News reports this past month made clear that the future of Chinese-owned app TikTok is set to change dramatically for users in the United States. People have grown rightfully suspicious of the app’s shady behavior, which includes collecting data from millions of users before sending it abroad. It also poses risks of influencing users’ feeds at the behest of Chinese operators. It could be used by the Chinese intelligence apparatus to target people for espionage, coercion, or data collection.
Whether Microsoft or another U.S. company purchases TikTok, the Trump administration’s executive order to restrict it is a welcome move and a distinct improvement over the status quo. But TikTok certainly won’t be the last app that answers to China or a different foreign adversary to pose a threat to the U.S. President Trump’s actions on WeChat make that clear. So regardless of what happens, important questions will remain over TikTok’s treatment of user data. To clarify these questions and avoid a game of whack-a-mole each time a new app arises, policymakers should adopt a more expansive approach to protecting data and our national security.
For these reasons, I plan to introduce legislation to create a framework of standards that must be met before a high-risk, foreign-based app is allowed to operate on American telecommunications networks and devices.
The first standard will be a digital “warning label” and opt-out option, including information such as who operates and owns it, what privacy risks it poses, and whether, by using it, data is in danger of falling into the hands of foreign law enforcement or security agencies. This will be critical for younger users and parents, who may be unaware of the dangers behind innocuous-looking software. In this system, a potentially dangerous app will have to provide users with a warning detailing the risks associated with using that platform.
Second, we need stronger security restrictions on mobile app data, including personal information, such as home or IP addresses, credit card details, and app usage. Shady apps frequently store such data offshore in less secure locations, leaving information vulnerable to foreign entities. For example, some of TikTok’s American data is held in Singapore, creating concerns of an opening for the Chinese Communist Party to compel its holders to carry out its bidding abroad. Additionally, U.S. user data transmitted to Singapore may have to be transmitted through Chinese infrastructure along the way.
When it comes to high-risk foreign apps, American data should stay on American soil. To that end, my legislation will mandate that covered companies are no longer allowed to transfer or store information about Americans outside of the U.S. or to sell this data.
Finally, high-risk foreign apps will have to adopt U.S. standards of security and transparency in order to do business here. My legislation will require these companies to provide an annual disclosure to the Federal Trade Commission and Department of Justice to make clear to the public that they comply with enhanced transparency standards.
Specifically, this disclosure would require a description of an app’s privacy practices and any contacts the company has had with foreign government agencies, including demands for data or to censor users. The disclosure would require certification that any such orders were unambiguously refused.
These reforms are an important starting point, though other options to reduce the dangers of foreign apps may merit consideration and should remain on the table. For example, it might also be necessary to mandate that high-risk companies provide users with the ability to challenge censorship or to prohibit their collection of certain categories of information, such as financial data.
Even as people grow increasingly aware of the risks that foreign apps pose, the problem will not subside until we implement an ironclad system to defend personal information and free expression. My forthcoming legislation will offer the blueprint needed to achieve this. The time is now for us to ensure that app companies operating in the U.S. understand that, should they try to steal or sell Americans’ data or export state censorship from abroad, they will no longer be welcome here.
Marco Rubio is Florida’s senior U.S. senator, the acting chairman of the Senate Select Committee on Intelligence, and a senior member of the Senate Committee on Foreign Relations.
