Sen. Josh Hawley (R-Mo.) on Monday introduced a bill that would curtail the flow of sensitive information about people in the U.S. to China through large tech companies like Apple and TikTok.
Hawley’s legislation would place new and wide-reaching limitations on companies with ties to China such as TikTok, the mega-popular social media platform owned by a Chinese firm, and Apple, an American company that builds many of its components in mainland China.
The bill, called the National Security and Personal Data Protection Act, would subject a litany of companies with ties to countries of “national security concern,” including Russia and China, to a new privacy regime.
“Current law makes it far too easy for hostile foreign governments like China to access Americans’ sensitive data,” Hawley, a China hawk and Big Tech antagonist in the Senate, said in a statement. “This legislation takes crucial steps to stop Americans’ sensitive data from falling into the hands of hostile foreign governments.”
Hawley in recent weeks has taken on Apple and TikTok over their ties to the Chinese government, claiming the companies are putting U.S. users at risk in the absence of laws protecting U.S. user data from Beijing. Apple, for example, stores some iCloud encryption keys for Chinese users in China itself, which could allow the government to access messages with users in the U.S.
And TikTok, which is owned by Chinese media company Bytedance, has an enormous and growing presence in the U.S., which Hawley claims could leave young American users vulnerable to surveillance by the Chinese government. TikTok says that it stores U.S. user data in the United States and is not subject to Chinese censorship laws, but reporting has indicated TikTok workers in the U.S. were asked to censor short-form videos that ran contrary to the Chinese Communist Party’s values.
Hawley’s bill would apply to tech companies that are subject to Chinese or Russian law, or are under the jurisdiction of those countries in a way that would allow those governments to access user data without “respect for civil liberties and privacy,” according to the bill.
Those companies would not be allowed to collect private data beyond what is required to run their services or transfer data on U.S. users to countries of concern. They would also be required to store information on U.S. users in the United States itself, and would have to submit a yearly report proving their compliance with the law once a year to the Federal Trade Commission, the U.S. attorney general, and all state attorneys general.
Much of Hawley’s concern stems from a Chinese law that requires companies operating in China to work with Beijing’s government.
“Chinese companies with vast amounts of personal data on Americans are required by Chinese law to provide that data to Chinese intelligence services,” Hawley said. “If your child uses TikTok, there’s a chance the Chinese Communist Party knows where they are, what they look like, what their voices sound like, and what they’re watching. That’s a feature TikTok doesn’t advertise.”
“And it’s not just Chinese companies that create this risk,” he added. “Chinese law allows the Communist Party to seize data from American companies operating in China whenever it wants, for whatever reason it wants.”
There’s no evidence so far to indicate the Chinese government has accessed U.S. user data from the TikTok app.
But earlier this month, reports emerged that a secretive federal panel, the Committee on Foreign Investment in the United States (CFIUS), has launched a national security review of Chinese company ByteDance’s acquisition of Musical.ly, the app that eventually became TikTok.
Hawley’s bill would require all mergers between Chinese and American companies to undergo a review by CFIUS.
The legislation does not have any co-sponsors so far. But concerns around Chinese tech companies and China obtaining data on U.S. users have been largely bipartisan on Capitol Hill this year, as trade talks between the U.S. and China have stalled.