The company revealed that European user data is transitioning to servers situated in Dublin starting September 5th, as part of its continuous efforts to address data privacy apprehensions associated with the video-sharing platform’s connections to China.
TikTok, owned by Chinese firm ByteDance, asserts that it has never furnished data to Beijing, although critics are apprehensive that the Chinese state could potentially request access at any time.
In addition, the video-sharing platform has granted access to a European security firm to perform audits on cybersecurity and data protection controls. This initiative, named “Project Clover,” underscores the critical role played by Ireland. It runs concurrently with “Project Texas,” which promised similar measures to U.S. lawmakers in 2020.
Earlier this year, TikTok encountered various government restrictions due to cybersecurity and privacy concerns. Numerous institutions, including the UK government, the European Parliament, the European Commission, and the EU Council, opted to ban the app from officials’ devices.
One of the principal concerns of European security authorities is the possibility of the Chinese state gaining access to user data stored by TikTok. Those imposing bans have cautioned that Beijing could potentially access emails, contacts, and other communications by having the app on devices.
To mitigate these concerns, TikTok will now store European user data locally. The company now has an operational data center in Dublin, with plans for another in Ireland and one in the Hamar region of Norway. Data belonging to TikTok’s 150 million-plus European users will be routed through one of these three centers.
In an update on the project, alongside the announcement of the first operational data center, TikTok’s Vice President for Public Policy in Europe, Theo Bertram, disclosed that a third-party security firm would independently audit TikTok’s operations at the data center.
NCC Group, a global cybersecurity company with offices across Europe, has been entrusted with scrutinizing TikTok’s data controls and reporting any incidents. TikTok emphasized that NCC Group will identify and respond to any “suspicious or anomalous access attempts” while also working to enhance security.
TikTok and NCC Group intend to engage with policymakers across Europe in the coming months to elucidate how this system will function in practice.