Senator Presses TikTok and Oracle for Details on U.S. Data Safeguards

Questions Persist Months After TikTok’s U.S. Restructuring

Sen. Ed Markey is demanding more information from TikTok USDS and Oracle about how TikTok’s U.S. data and recommendation systems are being handled under the company’s restructured American operations. In letters described by Gizmodo, Markey said there is still too little public clarity about whether the arrangement can effectively protect user data and prevent algorithmic manipulation.

The pressure comes roughly four months after ByteDance transferred TikTok’s U.S. operations to a new joint venture. That venture was created after an executive order allowed the app to continue operating in the United States under new leadership. TikTok USDS said at the time that its role was to secure U.S. user data, the app itself, and the recommendation algorithm through privacy and cybersecurity measures.

What Markey Wants to Know

Markey’s letters focus on the operational details that remain opaque. He asked TikTok USDS to provide the specific terms of its license agreement with ByteDance, explain how it plans to review TikTok’s source code, and say whether ByteDance has accessed user-related data. He also pressed Oracle to disclose the contractual terms of its role in reviewing ByteDance source code and to explain how many algorithms would be retrained with Oracle oversight.

Those questions point to a broader issue: the public has been told that control, safeguards, and oversight have changed, but lawmakers want evidence of how those claims are being implemented in practice. Without that, the restructuring risks being treated as a governance story built on assurances rather than verifiable procedures.

The Ownership Structure Still Raises Sensitivities

According to the Gizmodo report, the joint venture is overseen by three managing investors with 15 percent stakes each: Oracle, Silver Lake, and MGX. The remainder is held by investors, including affiliates of ByteDance investors, while ByteDance itself retains a 19.9 percent stake.

That ownership profile helps explain why skepticism remains. Even after the transfer of U.S. operations, ByteDance is still connected to the structure. Markey’s concern, as reflected in the letters, is not only where the data sits but whether the company’s recommendation logic and software review processes are sufficiently insulated from outside influence.

TikTok USDS has said the recommendation algorithm would be retrained on U.S. user data and secured on Oracle servers. That is a concrete promise, but one that invites technical and governance questions. Retraining, hosting, and reviewing code are not the same thing as establishing confidence that access controls, oversight powers, and audit rights are robust enough to withstand pressure.

From Political Debate to Verification

For years, TikTok’s U.S. future has been shaped by national security arguments tied to its Chinese parent company. The latest letters show that even after a restructuring meant to address those concerns, the debate has shifted less than TikTok may have hoped. The issue is no longer only whether ownership changed on paper. It is whether the underlying technical and contractual controls are strong, transparent, and independently credible.

Markey’s intervention also highlights a recurring pattern in platform regulation. Policymakers increasingly want to examine code access, algorithm governance, infrastructure relationships, and contractual obligations, not merely public statements of intent. In this case, Oracle’s role as a “trusted security partner” puts it directly into that accountability chain.

Why This Matters Beyond TikTok

The TikTok case is becoming a test of how far U.S. policymakers are willing to go in demanding transparency around data governance and recommendation systems. If lawmakers conclude that the current arrangement still leaves too many unanswered questions, the dispute could influence how future foreign-linked platform restructurings are designed.

For users, the immediate issue is whether claims about privacy and algorithm security can be trusted. For regulators, it is whether the safeguards are specific, enforceable, and visible enough to evaluate. Markey’s letters suggest the answer remains incomplete.

Until TikTok USDS and Oracle provide more detail, the company’s U.S. reset will continue to face the same central problem that defined the earlier controversy: not simply who says the system is safe, but whether outsiders can verify that it is.

This article is based on reporting by Gizmodo. Read the original article.