By Mohit Chawdhry and Chhavi Pathak

On January 19th, TikTok, one of the world’s most popular short-video platforms, was officially banned in the United States under the Protecting Americans from Foreign Adversary Controlled Applications Act. However, just a day after the ban, President Trump issued an Executive Order revoking it, citing the need to explore solutions to address security concerns posed by TikTok without cutting off American users’ access. These events ignited debates on the best regulatory approach for dealing with applications that pose data protection and national security risks due to their exposure to foreign adversary nations.

TikTok is owned by ByteDance, a company based in China. This nexus has heightened the US Government’s fears of potential Chinese government influence over the platform. While ByteDance insists that TikTok operates independently and stores user data outside of China, these assurances are often met with scepticism because Chinese law requires the country’s companies to “assist or cooperate” with the country’s intelligence agencies, and the government retains the authority to access and control private data held by such entities.[1] In 2019, the Pentagon discovered potential cybersecurity and spying threats associated with using the TikTok app. It issued an advisory advising employees to safeguard their personal information. Following the Pentagon's advisory, the U.S. Army and Navy issued guidance prohibiting TikTok on government phones.[2] 

Given these concerns, the Protecting Americans from Foreign Adversary Controlled Applications Act gave ByteDance 270 days from the Act’s enactment to transfer TikTok’s ownership to an American entity.[3] This approach aims to prevent a foreign adversary from tracking government employees, collecting personal data on citizens, and conducting corporate espionage – while still permitting access for citizens.[4] India recently adopted a similar approach with respect to “Shein” - a popular fast fashion e-commerce platform that was one of the 59 Chinese applications banned by the Ministry of Electronics and Information Technology in 2020 over data security and privacy concerns.[5] Following an agreement with an Indian company, Reliance Retail Ltd, one of these companies, a fast-fashion retailed called Shein, was granted permission to resume operations in India. According to the agreement, Shein is to operate on Indian infrastructure, and all platform data—including personal and non-personal data generated from Indian customers— is to remain in India. Shein has no access to or rights over this data.[6] 

While the Shein example suggests that acquisitions or mergers with domestic entities can potentially help mitigate foreign government access to citizen data, the US experience with TikTok highlights the practical challenges that hamstring such an approach. Despite interest from major American companies, including Microsoft and Oracle, no deal to purchase TikTok materialised within the stipulated 270-day period due to geopolitical constraints.[7] A sale of TikTok to a U.S. company also reportedly requires approval from the Chinese government, which signalled that it would block any transaction involving TikTok’s algorithm. This has significantly reduced buyer interest and made negotiations difficult.[8] 

As TikTok’s sale to a U.S. company was not completed within the mandated 270-day period, the app was banned under the Protecting Americans from Foreign Adversary Controlled Applications Act. Service providers, including app stores and cloud hosting services, were also barred from facilitating access to the platform. Though the ban has since been lifted in accordance with President Trump’s Executive Order, it provides important insights into the efficacy and limitations of app bans in addressing data protection and national security concerns. While such bans effectively limit access to problematic applications for a majority of users, they do not comprehensively address national security concerns for two key reasons.

First, banning applications makes accessing them more onerous but does not entirely hinder their use. Users often find alternative methods to bypass these restrictions. In the U.S., TikTok users were able to continue accessing the site by using a VPN on a web browser to make it appear as though they are creating an account from another country.[9] Similarly, when India banned TikTok in 2020, many tutorials emerged, demonstrating how users could circumvent restrictions using VPNs.  This allowed users to continue accessing the platform with a few added steps. Thus, while TikTok’s usage in India declined, determined users continued engaging with the application.[10]

Second, banned apps are often replaced by functionally similar alternatives that may pose even greater threats. Following the TikTok ban in the US, the Chinese social media platform REDnote, saw a global surge in downloads.[11] Unlike ByteDance, which claims to be based in Singapore and not subject to China’s surveillance regime, REDnote is headquartered in Shanghai and subject to laws, including the Personal Information Protection Law (PIPL), which require companies to provide the Chinese government with access to user data.[12] Worryingly, REDnote is also trending on the AppStore and Play Store in India, despite the government’s previous ban on 59 Chinese applications, highlighting the challenges of fully enforcing such restrictions.

