ByteDance Ltd.
Headquartered in China, ByteDance runs a range of AI-driven content services, including short-video platforms and news aggregation services. It is the parent company of TikTok, a globally popular short-video platform with around 170 million U.S. users. While ByteDance owns TikTok, the platform itself is headquartered in Los Angeles and Singapore. ByteDance has repeatedly emphasized that TikTok operates independently, with separate data storage and governance structures to address regulatory concerns.
Note: This assessment primarily reflects TikTok’s policies and practices, unless otherwise specified, with ByteDance’s disclosures considered only in specific governance aspects.
RDR evaluated ByteDance for the first time this year. However, the evaluation was focused primarily on TikTok, its global short-video service.[1] ByteDance (TikTok) ranked sixth, trailing behind the majority of U.S. companies, except for X and Amazon. This was largely due to its lack of transparency on governance. The company is not publicly listed and, therefore, not required to disclose as much information as publicly listed companies. While TikTok had a human rights commitment at the service level, ByteDance itself failed to establish a group-wide human rights commitment to guide operations across its platforms. However, TikTok outperformed all the assessed companies in its transparency on freedom of expression.
TikTok has faced increasing scrutiny in the U.S. over national security and data privacy concerns since the first Trump administration. Lawmakers and regulators expressed fears that the platform could be forced to share user data with the Chinese government or be leveraged to influence public opinion. TikTok consistently denied these allegations and implemented measures such as Project Texas, a data security initiative designed to store U.S. user data inside the country with oversight to prevent unauthorized access. It also opened transparency centers—spaces designed to showcase its content moderation, data security, and algorithmic processes to policymakers and experts—and engaged in extensive lobbying efforts aimed at mitigating concerns. TikTok scored similarly to U.S. platforms Meta and X with respect to transparency on privacy policies and practices. In its transparency reports, the company clearly outlined its approach to government requests for user data, but it did not sufficiently differentiate between the types of requests received.
Despite TikTok’s efforts to assure regulators, the U.S. government remained unconvinced and enacted the Protecting Americans from Foreign Adversary Controlled Applications Act, mandating that ByteDance divest from its U.S. TikTok operations or face a ban. On January 18, 2025, when ByteDance failed to meet the divestment deadline, TikTok suspended its U.S. operations. However, the service was restored the following day after Donald Trump pledged to “save it.”
Beyond the threat of a federal ban, TikTok also faced legal action from the Department of Justice and the state of Texas, accusing the company of violating children’s privacy laws. The platform did not commit to minimizing user data collection or inference and failed to clarify whether it deletes all user information upon account termination. Additionally, TikTok did not disclose the encryption methods used to protect user data transmission or outline its protocols for responding to data breaches.
Beyond data security concerns, TikTok’s content moderation policies also came under scrutiny, particularly in the context of elections. As with other social media platforms, TikTok’s role in shaping public discourse during political events has been the subject of rigorous debate. TikTok provided more insights than any other assessed company regarding its content and advertising rules. Unlike most social media platforms, TikTok has banned all political advertising since 2019 to alleviate concerns that it could be used to spread political propaganda, manipulate public opinion, or interfere in elections. However, reports surfaced that political content, possibly paid for by organizations and individuals, appeared on the platform just weeks before the 2024 U.S. presidential election.
Yet speculation surrounding TikTok’s ownership has continued to grow. Reports from March 2025 indicated that a deal on ByteDance’s sale of TikTok was imminent. On April 4, Trump extended the deadline for the sale by 75 days. However, the deal was reportedly put on hold, as the U.S.-China tariff dispute intensified. The question now remains: Would a change in ownership truly impact TikTok’s accountability to its users?
The 2025 RDR Index: Big Tech Edition covers policies that were active on August 1, 2024. Policies that came into effect after August 1, 2024, were not evaluated for this benchmark.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
ByteDance (TikTok) lagged behind most of the assessed companies in governance, ranking second to last, ahead only of X. This was largely due to the opaqueness of its parent company ByteDance on governance procedures. While TikTok pledged to “uphold human rights,” its parent company ByteDance committed only to protecting user privacy (G1). Additionally, ByteDance did not disclose any governance structure for overseeing human rights issues (G3). It also did not offer any evidence of conducting human rights risk assessments at the parent company level. Finally, though TikTok claimed to assess human rights risks, it provided no relevant details (G4).
ByteDance (TikTok) stood out as the most transparent company with respect to freedom of expression policies and practices. It topped all the assessed companies with a comprehensive explanation of how its recommendation algorithm functions (F12) and clearly detailed its approach to govern online advertising content and targeted advertisements (F3b, F3c). It was the only platform that clearly indicated that it does not allow advertising clients to target specific individuals. The platform’s Community Guidelines Enforcement Report released data about content and accounts restricted (F4a, F4b), using a graph to illustrate the number of advertisements removed (F4c). TikTok also published data disclosing content removed in response to government requests (F6).
ByteDance (TikTok) did not provide sufficient transparency regarding its handling of user information. TikTok outlined the types of data it collects from users, yet some descriptions lacked specificity (P3a). The platform offered little information about retention of user information (P6). Additionally, it provided limited options for users to control how their data is used, such as completely opting out from its targeted advertising system (P7). TikTok clarified how it responds to government requests for user information (P10a) and published relevant data. However, the data lacked detailed breakdowns of the types of requests received (P11a). In terms of security, TikTok shared few insights on how user data was encrypted during transmission (P16) and did not disclose any measures it would take in the event of a data breach (P15).
[1] RDR conducted a study on TikTok and Douyin, the China-based counterpart of TikTok run by ByteDance in 2021. More information can be found click here.
[2] n November 2024, the EU released risk assessment reports submitted by very large online platforms, including TikTok, under the EU Digital Services Act. However, the reports were published after the policy cut-off date and were consequently not considered in this year’s evaluation.