TikTok Seeks To Reassure Europe With New Data Security Pledges

As pressure mounts on TikTok over concerns that it may be sharing user data with the Chinese government, the company has launched a new data security regime for protecting user information across Europe.

Project Clover will see user data stored within Europe and placed under tighter access controls, with oversight from a third-party European security company.

“Our existing data access controls already highly limit access to user data. Building on our data security approach in the US, we are further enhancing these controls by introducing security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe,” explains Theo Bertram, TikTok’s vice president, government relations and public policy for Europe.

“This will add another level of control over data access. Any data access will not only comply with the relevant data protection laws but also have to first go through these security gateways and additional checks.”

The company says it’s in negotiations with a third-party European security company which will, it says, audit data controls and protections, monitor data flows, provide independent verification and report any incidents.

Itt also plans to work with other third parties on introducing new privacy enhancing technologies, including the pseudonymisation of personal data and aggregation of individual data points into large data sets to protect the privacy of individuals.

And in order to keep European data within Europe, it’s opening two new data centers, one in Dublin and another in the Hamar region of Norway. Both will be co-location sites operated by third party service providers. TikTok plans to start migrating data this year and next.

“Project Clover reinforces our commitment to a European data governance approach that places the safeguarding of user data at its core and aligns with the principle of data sovereignty,” says Bertram.

“We believe that its implementation will ensure that the 150m people who come to TikTok every month enjoy industry-leading data protection and security.”

The plan is similar to that being implemented in the US and codenamed Project Texas, whereby user data will be stored locally by a new subsidiary, TikTok U.S. Data Security Inc. (USDS), which will be governed by an independent board of directors.

Both schemes are designed to allay growing fears about parent company ByteDance’s links to the Chinese government, with concern that the company could, under Chinese law, be compelled to hand over data to the government.

Earlier this week, a U.S. Senate Select Committee on Intelligence was warned that the company represented a threat to national security, with the White House backing a bill that would give it the power to ban the company altogether.

Meanwhile, in Europe, both the European Commission and the European Parliament recently banned the use of TikTok on work phones, along with several national governments. The UK, by contrast, has imposed no such restrictions, despite widespread calls to do so.