Privacy & Information Security Law Blog

On December 6, 2024, the U.S. Court of Appeals for the D.C. Circuit upheld the Protecting Americans from Foreign Adversary Controlled Applications Act (the “Act”), which is set to take effect on January 19, 2025, and make the distribution of TikTok illegal in the U.S. if parent company ByteDance has not divested (also known as the “TikTok ban”). The D.C. Circuit is now considering a request for emergency injunction pending Supreme Court review. 

The D.C. Circuit unanimously upheld the law, ruling that the Act did not violate First Amendment free speech protections, and noting that the law was justified by the government’s intent to protect such freedoms from foreign adversaries. The decision is poised to send the dispute to the U.S. Supreme Court, as TikTok and ByteDance (collectively, the “petitioners”) filed an emergency injunction on December 9 requesting the D.C. Circuit to pause the ban while the Supreme Court reviews the legislation, and arguing that an injunction is appropriate given the pending change in administration. TikTok and ByteDance have asked the Supreme Court to consider the Act prior to the January effective date. It is not certain whether the Court will take up the case, though it would not be unexpected given the novel issues related to free speech, social media regulation and national security objectives.

The Act received overwhelming support in Congress and is one of several recent measures designed to address national security concerns related to the transfer of U.S. personal data abroad, especially to China, though it was notable for its focus on the TikTok app in particular and the ability of the Chinese government to access U.S. personal data. H.R. 815, a broad national security and foreign policy package signed by President Biden in April 2024, included among its measures both the Protecting Americans from Foreign Adversary Controlled Applications Act and the Protecting Americans’ Data from Foreign Adversaries Act, which prohibits data brokers from selling certain sensitive data to foreign adversaries. The administration has also taken executive action with similar objectives, including by restricting certain transfers of bulk data to high risk countries or persons (the Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern Executive Order and its related rulemaking).

The petitioners have requested a decision from the D.C. Circuit by December 16, and the government is expected to file its response by December 11.