Senate Research Center
Committee Report (Substituted)
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
The mobile application TikTok is owned by the Chinese company ByteDance, employs members of the Chinese Communist Party, and has a subsidiary partially owned by the Chinese Communist Party. Currently, there are more than 85 million TikTok users in the United States.
TikTok collects vast amounts of data from its users' devices�including when, where, and how they conduct Internet activity�and offers potentially sensitive information to the Chinese government. While TikTok has claimed that it stores U.S. data within the U.S., the company admitted in a letter to Congress in 2021 that China-based employees can have access to U.S. data. Under China's 2017 national intelligence law, all businesses are required to assist China in intelligence work including data sharing, and TikTok's algorithm has already censored topics politically sensitive to the Chinese Communist Party.
On December 7, 2022, Governor Abbott directed state agency leaders to immediately ban its officers and employees from downloading or using TikTok on any government-issued devices, including cell phones, laptops, tablets, desktop computers, and other devices capable of Internet connectivity. The Texas Department of Public Safety of the State of Texas and the Texas Department of Information Resources have developed a model plan for other state agencies that would address vulnerabilities presented by the use of TikTok on personal devices. Each state agency has been directed to implement its own policy governing the use of TikTok on personal devices.
(Original Author's/Sponsor's Statement of Intent)
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Subtitle A, Title 6, Government Code, by adding Chapter 620, as follows:
CHAPTER 620.� USE OF CERTAIN SOCIAL MEDIA APPLICATIONS AND
ON GOVERNMENTAL ENTITY DEVICES PROHIBITED
Sec. 620.001. DEFINITIONS. Defines "covered application" and "governmental entity."
Sec. 620.002. DEFINING SECURITY RISK. Provides that a social media application, for the purposes of this chapter, poses a risk to the security of governmental entity information if the application's service provider may be required by a foreign government, or an entity associated with a foreign government, to provide confidential or private personal information collected by the service provider through the application to the foreign government or associated entity without substantial due process rights or similar legal protections.
Sec. 620.003. PROHIBITION. Requires a governmental entity, subject to Section 620.004, to adopt a policy prohibiting the installation or use of a covered application on any device owned or leased by the governmental entity and requiring the removal of covered applications from those devices.
Sec. 620.004. EXCEPTIONS; MITIGATING MEASURES.� (a)� Authorizes a policy adopted under Section 620.003 to provide for the installation and use of a covered application to the extent necessary for:
(1) providing law enforcement; or
(2) developing or implementing information security measures.
(b) Requires that a policy allowing the installation and use of a covered application under Subsection (a) require:
(1) the use of measures to mitigate risks to the security of governmental entity information during the use of the covered application; and
(2) the documentation of those measures.
Sec. 620.005. APPLICATIONS IDENTIFIED BY GOVERNOR'S ORDER. Authorizes the governor by executive order to identify social media applications or services that pose a similar risk to the security of governmental entity information as the service described by Section 620.001(1)(A).
SECTION 2. Requires each governmental entity, not later than the 60th day after the effective date of this Act, to adopt the policy required by Chapter 620, Government Code, as added by this Act.
SECTION 3. Effective date: upon passage or September 1, 2023.