Key Takeaways: TikTok Testifies at House Energy & Commerce Committee Hearing

Mar 30, 2023 by Divya Sridhar, Ph.D., Director, Privacy Initiatives, BBB National Programs

On March 23, the U.S. House Energy & Commerce Committee held a hearing titled “TikTok: How Congress Can Safeguard American Data Privacy and Protect Children from Online Harms.” It was a perfect example of a “kitchen sink” inquiry, touching on virtually every tech issue we can think of, emphasizing the need for a comprehensive data privacy law to create a solution. 

The hearing included the vast array of topics being considered by Congress regarding federal data privacy, tech accountability and content moderation, and national security. Of note, the most pressing, interconnected issues discussed included: 

  • Passing a federal data privacy law due to its importance in ensuring baseline privacy and security protections for consumers and creating uniform rules for industry; 
  • Ensuring American citizens are protected and secure from surveillance by the Chinese government;
  • National security concerns from data collection that may result from Tik Tok’s affiliation with ByteDance; 
  • Rights, default settings, age-gating practices, and protections for users under 17 and children under 13 that use the app and intersection with existing protections for children under COPPA;
  • Misinformation and the impact on consumers, including the dangers of misinformation amplified by the platform that are leading to peer pressure, mental health challenges, addiction, and other dangerous social emotional learning impacts;
  • Publisher vs. content creator obligations, including practices around content moderation in relation to Section 230 and when a company is deemed a first party or a third party;
  • Targeted advertising for different user groups and how TikTok’s policies are reflective of industry;
  • The need for additional education and awareness for parents and caregivers on what defaults exist and how to support their kids when using platforms;
  • Algorithms and the impact of black box source code, as well as algorithmic bias plaguing platforms and exacerbating inequities for consumers; and
  • The lack of transparency regarding data security procedures and practices with storage.


The discussion focused a spotlight on the need for additional awareness and education on existing laws and practices, gaps that exist in the laws, and – in lieu of the passage of additional laws – the importance of self-regulatory programs that provide accountability and best practices for industry regarding privacy protections for the under-17 audience.  

In 2022, BBB National Programs launched the TeenAge Privacy Program (TAPP) Roadmap to provide a framework for any business that wishes to engage proactively with young consumers in efforts to map the broad spectrum of potential harms impacting teens into a concrete set of operational considerations. 

Developed in coordination with companies representing consumer goods, children’s marketing, and wireless and media technology, this roadmap is one step in the right direction towards a safer digital marketplace for teens and an educational tool that businesses can use immediately to create a dedicated process for considering the unique data privacy and content delivery needs of the teenager consumer group. 

We share additional thoughts on practical considerations regarding a federal consumer privacy law in our next blog. Stay tuned.  

Suggested Articles


Fifty Shades of Consumer Health Data: Unclear Expectations for Digital Privacy

While momentum continues to build around what a regulated consumer health privacy landscape looks like, the environment remains shrouded in shades of gray. To date, a risk-based approach to consumer health data does not exist, but we believe a sliding scale for the risks carried by consumer health data should.
Read more

Fifty Shades of Consumer Health Data: How a Risk-Based Approach Provides More Clarity

This piece includes a list of routine examples of consumer health information, that, at face value may have one level of risk. But, depending on the context and the risk associated with the use of that data, and whether it is combined with other data sources and data elements or made available in the public domain, it could lend itself to differing levels of regulation and enforcement activity.
Read more

California Privacy Enforcement: Whose Job Is It Anyway?

The California Privacy Rights Act of 2020 went into effect bringing new privacy rights to California consumers and created the California Privacy Protection Agency. CCPA will continue to be enforced by the California Office of the Attorney Genera. Which begs the question: Whose enforcement is it anyway?
Read more

Unsubstantiated Claims May Lead to Civil Penalties

The U.S. economy is built on a fair and transparent product marketplace. It is the responsibility of companies to have adequate substantiation for health and safety claims and to hold their competitors to the same standard.
Read more