As confusing as the TikTok tie-up with Oracle may seem, there are precedents to the practice of having a “trusted” local partner manage parts of your business—look no further than China.
The short video app and the US software company have submitted a proposal to the US government hoping to beat a Sept. 20 deadline that requires TikTok to be shut down or sold to a US buyer to address national security concerns. According to terms first reported by the Financial Times, TikTok’s Chinese parent ByteDance will put the app’s global business in a new US-based entity. As TikTok’s “trusted tech partner” Oracle will have a minority stake in that company, and manage user data, while the Chinese firm retains majority ownership.
President Donald Trump, who is supposed to be briefed on the contours of the deal today, has said he doesn’t much like the idea of an arrangement where ByteDance remains TikTok’s owner. Many have already criticized the proposal, given the order to sell or be shutdown stemmed from concerns that user data was at risk precisely due to TikTok’s Chinese ownership. Approving the deal could make it appear that Trump is climbing down possibly because of friendly ties with Oracle’s founder, Larry Ellison.
ByteDance for its part is hoping to argue that its proposal, which could give Oracle full access to its code, adequately addresses security concerns, and that precedent exists in the US for what it’s proposing.
If the US does end up adopting the deal, the arrangement to manage TikTok could end up closely mirroring partnerships US tech firms have entered into in China.
“Chinese consumers are no strangers to the ‘data trustee’ model,” wrote Cui Yabing (link in Chinese), a researcher at Peking University’s Advanced Institute of Information Technology, in a note on the deal yesterday (Sept. 16).
Under China’s 2017 cybersecurity law, tech firms are required to store Chinese users’ “personal information and important data” within China, which has in practice meant partnering with local firms since foreign investment in internet data centers is restricted. Foreign tech firms had advocated against the provision when the law was being drafted, but didn’t prevail.
Take Apple, for example. The iPhone maker has since 2018 stored its mainland Chinese user data in centers operated by AIPO Cloud (Guizhou) Technology, a state-owned Chinese company located in the southern Chinese province of Guizhou. This arrangement allows Apple to comply with Chinese regulations, the company said.
“Arrangements like that of Microsoft can make sure the company’s cloud-based products in China are separated from its global cloud service network, making sure its Chinese user data and any supporting system that could access the data are located in data centers within China,” wrote Cui.
Google, meanwhile, recently abandoned plans to offer cloud services in China that would have involved entering into a similar partnership.
Beyond China, the model of foreign companies storing data locally is becoming more common in several regions, including Europe, which strengthened its data security regime in the wake of Edward Snowden’s revelations of National Security Agency surveillance. Microsoft, for example, has data centers in Germany to store local user data for its cloud service Azure.
If the TikTok-Oracle deal goes ahead, it’ll mark the US too shifting from a more laissez-faire approach to user data, to a more sovereign one.