The Gaming Boardroom

TikTok Deal Won’t End Enterprise Risks

Steve Tyler Leave a comment

TikTok Deal Won’t End Enterprise Risks

Summary

A proposed deal would create a new US-based entity to run TikTok in the United States, with a consortium (including Oracle, Andreessen Horowitz and Silver Lake) taking roughly 80% ownership of US operations and Oracle continuing to host US user data in Texas. The structure calls for a majority US board and a government-designated board member, aiming to address concerns about data access under Chinese law.

While moving data and ownership to a US-controlled entity may reduce the risk of direct state access, cybersecurity experts warn that many enterprise risks remain. TikTok will still collect extensive device and behavioural data, administrative access must be tightly controlled, and recommendation algorithms — reportedly being licensed from ByteDance — present hard-to-solve influence and data-leakage issues. Organisations should not assume the deal removes the need for policy, oversight and technical controls.

Key Points

  1. The deal proposes a US-based entity with majority US board control and a government-appointed board member to oversee US TikTok operations.
  2. A consortium including Oracle, Andreessen Horowitz and Silver Lake would own about 80% of the US business; Oracle would continue managing US user data in Texas.
  3. Relocating data storage and ownership can reduce direct foreign-state access risks, but ownership and geography alone are insufficient.
  4. TikTok remains highly data-intensive; employee use on corporate devices still creates risks of data leakage and social engineering.
  5. Administrative access, controls and encryption keys should be held by vetted US-based individuals reporting to US management to reduce insider and foreign-actor threats.
  6. Recommendation algorithms licensed from ByteDance are a major unresolved issue — they shape content and may enable influence operations even if data is hosted in the US.
  7. Regulatory and reputational pressures are already high: large fines in the EU, bans on government devices in multiple jurisdictions and enforcement actions in Canada.
  8. Organisations should continue enforcing policies on social-media usage for sensitive roles, require security analyses of software artefacts and perform deep-threat modelling.

Why should I read this?

Short version: don’t kid yourself — this deal doesn’t magically make TikTok safe for work. If you’re responsible for enterprise security, HR or compliance, this article saves you the time: it lays out what changes and what doesn’t, where the real gaps remain (admin access, algorithms, employee device leakage) and the practical controls you should be demanding now. Read it to know what to block, what to audit, and what to insist the new US entity proves.

Source

Source: https://www.darkreading.com/cyber-risk/tiktok-deal-enterprise-risks

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.