By Katy Stech Ferek

WASHINGTON -- Oracle Corp.'s bid to become the "trusted technology partner" for the popular Chinese-owned TikTok app may not be a standard-issue business deal, but it's increasingly the sort of arrangement that undergoes a national security review, according to lawyers who advise companies in such cases.

Treasury Secretary Steven Mnuchin said Monday that the Oracle bid would be reviewed by the Committee on Foreign Investment in the U.S., a national security panel that is best known for reviewing outright foreign takeovers of U.S. companies.

The Oracle deal, by comparison, involves an arrangement with TikTok to move data on American users to Oracle's cloud-computing infrastructure in the U.S. to prevent it from being shared with the Chinese government.

Attorneys who advise companies and investors undergoing national-security reviews say the panel is increasingly dealing with matters that involve data privacy, as well as deals that involve minority investments, private-equity investments and limited partnership structures.

"There's a lot of experience and models to use in situations where there isn't an outright 100% purchase," said lawyer Christine Savage of the King & Spalding LLP law firm in Washington, D.C.

Cfius is best known for reviewing proposed foreign takeovers of U.S. businesses that could weaken U.S. security, such as acquisitions of companies whose technology has military applications.

Led by the Treasury Department, it also includes representatives from the State Department, the Pentagon, the Department of Homeland Security and other agencies. It deliberates in private, sometimes making its recommendations to the president -- as Mr. Mnuchin said would occur in this case. President Trump has the power to override Cfius decisions.

In recent years, Cfius has increasingly looked at deals that involved access to personal data of U.S. citizens -- not only for technology platforms but for insurers, health-care companies and hospitality firms.

"This isn't the first data-intensive application that Cfius has looked at closely and identified concerns with," said Damara Chambers, a Washington, D.C.-based national security lawyer with the Vinson and Elkins law firm who said sometimes the panel will require ongoing monitoring and auditing of a deal.

Cfius has been investigating risks related to TikTok's Chinese owner, Beijing-based ByteDance Ltd., for months.

U.S. officials say they are concerned that TikTok could pass on data it collects from Americans streaming videos to China's authoritarian government. They also are increasingly concerned that the app might be spreading Chinese propaganda and that the platform's moderators could be censoring content to appease Beijing.

TikTok has denied that it would compromise the data of its users, or use its site to spread propaganda.

The Cfius panel's focus on privacy concerns sharpened after 2015, when U.S. officials announced that hackers had penetrated databases of the U.S. Office of Personnel Management containing records of personnel files and security-clearance forms for current and former U.S. officials. The breach amounted to one of the largest-ever thefts of U.S. government records.

Members of the panel agreed that they should monitor deals for privacy-related concerns almost immediately afterward, according to several formal panelists. And soon after, panelists gave careful scrutiny to several deals that raised privacy concerns about the information that could flow back to China, they added.

Panelists often allow deals that they consider troubling on a national security front to go through if the companies involved can convince them that those concerns can be mitigated. Last year, the panel adopted mitigation measures with respect to 33 deals they had investigated, roughly 12% of the year's total deals, according to Treasury figures.

In some of those deals, they required businesses involved in the transactions to limit the transfer of intellectual property and trade secrets, ensure that only a few authorized have access to key technology or require that U.S. citizens handle certain products and services, the report said.

Ms. Savage said that when panelists are trying to figure out if safeguards for data are strong enough, they will assess what kind of data is on a tech platform, where it resides and where the potential acquirer is located.

But in some cases, panelists couldn't find safeguards strong enough to ease their concerns. Last year, the panel ordered another Chinese investor to give up its interest in Grindr, a dating app originally geared toward gay men, over concerns the personal data it collects could be exploited by Beijing to blackmail individuals with security clearances.

Other deals that raised privacy concerns involved insurance and hospitality. Earlier this month, a major U.S. hotel operator has agreed to purchase hotel property management software firm StayNTouch Inc., a $46 million deal that came together after Mr. Trump said the firm's existing Chinese ownership poses a threat to U.S. national security.

Write to Katy Stech Ferek at katherine.stech@wsj.com