United States: The Clock Is Ticking On TikTok, 90 Days To Divest

Most people are familiar with the social media sensation, TikTok, a mobile device application which allows users to create and share short-form videos. It is reported that there have been over 175 million downloads of the application in the U.S. Despite its popularity, most TikTok users are oblivious to how the national security concerns raised by the current White House Administration will affect them. Not to mention many users are probably unaware and will be surprised to learn that TikTok is a Chinese application. Beijing-based, ByteDance Ltd. (ByteDance) is the parent company of TikTok.

In brief, TikTok has been subject to scrutiny regarding national security concerns by the U.S. government for a while. Back in November 2019, media outlets reported that the Committee on Foreign Investment in the United States (CFIUS) had started a national security review of TikTok. Specifically, CFIUS reviewed ByteDance's November 2017 acquisition of Musical.ly, which ultimately became TikTok. On July 29, 2020, Treasury Secretary, Steven Mnuchin confirmed that CFIUS was conducting such national security review and would make a recommendation to the president. Most recently and as discussed below, President Trump issued two Executive Orders (EOs) on August 6 and August 14 that determine the impending future of TikTok.

Executive Orders (August 6 and August 14)

To no surprise, on August 6, 2020, pursuant to national security concerns, President Trump issued two separate Executive Orders (EO) that ban certain transactions with two Chinese technology companies and their subsidiaries, ByteDance (owner of TikTok), and Tencent Holdings (Tencent), the owner of WeChat, a social media and e-payment application. EO 13942 (TikTok EO)¹ notes that the spread of the app “continues to threaten the national security, foreign policy, and economy of the United States.” Specifically, the TikTok EO states that the app captures a large amount of information from users, “including internet and other network activity, such as location data and browsing and search histories.” Consequently, there is a threat of allowing the Chinese Communist Party to access the data and potentially enabling the Chinese government to track the locations of U.S. federal employees and contractors and conduct corporate espionage.

The TikTok EO will take effect on September 20, 2020. The types of “transactions” banned are not defined in the EO. Rather, the U.S. Department of Commerce (Commerce) is tasked with identifying the “transactions” and the subsidiaries of ByteDance and Tencent that will be subject to the prohibitions, within 45 days of the EO's issuance (September 20 or earlier). At this time, it is uncertain how the prohibitions will affect consumers, but commentators expect at a minimum that TikTok and WeChat apps will be removed from the application stores in the U.S. (e.g., Google and Apple) and from the devices of U.S. users. Another possibility is that TikTok could be added to Commerce's Entity List, like Chinese telecom Huawei and its subsidiaries were added. In short, these actions are only some of the prohibitions that could be imposed by Commerce, for now the prohibitions remain unknown until Commerce identifies the scope of the “transactions.”

Additionally, on August 14, President Trump issued an EO (August 14 EO), which formally orders ByteDance, within 90 days, to divest all interests and rights “used to enable or support ByteDance's operation of the TikTok application in the United States” and “any data obtained or derived from TikTok or Musicaly.ly users in the United States.” The President notes in the EO that “there is credible evidence that leads me to believe that ByteDance…might take action that threatens to impair the national security of the United States.” On that same day, Secretary Mnuchin's statement reaffirmed the EO by confirming that this was the recommendation made after CFIUS's exhaustive review “in order to protect U.S. users from exploitation of their personal data.”

The August 14 EO includes multiple, overreaching requirements that ByteDance must complete. First, immediately upon divestment, ByteDance must certify in writing to CFIUS that all the data and copies of such data wherever located have been destroyed. Notably, the EO grants CFIUS the authority to require an audit of ByteDance to ensure that such data destruction has been completed. Until ByteDance provides the written certification of divestment, the EO requires weekly certifications to CFIUS, noting that both ByteDance and TikTok Inc. are in compliance with the EO, and they must provide a description of divestment efforts made and a timeline for projected completion of the remaining actions.

Furthermore, the EO also enumerates certain restrictions on any potential sale or transfer of ByteDance's American assets and data, including requiring a written notification to CFIUS of the intended recipient/buyer and CFIUS's review of the proposed sale or transfer and national security concerns. The completed divestment is also subject to verification to CFIUS's satisfaction and its discretion. CFIUS will have 90 days after the divestment certification is provided to conclude its verification procedures. For purposes of verifying compliance with the EO and to ensure protection of the national security interests of the U.S., CFIUS at its discretion is authorized to implement certain measures, including: 1) access to all premises and facilities involving the TikTok app in the U.S.; 2) inspect and copy any books, ledgers, accounts, records, etc.; 3) inspect or audit any information systems, networks, hardware, etc., and 4) interview officers, employees, or agents; “of ByteDance, TikTok Inc., or any of their respective subsidiaries.”

What's Next?

In brief, the restrictions and actions, pursuant to the August 6 and August 14 EOs remain. The August 6 EO, which becomes effective on September 20, prohibits certain transactions with ByteDance. Additionally, the August 14 EO requires the divestment of ByteDance's American assets within 90 days of the EO's issuance. Meaning that a buyer would need to reach a deal to purchase TikTok's U.S. operations by the 45-day deadline and would need to close the transaction to CFIUS's satisfaction within 90 days (with the possibility of a 30-day extension) from the August 14 EO.

Users in the U.S. will be uneased when they discover (if they have not already) that there is a possibility that their TikTok app may be removed from their electronic devices. Especially because TikTok is reported to be a top source of entertainment and social communication among Americans during the global pandemic. But there may be a solution to this dilemma if Microsoft Corp. (Microsoft) reaches an agreement with ByteDance to acquire TikTok's U.S. operations and data. On August 2, Microsoft announced that the discussions will be completed no later than September 15 (five days before the TikTok EO deadline). Assuming an agreement is reached, Microsoft will take several measures to improve TikTok's security, privacy, and digital safety protections, including ensuring that all American users' private data is transferred and remains in the United States.

Footnotes

1 Exec. Order No. 13,942, 85 Fed. Reg. 48,637 (Aug. 6, 2020).

Originally published 20 August, 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.