Chinese social media giant TikTok has finally begun storing European users' data to local data centers.
Three years after announcing its Project Clover program, which seeks to create a security-reinforced environment around the data of people across the UK, Switzerland and EEA countries, the company expects to complete the migration by the end of 2024.
The move comes following growing tensions that have even seen many nations look to ban TikTok on government officials' devices on security grounds. So, how does this shift affect TikTok users' privacy in Europe?
TikTok Project Clover
"We've committed to storing our European user data locally by default, by establishing three new data centers in Europe. Our first data center in Dublin, Ireland, is now operational and migration of European user data to the center has begun," confirmed Theo Bertram, TikTok’s European VP of public policy, in a blog post.
The video-sharing platform announced its plan of opening a Dublin-based secure data center back in 2020. It took three years and some delay (initially the program was set to start early last year and then pushed back to late 2022), but the Project to safeguard the 150 million TikTok users in Europe has finally kicked off.
Two more data centers are on their way, too: another one will be based in Dublin and the other in the Hamar region of Norway. The latter also promises to take a more sustainable approach by running on 100% renewable energy.
Local data storage represents just one part of this new secure enclave, though. Other key factors are a series of enhanced data controls carried out by a third party security firm based in Europe: publicly-traded U.K.-based information assurance company NCC Group.
Today, we've been announced as the independent, third-party, technology provider for TikTok’s Project Clover - a program focused on creating and maintaining a secure enclave for data belonging to TikTok’s 150 million users in Europe & the UK. Find out more https://t.co/DKm44xnTSTSeptember 5, 2023
"NCC Group will perform ongoing security assessments of the new security gateways we are building around European user data, the TikTok app, our data centers, and other TikTok infrastructure," explained Bertam, while adding that the company will be responsible to "monitor data coming in and out of the secure environment to independently validate that only approved employees can access limited data types."
One of the issues TikTok has been tangled up with, in fact, was around reports that employees from its China-based sister company ByteDance illegally accessed users' data. This possibility was—and still is, in the US at least—the main drive behind banning or restricting the use of TikTok.
NCC Group will also serve as a managed security services provider, said again Betram, by performing real-time monitoring to the security gateways for any suspicious or anomalous access attempts.
Both TikTok and the NCC Group are also set to engage with policymakers across Europe over the next months to explain how this comprehensive system will work in practice.
Stephen Bailey, Global Director of Privacy at NCC Group, said: "Our objective scrutiny, monitoring and assurance means platform users in Europe and the UK can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements."