TikTok has shared an update on its efforts to facilitate more control and transparency over the way it handles the data of European users, in alignment with its commitments to EU authorities on its data practices.
As part of “Project Clover”, which TikTok announced earlier this year, TikTok’s working to ensure that all EU user data remains in the E.U., as opposed to being transferred back to TikTok’s Chinese servers, while it’s also implementing new third-party verification over its data practices and processes.
TikTok says that it’s making progress on each, with its first data center in Dublin now operational, while construction of two new EU data centers, based in Norway and Ireland, is now underway.
TikTok had hoped to have its Dublin data center up and running last year, but faced delays in construction. But it’s now functioning as expected, which will ensure that EU TikTok user data remains in the EU, addressing a key concern about its operating practices.
Much like the U.S., European regulators have raised concerns that TikTok data could be accessed by the Chinese Government, based on the C.C.P.’s strict cybersecurity laws, which essentially require Chinese-owned companies to share their user data with the Chinese Government on request. In the U.S. TikTok is also in the process of establishing local data center and verification partnerships, in order to keep user data domestic, though concerns remain as to how exactly TikTok parent company ByteDance will be able to access and use user data moving forward.
And those concerns could still see TikTok banned in America, with CFIUS still weighing a decision on the app.
EU regulators could also implement similar, which is why TikTok’s also announced its new EU cybersecurity partner, which will audit and monitor its practices.
As per TikTok:
“We have engaged a third-party European security company to independently audit our data controls and protections, monitor data flows, provide independent verification, and report any incidents. We are pleased to announce that NCC Group will conduct this oversight of our data security measures.”
TikTok says that NCC Group will monitor data coming in and out of its secure environment “to independently validate that only approved employees can access limited data types”.
“NCC Group will perform ongoing security assessments of the new security gateways we are building around European user data, the TikTok app, our data centres, and other TikTok infrastructure. NCC Group will also serve as a managed security services provider for our security gateways, performing real-time monitoring to identify and respond to any suspicious or anomalous access attempts and provide assurance on the integrity of the enhanced security controls operations.”
TikTok’s hoping that these new measures will help to reassure EU regulators as to the safety of its operations, which will then ensure that it can continue to operate in the region, where it serves over 150 million EU users.
Data security has become the key risk to TikTok’s ongoing prosperity, with potential restrictions seemingly the only thing likely to slow its growth worldwide. Which is why TikTok is now taking these broad-ranging separation measures, though it remains to be seen whether all of this will be enough to ensure authorities feel comfortable about its separation from the C.C.P.
If those concerns linger, then all of the time and effort, and money, that TikTok has committed to such projects will be moot, but if it does nothing, it risks losing way more in potential revenue around the world.