After months of maneuvering with the U.S. government, ByteDance Ltd. (ByteDance), the parent company of the popular short-video sharing app TikTok, is now creating a U.S.-based company, TikTok Global, for the app’s operation in America. Included in the plan is that Oracle, a Silicon Valley tech company, Walmart, and other U.S. companies and investors will share a total of 53 percent of the ownership of TikTok Global, satisfying the White House’s demands.
Since it launched in the U.S. in 2017, TikTok has quickly grown into one of the biggest social platforms in the world, with a large user base and an even larger collection of valuable user data. Consequently, ByteDance, a Chinese company, became the latest subject of escalating tensions between the U.S. and China after President Donald Trump issued two executive orders on Aug. 6 to ban TikTok and another Chinese app, WeChat, in app stores and prohibits app downloads in the U.S., ostensibly due to national security concerns. The bans on TikTok and WeChat have been challenged in federal courts in D.C. and San Francisco, respectively, on the ground of First Amendment violation. Both federal judges ordered to delay the enforcement.
However, TikTok is not the only app with ties to China that has faced such scrutiny, and it likely will not be the last.
In the case of ByteDance, the President’s threats were preceded by an unusual post-transaction review by the Committee on Foreign Investment in the United States (CFIUS). CFIUS is a federal interagency review committee that has historically focused on certain foreign acquisitions of US-owned companies in select “critical industries.” The committee now reviews a much broader subset of cross-border transactions that present potential national security risks.
Normally, the involved parties may voluntarily disclose a transaction to CFIUS for review. However, with the passage of the Foreign Investment Risk Review Modernization Act in 2018, CFIUS received broader authority to conduct post-transaction reviews on any cross-border transactions it deems necessary, particularly those raising national security concerns. Depending on the findings, CFIUS can recommend that the President intervene in a deal, but such recommendations are rare.
In March 2020, CFIUS started a formal post-transaction review into ByteDance’s 2017 acquisition of Musical.ly, a Chinese lip-syncing app with many users in the U.S. and Europe, for $1 billion. After its initial acquisition, ByteDance combined the Musical.ly app in late 2018 to become TikTok.
This review was unusual for a few reasons. First, the review was initiated three years after ByteDance initially acquired Musical.ly. Second, the acquisition of a karaoke app is seemingly not the kind of transaction that would trigger a mandatory CFIUS review. However, in this case, the trigger for the national security review appears to be ByteDance’s valuable user data. An executive order, signed by President Trump on Aug. 14, 2020, presents the justification of the CFIUS review on the 2017 transaction and qualifies ByteDance’s purchase of Musical.ly and its U.S. operation under CFIUS’ jurisdiction. In the same order, the President also mandated a 90-day deadline for ByteDance and its Chinese shareholders to divest all U.S. assets and data obtained from its U.S. operation with the approval from the administration.
Notably, according to a court complaint filed by ByteDance against the administration in August, the company questioned the legitimacy of the CFIUS review and its finding, challenging the President’s orders, and claiming the review occurred without a fair due process under the Fifth Amendment. ByteDance withdrew the complaint on Sept. 20, 2020, after President Trump has allowed the restructure.
The U.S. government’s argument rests on its concerns about the Chinese government having overarching control over Chinese companies, and ultimately control over user data collected by such companies. China’s Cyber Security Law (commonly referred to as the China Internet Security Law) in 2017 allowed the government to force Internet service providers to turn over user data for national security and law enforcement purposes. A recently passed National Security Law, which came after months-long protests in Hong Kong, has granted the government even more online authorities, including censorship and digital surveillance.
It already appears that the U.S. is building a precedent over other technology companies with ties to China. As TikTok underwent the CFIUS review, another Chinese-owned app was forced to sell to a U.S. company for the same reason. In March of this year, CFIUS forced Beijing Kunlun Tech, a Chinese gaming and software company, to sell Grindr to a U.S. company for more than $608 million, citing user data concerns. Beijing Kunlun Tech bought 60 percent of shares of Grindr, a popular dating app with many LGBTQ users, from its U.S. creator in 2016 and completed the buyout in early 2018.
Unlike the TikTok case, Beijing Kunlun Tech’s purchase was previously approved by CFIUS, according to the Los Angeles Times. The committee later decided to revisit the deal in 2019 and revised its opinion on the transaction. Ultimately, to proceed with the sale, Beijing Kunlun Tech said that it signed a “national security agreement” with CFIUS at the end of June 2020. It will be interesting to see how other, non-Chinese, transactions involving big data are reviewed by CFIUS, and if they receive similar treatment.
TikTok’s owners appear to be well aware that its Chinese background could hinder business overseas. There are concerns that the Chinese government can pressure ByteDance to turn over its user data to the government, so in response, ByteDance has been trying to shake off the “Chinese” label, as evidenced by the company’s complex corporate structure prior to its deal with Oracle and Walmart (see Chart 1 below).
Under the new deal, TikTok’s operation will be transferred to TikTok Global from ByteDance. ByteDance will still own part of the TikTok Global, but U.S. companies and investors will have the majority control over the new company — Oracle and Walmart will have 20 percent of the ownership, other U.S. investors will make up the rest of the 33 percent. The execution of the deal will still need the approval of CFIUS’ review.
Chart 1: ByteDance Ltd. Corporate Structure (Source: ByteDance.com on Sept. 28, 2020) 
ByteDance Ltd. is registered in the Cayman Islands, a British Territory in the western Caribbean Sea, and its Chinese mainland operations are through a different daughter company registered in Hong Kong, separated from its U.S., Southeast Asia, and Europe operations. Although global corporate structures are not uncommon, companies should note that such structures will likely not withstand the scrutiny from the U.S. government during a CFIUS review.
As the 45-day deadlines set by President Trump’s Aug. 6 ban expired on Sunday, Sept. 20, WeChat — the Chinese-app that is used as the primary channel for those in U.S. to conduct business or communicate with family or friends in China — is likely to become the next target of the administration.
