The U.S. House of Representatives has taken a significant step towards potentially banning TikTok in the United States.
If enacted, the legislation would require ByteDance, the Chinese parent company of the popular social media platform, to divest its controlling interest in TikTok within six months. Failure to comply with this demand would result in the app being prohibited from operating in the country.
MBK Search has compiled this explainer of what the bill says and what TikTok would need to do in order to show compliance.
Key Provisions of the Bill:
1. Prohibition of Foreign Adversary-Controlled Applications
The bill makes it unlawful for entities to distribute, maintain, or update foreign adversary-controlled applications within the United States. This prohibition applies to providing services enabling the distribution or maintenance of such apps, including online application stores and internet hosting services.
2. Timeframe for Compliance
For apps that meet the definition of a foreign adversary-controlled application, the prohibition will take effect 180 days after the bill’s enactment or after the President determines a significant threat to national security.
3. Data and Information Portability
Before the prohibition takes effect, entities that own or control foreign adversary-controlled applications must allow users within the United States to request and obtain their account data in a machine-readable format.
4. Enforcement and Penalties
The Attorney General will investigate potential violations and pursue enforcement actions. Civil penalties of up to $5,000 per violation may be imposed for distributing or maintaining foreign adversary-controlled apps and up to $500 for failing to provide data portability to users.
If TikTok was to divest from ByteDance, how would it show compliance?
If TikTok were to divest from ByteDance, it would need to take steps to meet the requirements of a “qualified divestiture.” This process is designed to ensure that the app isn’t under the control of a foreign adversary, in this case, ByteDance, which is subject to scrutiny due to its connections with China.
Here are the key steps and demonstrations required:
1. Divestiture Execution: TikTok would need to execute a divestiture that effectively removes ByteDance’s control over the application. This involves selling off ByteDance’s stake to a company not controlled by any “foreign adversary.” The buyer could be a U.S.-based company or an international entity that does not fall under the definition of being controlled by a foreign adversary.
2. Presidential and Interagency Approval: The divestiture must get approval from the President through an interagency process. This implies that the proposed transaction would be scrutinized to ensure it effectively eliminates the influence of ByteDance and, by extension, any foreign adversary over TikTok. The review process would involve assessing the nature of the divestiture, the parties involved, and TikTok’s future governance structure.
3. Preclusion of Operational Relationship: Post-divestiture, TikTok must prove that it has no operational relationship with ByteDance or any other entity that a foreign adversary controls. This includes cooperative agreements on content recommendation algorithms and data sharing.
4. Data Protection and Security: While not explicitly detailed in the requirements for a qualified divestiture, protecting and securing user data would be critical to maintaining compliance and trust. TikTok would need to establish robust data governance and cybersecurity measures that align with U.S. standards and legal requirements, ensuring that user data is not subject to foreign surveillance or misuse.
5. Transparency and Reporting: To maintain compliance and public trust, TikTok may need to demonstrate transparency regarding its divestiture process, ownership structure, and operational independence. Regular reporting to relevant U.S. authorities and possibly the public could be required to ensure ongoing compliance with the Act and reinforce the app’s commitment to safeguarding national security and user data.
