TikTok has opened its first European data centre to alleviate fears over Chinese state surveillance.
The firm says European users’ data is now migrating to servers in Dublin, as part of its ongoing response to data privacy concerns around the video-sharing app’s links to China.
TikTok, which is owned by Chinese firm ByteDance, says it has never given data to Beijing.
Critics fear that the Chinese state could request access anytime.
The video-sharing giant is also allowing a European security company access to audit cyber-security and data protection controls.
TikTok has called this “Project Clover”, nodding to the pivotal role that Ireland is playing. It is running in parallel with “Project Texas”, which involved promising similar measures to US lawmakers in 2020.
Earlier this year TikTok faced a number of government restrictions on its use on cyber-security and privacy grounds.
A spate of institutions decided to ban the app from officials’ devices, including the UK government, the European Parliament, the European Commission, and the EU Council.
Keeping data in Europe
A key concern of European security officials is the risk that the data that TikTok holds on its users would be accessed by the Chinese state.
Authorities imposing bans have warned that emails, contacts and other communication could be accessed by Beijing as a result of having the app on devices.
As part of its effort to ease these concerns, TikTok will now be storing European user data locally.
One data centre in Dublin is now up and running with plans for another in Ireland and one in the Hamar region of Norway.
The data of TikTok’s more than 150 million European users will be moved through one of these three centres.
In an update on the project and alongside the announcement of the first data centre coming online, TikTok vice president for public policy in Europe, Theo Bertram, said a third-party security company would also be used to independently audit TikTok’s work at the data centre.
Project Clover has tasked NCC Group, a global cyber-security company with offices across Europe, to scrutinise TikTok’s data controls and report any incidents.
Stephen Bailey, global director of privacy at NCC Group, said he was proud TikTok had chosen NCC to be the third-party security provider on the project.
“Our objective scrutiny, monitoring and assurance means platform users in Europe and the UK can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements,” he said.
TikTok said that NCC Group would identify and respond to any “suspicious or anomalous access attempts” and would work on enhancing security.
In the coming months, TikTok and NCC Group will engage with policymakers across Europe to explain how this system will work in practice.