By Patrick K. Lin, Technology & Human Rights Fellow 2024-25
The views expressed below are those of the author and do not necessarily reflect those of the Carr Center for Human Rights Policy or Harvard Kennedy School. These perspectives have been presented to encourage debate on important public policy challenges.
Perhaps Ellison said it best in his 2013 interview with CBS News’ Charlie Rose: “This whole issue of privacy is utterly fascinating to me. Who’s ever heard of this information being misused by the government?”
Last week, on January 22, 2026, TikTok announced that the TikTok USDS Joint Venture LLC, a new U.S.-majority corporate entity, was officially established to comply with Trump’s executive order approving the sale of TikTok’s US operations to an American investor group. Following this transition to new ownership, Chinese company ByteDance retains 19.9 percent of the new joint venture. The new joint venture is made up of a group of investors, including U.S. cloud computing and database software company Oracle, tech investment firm Silver Lake, and Abu-Dhabi state-owned investment fund MGX. Oracle, Silver Lake, and MGX each own 15 percent.
Under this new corporate entity, Oracle, chaired by Republican megadonor and second richest person in the world Larry Ellison, will “retrain, test, and update” TikTok’s content recommendation algorithm on U.S. user data. This is the same Oracle that manages and stores data for UnitedHealthcare, Netflix, Amazon, OpenAI, and many of the largest banks and financial institutions in the U.S. Significantly, Oracle started as a CIA project and has dozens of contracts with the NSA, Department of Defense, and Department of Homeland Security.
Accompanying the announcement of this joint venture is a new TikTok privacy policy. Historically, the app collected information based on users’ SIM card, IP address, or both. However, TikTok’s last privacy policy, updated August 19, 2024, stated that the app did not collect precise, GPS-derived location data from U.S. users. Under the new policy, updated January 22, 2026, TikTok may collect precise location data if location services are enabled.
The August 19, 2024 privacy policy:
The January 22, 2026 privacy policy:
The move to collect precise GPS location data is part of a broader strategy to monetize physical movement and behavior. By knowing not just what users watch, but exactly where they are when they watch it, TikTok can offer advertisers an even greater level of targeting.
While TikTok’s previous privacy policy does not explicitly mention AI, the new policy explicitly provides that the app collects data from users’ interactions with its AI tools, “including prompts, questions, files, and other types of information that [users] submit to [TikTok’s] AI-powered interfaces, as well as the responses they generate.” The new additions about AI interactions also state that metadata associated with users’ AI interactions is also automatically collected.
This TikTok deal further consolidates the surveillance capabilities of state and corporate actors. While the line between government and corporate surveillance has long been blurry, year one under Trump 2.0 has already provided plenty of examples of how tech cronyism sustains America’s vast surveillance machine. Oracle pulling TikTok’s strings is yet another illustration of surveillance capitalism, along with Palantir supplying ICE with ImmigrationOS to track immigrants’ movements, AT&T providing ICE with IT and network support, Deloitte providing ICE with “data modernization support,” and more.
Perhaps Ellison said it best in his 2013 interview with CBS News’ Charlie Rose: “This whole issue of privacy is utterly fascinating to me. Who’s ever heard of this information being misused by the government?”
sauloangelo | Adobe Stock
