"Senator ... I'm Singaporean!": Privacy Regulation and Data Transfers in Cross-Border Corporations.

A recent congressional hearing involving social media companies, including TikTok and Facebook, made headlines when Senator Tom Cotton of Arkansas grilled the TikTok CEO, Shou Zi Chew, repeatedly asking him if he had ties to China or its Communist Party. The Singaporean CEO, who has served as TikTok's CEO since 2021, repeatedly replied, "Senator . . . I'm Singaporean!" While Senator Cotton, evoking McCarthy-era sentiments, was severely criticized for his racism and what appears to be a lack of understanding about corporate governance, another problem emerged. TikTok, which is a subsidiary of the Chinese-owned ByteDance, operates in countries around the world and stores its data in Malaysia, Singapore, and the United States. In today's global privacy landscape, each of these countries has differing privacy laws that, at times, conflict regarding how to handle and transfer data. The lack of consensus on how to store and transfer consumer data exposes corporations to the potential risk of hacking if proper oversight and precautions are not followed. Accordingly, with data becoming a new global currency for expanding businesses, governments must work together to find a solution that streamlines the handling, storage, and transfer of data. Using the United States-Mexico-Canada Agreement as a baseline to create a crossborder data transfer treaty, this Article proposes a multilateral agreement akin to the General Data Protection Regulation to protect consumer data and remove confusion about conflicts of law. [ABSTRACT FROM AUTHOR]