Data Protection and National Security Concerns Meet in TikTok, WeChat Executive Orders

This summer continues to be a busy season at the intersection of data protection and national security. As we reported in July, the Schrems II decision invalidated Privacy Shield on the ground that its national security derogations were too expansive.

Last week, the President seized on concerns about surveillance by the Chinese government as a core rationale for Executive Orders directing the Department of Commerce to prohibit transactions involving TikTok (and its parent company, ByteDance) and WeChat (and its parent company, Tencent Holdings). For instance, the TikTok Order asserts that the company’s data practices “potentially allow[] China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage;” and the WeChat Order states that WeChat’s data collection “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.”

The scope of these Orders remains unclear. Members of Kelley Drye’s Export Control and Sanctions team provide further analysis on Kelley Drye’s Trade and Manufacturing Monitor (see below), and we will continue to monitor how implementation of the Orders could affect companies’ communications and transactions on these popular platforms.

President Issues Executive Orders Targeting TikTok and WeChat

Last Thursday, the President issued two executive orders (“E.O.s”) targeting social media applications TikTok (and its parent company, ByteDance) and WeChat (and its parent company, Tencent Holdings). The E.O.s direct the Department of Commerce (“DOC”) to prohibit transactions involving the applications. Companies that deal directly with TikTok or WeChat in the United States and abroad or use their services need to evaluate the scope of those activities and determine if they will be affected by the E.O.s.

The E.O.s were issued pursuant to the national emergency declared in E.O. 13873 regarding information and communication services in the United States that are controlled by persons within the jurisdiction of a “foreign adversary.” In issuing the E.O.s, the President cited concerns that the Chinese government could gain access to Americans’ personal information collected by the applications, among other policy considerations. The President has the power to issue the directives under the International Emergency Economic Powers Act (“IEEPA,” 50 U.S.C. 1701 et seq.), which provides the President with the authority to declare national emergencies and implement sweeping trade controls based on national security concerns.

The intended scope of the E.O.s is not clear due to ambiguous language used in Section 1, which contain the E.O.s’ primary prohibitions. Here is an excerpt of that section from the TikTok order:

Section 1. (a) The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with ByteDance Ltd. (a.k.a. Zìjié Tiàodòng), Beijing, China, or its subsidiaries, in which any such company has any interest, as identified by the Secretary of Commerce (Secretary) under section 1(c) of this order.

[…]

(c) 45 days after the date of this order, the Secretary shall identify the transactions subject to subsection (a) of this section.

There are two plausible readings of that section. The first is that all transactions involving ByteDance and its subsidiaries will be prohibited within 45 days. The second, and we believe more appropriate reading, is that all types of transactions specified by DOC will be prohibited. The inclusion of the last sentence of Section 1(a) and of Section 1(c) suggests that DOC has discretion to impose targeted prohibitions that only apply to certain types of transactions involving the subject companies, rather than all transactions involving ByteDance. While the ultimate scope of the prohibitions may not be clear until DOC takes action, the term “transactions” is often interpreted broadly, and could include many types of business dealings, not just financial transactions involving the companies. The White House is reportedly pushing for a broad interpretation of both E.O.s, noting that prohibited transactions could include making the apps available on app stores, purchasing advertising on TikTok, or accepting terms of service to download the applications.

It is also important to note that the TikTok and WeChat E.O.s differ in scope. The TikTok E.O. authorizes prohibitions on any transaction involving ByteDance and its subsidiaries. In contrast, the WeChat E.O. is more narrowly constructed to authorize prohibitions on transactions with Tencent Holdings or its subsidiaries that are “related to WeChat.” The more narrow construction with respect to Tencent may be intended to exclude Tencent’s many U.S. investments unrelated to WeChat from coverage under the E.O.

Much remains unclear about the intended scope and ultimate application of the E.O.s. Given this regulatory uncertainty, companies with business dealings directly or indirectly involving ByteDance or Tencent should review their engagements closely for potential exposure under the new rules. In particular, companies that use WeChat services for commercial purposes, including its IT and payment services, will need to evaluate whether they can continue that activity in the United States and abroad.

Please contact our Export Control and Sanctions team with any questions related to these developments.

Advertising and Privacy Law Resource Center