TikTok reveals new European data security measures amid ban fears

8 Mar 2023

Image: © rootstocks/Stock.adobe.com

Project Clover, the data security programme run by TikTok in Europe, is getting updates to ‘set a new standard altogether’.

TikTok has announced a new set of measures to protect European user data as the Chinese-owned app comes under increasing regulatory scepticism on both sides of the Atlantic.

Theo Bertram, the vice president of government relations and public policy for TikTok in Europe, said today (8 March) that the company intends to not just meet industry standards with its data security programme, called Project Clover, but set “a new standard altogether”.

This includes storing user data of more than 150m monthly European users within the continent through the creation of two data centres in Dublin and one in the Hamar region of Norway.

“Similarly to our original data centre, these two new data centres will be co-location sites operated by third party service providers,” Bertram said, adding that once operational, the three data centres will represent a total annual investment of €1.2bn.

European user data will start being stored locally this year, with migration expected to continue into 2024.

Third-party help

Among other measures confirmed by TikTok is the introduction of security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe.

This builds on TikTok’s existing data security approach in the US and will add another level of control over data access.

“Any data access will not only comply with the relevant data protection laws but also have to first go through these security gateways and additional checks,” Bertram explained.

The process will be overseen and checked by a soon-to-be-named third-party European security company which will “audit our data controls and protections, monitor data flows, provide independent verification and report any incidents”.

TikTok will also work with third parties to incorporate privacy enhancing technologies into the process, including the “pseudonymisation of personal data” so that an individual cannot be identified without additional information and aggregation of individual data points into large datasets.

Bertram said a dedicated internal team has been working on Project Clover since last year and that the measures will be implemented throughout this year and into 2024.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic