TikTok has unveiled new measures to protect user data in Europe as it seeks to prevent further government bans on staff using the Chinese-owned video-sharing app over security concerns.
The plan, nicknamed “Project Clover,” aims to create a “secure enclave for European TikTok user data,” said Theo Bertram, vice-president for European government relations and public policy.
In a blog post, Bertram provided more details on plans to start localising data storage this year with servers based in Europe, where there are stringent rules on protecting user information. The new data centres will be operated by third-party service providers, which weren’t identified.
The tactic is similar to TikTok’s approach in 2020 when it teamed up with database software company Oracle to avoid a US ban from then-President Donald Trump’s administration.
This week’s charm offensive follows a move by the European Commission, EU Council, and European Parliament to ban staff from having TikTok on their work devices.
The European institutions cite cybersecurity concerns for their decision, and the Parliament also “strongly recommended” MEPs and their staff remove the app from their personal devices too.
The video-sharing platform is owned by the Chinese company Bytedance, and critics worry sensitive information could be exposed and potentially shared with the Chinese government when the app is downloaded and used.
Last summer, leaked audio of internal meetings, reported by BuzzFeed, revealed China-based employees of ByteDance had “repeatedly” accessed non-public data from users in the US – including journalists.
Bytedance maintains it does not share users’ data with Beijing, and that it is run independently.
TikTok further disputes accusations that it collects more user data than other comparable social media platforms.
‘Regular engagement with policymakers’
TikTok, which had already announced the creation of a data centre in Dublin, said on Wednesday it would set up a second one in the Irish capital and a third one in Norway’s Hamar region.
The company will begin storing European TikTok user data locally this year with migration continuing into 2024, it said, adding that these three data centres will represent a total annual investment of €1.2 billion.
The new measures include “security gateways” to add an extra layer of control, determining whether company employees can access data on European TikTok users and whether the data can be transferred outside of Europe.
A European security company will be appointed to audit the process, Bertram said.
The company says its latest round of briefings in Europe is part of its regular engagement with policymakers and stakeholders.
For a company with around 100 million active monthly users in the EU, the company says it is committed to continued engagement and cooperation on the issues raised.
“We are disappointed to see other EU institutions following suit on the Commission suspension and equally surprised that we have not been contacted directly or offered any explanation,” said a TikTok spokesperson.
“We deserve the opportunity to understand the evidence that supports these decisions and respond directly to any specific concerns. We urge these institutions to provide more information as soon as possible and provide us with the opportunity to have an open dialogue with them”.
Outside Europe, a host of countries have implemented similar TikTok bans for government employees, including Canada, India and Taiwan over alleged security risks.
The United States meanwhile has banned the app for government agency devices, while more than 50 of the US states have also banned the app from state government devices.
Both the FBI and the Federal Communications Commission have warned that ByteDance could share TikTok user data with China’s authoritarian government.
The TikTok spokesperson told Euronews Next it had been working on a plan to address national security concerns around the app in the US for two years, in what has been labelled “Project Texas”.
“That comprehensive plan addresses key issues of corporate governance, content recommendation and moderation, data security, and system access,” the spokesperson said.
“This is a comprehensive package of measures with layers of government and independent oversight to ensure that there are no backdoors into TikTok that could be used to manipulate the platform. These measures go beyond what any peer company is doing today on security”.