Stiff Chinese regulatory challenges loom over potential TikTok sale or divestment in US

Video-sharing app TikTok’s potential sale or divestment in the US could face a series of legal hurdles in China linked to export controls and security-assessment of cross-border data transfers, industry practitioners and cybersecurity experts say.

TikTok has been embroiled in controversy in the US, including recent scrutiny by the House of Representatives, over its ties to China and related data-privacy and security issues. The Joe Biden administration demanded that TikTok’s Chinese owners sell their stakes in the video-sharing app or face a possible US ban, citing national security and privacy concerns.

In response to the administration’s demand, China said it is firmly opposed to it and that a sale or divestiture of the short-form video platform would involve a technology export and therefore be subject to administrative approval under Chinese laws.

China’s revamped administrative regulations on technology imports and exports in 2020 stipulated technologies restricted from exports should be subject to administrative license and that an exporter should file an application before exporting any technology that falls under that category.

China’s Commerce Ministry and the Ministry of Science and Technology jointly issue on a regular basis the catalogue of technologies prohibited and restricted from export.

The latest catalog issued in August 2020 added to the list of information-processing technologies that are restricted from export: speech synthesis technology, artificial intelligence interactive-interface technology and personalized information push-service technology based on data analysis.

TikTok is well-known for its powerful algorithmic recommendations. The app makes recommendations to users based on factors such as their preferences and how much time they spent on previous stories.

The additions to the export list, especially the one about “personalized information push-service technology based on data analysis,” was believed to target a forced sale of TikTok to US-majority ownership sought by the Donald Trump administration, industry practitioners told MLex.

Back then, TikTok’s parent company ByteDance did make efforts to apply to the Beijing Municipal Commerce Bureau seeking export approval, but it never obtained it after the municipal-level commerce bureau took the application to the Commerce Ministry, it is understood.

This time, industry practitioners expect ByteDance will encounter the same difficulty getting export approval if it needs to follow the Biden administration’s demand and re-files an application for approval to export its technology.

Security assessment of cross-border data transfers

With source codes that express TikTok’s algorithms likely to fall under the category of important data, chances exist that China’s Internet regulator could weigh in, cybersecurity experts told MLex.

In draft guidelines relating to the identification of important data that were issued by China’s national standard-setting body on information security, data related to an export-controlled item, such as information describing any design principles, techniques and processes or production methods, as well as any source code, integrated circuit layout and technical solution are categorized as important data.

Source codes are closely relevant to algorithms and are deemed strategically important. Back to 2020, US Treasury Secretary Steven Mnuchin demanded that TikTok transfer code to Oracle – which was one potential buyer of TikTok – in order to close a deal.

Cybersecurity experts noted there is an inevitable linkage between the algorithms that bolster TikTok’s services in the US and those developed based on Chinese domestic users’ data, triggering Chinese regulator’s concerns over national security.

Therefore, TikTok’s parent company might face a security-assessment of cross-border data transfers conducted by the Internet regulator due to the processing of important data, a triggering threshold for the review regime.

Meanwhile, cybersecurity experts added China has a more powerful cybersecurity review regime in place that scrutinizes data-processing activities by network platform operators with bearing on national security. That regime was conducted jointly by regulators including those overseeing the Internet, public security, national security, industry and information technology, and markets.

- Analysis by Wang Juan.