Senator Ed Markey on Friday asked the TikTok U.S. joint venture and Oracle to provide detailed answers about how data from Americans who use the app will be secured and how the platform will guard against foreign manipulation of its recommendation algorithm.
Markey’s questions come after ByteDance in January finalized a deal to create a majority American-owned joint venture meant to secure U.S. data and head off a potential U.S. ban. TikTok has said the new venture will retrain, test and update its content recommendation algorithm on U.S. user data and that the algorithm will be secured in Oracle’s U.S. cloud; Oracle is one of the venture’s three managing investors.
The scale of what Markey is asking about is large: TikTok is used by over 200 million Americans, and the joint venture structure is the company’s public answer to lawmakers’ concerns about foreign access to that information. Markey’s letter seeks specifics on how the data will be stored, who will have access to model training, and what technical and governance safeguards will prevent external influence on recommendation decisions.
In January, TikTok framed the joint venture as a structural fix — moving development and operation of the recommendation system for U.S. users onto U.S. infrastructure, and placing code and data inside Oracle’s cloud. The company described retraining and testing on U.S. user data as a key part of altering how recommendations are generated for American accounts.
The immediate consequence of Markey’s letter is accountability pressure: the senator has pressed both the joint venture that now claims operational control over U.S. systems and Oracle, a managing investor, to explain how those technical claims are implemented and governed. The questions demand more than high-level assurances, seeking documentation and operational details that would show how the protections are enforced day to day.
The friction at the center of the inquiry is straightforward. TikTok’s public description says U.S. data and the recommendation algorithm will reside and be processed in Oracle’s U.S. cloud, but Markey’s questions probe whether the ownership and management structure actually produce the separation and controls those promises imply. He is asking whether the joint venture’s governance, access controls, and operational procedures are sufficient to block foreign access or influence.
That gap matters because the joint venture was created expressly to change the underlying risk calculus: ByteDance finalized the arrangement to demonstrate a majority American-owned control pathway and to prevent legal or regulatory steps that could remove the app from U.S. devices. If the venture cannot show how it prevents external parties from affecting model training or data access, lawmakers may view the structural change as incomplete.
Neither the joint venture nor Oracle has been recorded as responding to Markey’s letter in the public record tied to this request, and the senator’s office set no deadline in the materials released Friday. The unanswered question left by Markey’s move is therefore concrete: will the joint venture and Oracle produce the operational evidence he seeks — access logs, separation architectures, audit regimes, or other technical proofs — or will they offer only the same policy-level assurances the companies have already provided?
The next step is procedural: a substantive reply from the TikTok U.S. joint venture and from Oracle that addresses the specific items Markey listed. If the replies are detailed and verifiable, they could blunt further Congressional action; if they are vague, they will likely invite follow-up demands and heighten the risk of legislative or regulatory responses aimed at tighter controls or restrictions on the app used by more than 200 million Americans.
