Most members at the hearing, including Democrats, lauded a data privacy act that was approved the House Energy and Commerce Committee last year.
The American Data Privacy and Protection Act, which would have required online services to disclose whether any of the data they hold is accessible to entities in China, faced opposition in the Senate and never made it to a vote on the House floor.
“We made history last year when we passed” the act, Rodgers said. “But our work isn’t over yet, as we have already fallen behind other countries in establishing a national privacy law.”
“This comes down to our values versus the CCP’s”, she said, referring to the Chinese Communist Party.
“America values the importance of the safety of our citizens; China does not. We value our workforce and free market economics; China does not. We value civil society groups and their right to speak freely; China does not.”
TikTok, a subsidiary of the Chinese company ByteDance, has more than 100 million users in the United States.
Witnesses voiced scepticism that a plan put forward by TikTok, or any bans on the short-video platform, would address concerns about data privacy, saying a blanket law that all companies gathering online user data must follow would be more effective.
“Regardless of the path chosen, it is only a partial solution,” said Brandon Pugh, policy director for cybersecurity at the R Street Institute, a conservative think tank based in Washington.
Brandon Pugh of the R Street Institute think tank speaks to a US congressional subcommittee on Wednesday.
He said that TikTok is just one single app from one country, but other adversarial countries and other applications also pose risks. “Taking a more holistic approach is the key to avoiding potential blind spots,” he said.
Echoing his view, Samm Sacks, a cyber policy fellow at the left-leaning New America think tank, said bans on Chinese software applications were not an effective way to secure Americans’ data.
“Even if TikTok were American-owned, for example, it and its competitors could still legally sell data openly to data brokers that could transmit it to China’s security services,” she told the subcommittee.
Sacks and Pugh agreed that the US should enact a comprehensive federal data privacy and security law to make America more competitive in the technology race with China and help address security threats from any origin, with the American Data Privacy and Protection Act serving as a logical example.
Pugh warned that Washington still lagged behind Beijing and Brussels in privacy legislation and was becoming an “outlier”.
“Data in the hands of an adversarial nation-state or a malicious actor can lead to devastating consequences,” he said.
Sacks warned that US inaction in data and privacy legislation would mean “ceding leadership and influence in setting international standards to both Europe and China”.
She also called on the US to work with like-minded governments to develop a common set of standards that would allow data to flow.
Other companies, including Google, also came under scrutiny during the hearing for making data accessible in China.
Representative Debbie Lesko, a Republican from Arizona, asked Pugh if users of the Google-owned autonomous driving service Waymo should be concerned about their data winding up in China since the service is a joint venture with the Chinese automaker Geely.
Pugh declined to comment specifically on the Waymo-Geely venture but said: “What I can say at a high level is that when the Chinese government does have involvement with the company, it’s something we need to be very careful and mindful of and ensure that they’re not collecting data and then sure that it’s not going back to the CCP.”
Geely is a privately held company.