The risks associated with apps like REDnote are further exacerbated by the lack of transparency and accessibility surrounding their terms of service and privacy policies. Illustratively, TikTok’s user agreement and privacy policies are readily available in English and other languages, enabling non-Chinese users to understand the platform’s data collection and processing practices. Conversely, REDnote’s privacy policies are not in English or other widely spoken languages, limiting user awareness of its data practices. Furthermore, REDnote has yet to develop robust English-language content moderation and translation tools, increasing the likelihood that international users will encounter harmful or objectionable content.[13] This stands in stark contrast to TikTok, which employs dedicated content moderation teams tailored to different languages to mitigate such risks.[14]

Banning foreign adversary-controlled applications or mandating takeover by a domestic entity can be effective first steps in addressing data protection and national security concerns. However, they are not standalone solutions. Without additional enforcement mechanisms, these measures can be circumvented, and similar apps can quickly fill the void. Governments should adopt a multi-layered strategy that includes continuous monitoring of emerging threats and closer collaboration with technology providers to prevent banned applications from resurfacing under new names.

—

[1] McDonald, Joe. 2023. “Why does US see Chinese-owned TikTok as a security threat?” AP News. https://apnews.com/article/tiktok-bytedance-shou-zi-chew-8d8a6a9694357040d484670b7f4833be?utm_source=chatgpt.com.

[2]Vigdor, Neil. 2020. “U.S. Military Branches Block Access to TikTok App Amid Pentagon Warning.” The New York Times. https://www.nytimes.com/2020/01/04/us/tiktok-pentagon-military-ban.html 

[3] Daniel Konstantinovic. “TikTok ban signed by President Biden, giving ByteDance 9 months to sell.” EMarketer 2024. https://www.emarketer.com/content/tiktok-ban-signed-by-president-biden-giving-bytedance-9-months-sell

[4] TikTok Inc. v. Garland, No. 24-1113 (D.C. Cir. Dec. 6, 2024)

[5] Ministry Of Commerce & Industry Department for Promotion of Industry and Internal Trade, Government of India, Lok Sabha. 2024.” Starred Question No. 307. Re-Entry Of Chinese Fashion Brand Shein.” Sansad.In. https://sansad.in/getFile/loksabhaquestions/annex/183/AS307_HQGqpm.pdf?source=pqals.

[6] Ministry Of Commerce & Industry Department for Promotion of Industry and Internal Trade, Government of India, Lok Sabha. 2024.”

[7] Nick Marsh. “Trump Says Microsoft in talks to Buy TikTok.” BBC News. January 2025. https://www.bbc.com/news/articles/c4g3z55zz7xo

[8] Meaghan Tobin. “Why Beijing Could Have the Last Say on Any TikTok Deal.” New York Times. January 2025. https://www.nytimes.com/2025/01/17/us/politics/tiktok-ban-sale-china.html

[9] Leswing, Kif. 2025. “How VPNs might allow Americans to continue using TikTok.” CNBC. https://www.cnbc.com/2025/01/15/how-vpns-might-allow-americans-to-continue-using-tiktok-.html.

[10]  Dr. Vikash Gautam and Tamanna Sharma. Taxes And Takedowns: An Assessment Of India’s Key Policy Tools For Virtual Digital Asset Markets. Issue No. 042, May 2024, Esya Centre.  https://www.esyacentre.org/documents/2024/5/17/taxes-and-takedowns-an-assessment-of-indias-key-policy-tools-for-virtual-digital-asset-markets

[11] Baptista, Eduardo, Krystal Hu, and Doyinsola Oladipo. 2025. “Over half a million 'TikTok refugees' flock to China's RedNote.” Reuters. https://www.reuters.com/technology/over-half-million-tiktok-refugees-flock-chinas-rednote-2025-01-14/.

[12] Collier, Kevin, and Kat Tenbarge. 2025. “Chinese TikTok alternative RedNote could pose greater security risks, experts say.” NBC News. https://www.nbcnews.com/tech/social-media/chinese-app-rednote-pose-greater-security-risks-tiktok-rcna187619.

[13] Yang, Zeyi. 2025. “Xiaohongshu Scrambles to Hire English-Speaking Content Moderators.” WIRED. https://www.wired.com/story/xiaohongshu-english-moderators-red-note/.

[14] TikTok. n.d. “Our approach to content moderation.” TikTok. Accessed January 22, 2025. https://www.tiktok.com/transparency/en-us/content-moderation/.