As you may be aware, there is a growing concern with data security on social media applications, such as TikTok, and a call for federal and state lawmakers to regulate these security risks. A Congressional Research Services Report from March 2023 highlighted some of the major concern areas regarding data security on social media applications, which included the collection, storage, and access of excessive nonpublic U.S. user data as well as undue influence over content shown to U.S. users. The Consolidated Appropriations Act, 2023 (Public Law No. 117-328) (known as the “No TikTok on Government Devices Act”) implemented a requirement for federal agencies to implement a prohibition on TikTok or any other ByteDance Limited or subsidiary-owned applications on executive agency information technology within 60 days of the enactment.

On June 2, 2023, the Federal Acquisition Regulation (FAR) clause Prohibition on a ByteDance Covered Application (FAR 52.204-27) was issued, effectively prohibiting the presence or use of TikTok or any ByteDance Limited successor application/service on any information technology used or provided by a contractor, including equipment provided by the contractor’s employees (personal devices).

The Office of Research Services (ORS) is beginning to see FAR 52.204-27 in solicitations for federal contracts and in new contracts and modifications. So, what does this mean for Penn researchers?

• If you have research funding under a federal procurement contract, it is imperative that anyone handling federal contract information in a laboratory or department does NOT install TikTok or the other applications listed below on Penn-owned computers or other devices and if already installed, to immediately remove these applications from the computer or devices.
• If a research team member uses any personal devices for federally contract-funded research, we strongly advise that TikTok or other prohibited applications are not installed on these personal devices or if already installed, we advise prompt removal.

ByteDance Ltd. applications prohibited under FAR 52.204-27 include, but are not limited to:
• TikTok – video creation app and social media network
• Douyin – China-specific video creation app tool (Chinese version of TikTok)
• Toutiao – content discovery platform (news and info app)
• Xigua Video – video sharing app for short- and long-form video stories/TV content
• Helo – regional social media platform
• Lark – workplace collaboration and management tool
• BytePlus – business intelligent platform offering analytics tools to computer vision software
• Nuverse – video game company subsidiary of ByteDance Ltd.

If you have questions about the new federal contract requirement, please contact Missy Peloso, Associate Vice President/Associate Vice Provost, Research Services at epeloso@upenn.edu.

For assistance with ensuring compliance on existing devices or for general device security help, please contact your local support provider, which can be found at https://www.isc.upenn.edu/get-it-help.