Feb 28, 2024,06:30am EST
TikTok’s parent company ByteDance may have violated laws in the U.S. and EU due to the absence of an internal corporate records retention policy, as per revelations from seven current and former ByteDance employees and numerous internal documents and chat logs scrutinized by Forbes.
The internal documents reveal that TikTok’s legal and policy experts repeatedly cautioned senior leaders, including Global Chief Security Officer Kim Albarella, about the potential legal implications of ByteDance’s lack of a policy for managing internal records, which could jeopardize its operations in the U.S. and EU. Concerns were expressed that the company might be non-compliant with the U.S. FTC Act and the EU’s GDPR regulations.
Despite the warnings, ByteDance reportedly operated without a records retention policy for years, raising concerns among employees about possible ramifications, especially as the company faces investigations by the U.S. government and global scrutiny over data privacy practices. The absence of such a policy could also impact the company’s burgeoning ecommerce venture, TikTok Shop.
According to internal communications seen by Forbes, the lack of a records retention policy affected compliance with the International Payment Card Industry (PCI) Data Security Standard, potentially hindering the company’s ability to process credit card transactions. Efforts to address this included the development of a stopgap policy for credit card-specific documents, but challenges persisted in achieving compliance.
ByteDance’s response to these revelations has been defensive, with the company asserting that the assertions are based on outdated documents and former employees’ perspectives. They emphasized their commitment to meeting legal obligations related to data governance but did not directly address queries about their current corporate records retention policies.
The absence of a comprehensive retention policy raises significant concerns, particularly regarding data privacy, regulatory compliance, and transparency, and underscores the need for robust governance frameworks in companies of TikTok’s scale. The ongoing investigations and regulatory pressures highlight the urgency for ByteDance to address these compliance issues effectively.