and respond to risks swiftly.Social media companies should Digital Government: Research and Practice, Vol. 4, No. 4, Article 27.Publication date: December 2023.