ByteDance-owned TikTok outlined an effort to strengthen its European data protection practices on Wednesday as the company faces a crackdown from various governments on the use of the video-sharing app by civil servants.
Through an initiative named Project Clover, the Chinese-owned company is planning to create a “secure enclave” for the data of TikTok’s 150 million users, Theo Bertram, TikTok’s European policy chief, said in a statement. This will involve additional restrictions over the transfer of data outside of Europe, hiring an external security company to audit the company’s data handling processes and storing European users’ data in local data centres.
It follows a similar arrangement in the US called Project Texas, announced in late 2020 after former President Donald Trump threatened to ban the app, that sees Oracle store and audit the processing of American TikTok users’ data.
“The Chinese government has never asked us for data and if they did, we would refuse to do so,” Bertram said during a press conference. He said that the company’s approach to data storage would make it impossible for the Chinese government to compel TikTok to hand over European data and that the data access controls and audit would minimise the risk of backdoor access to the data.
European data is currently stored in data centres in Singapore and the US, but will be migrated to a secure environment in Europe, built by a European company, over three years and at a cost of US$1.5-billion, Bertram said during a press briefing on Wednesday. Company employees outside of Europe will still be able to access the data, but only for specific reasons and with strict access protocols that another company will audit.
Bertram described Project Clover as a “move from meeting industry standards to setting a new standard altogether when it comes to data security”.
Security concerns
In recent weeks, the European Commission – followed by other institutions including the European parliament – instructed staff to delete the app off their work phones citing data privacy and cybersecurity concerns.
A commission politician said the instruction to delete the app was made as a precautionary measure, adding there was no immediate threat to commission staff. But the move indicated a sharp change in tone from the continent. The company decried the move as “un-European”.
TikTok acknowledged a massive data scandal at the end of last year, where a number of employees had accessed users’ personal data, including journalists, as part of an attempt to crack down on leaks in the media. The company said those employees were fired.
The US has been far more aggressive in its approach to TikTok, with some lawmakers proposing plans to completely ban the app from the country or force ByteDance to sell the video-sharing platform.
Read: TikTok-branded free Wi-Fi hotspots launched in South Africa
By contrast, EU officials have largely been more calm in their approach. TikTok CEO Shou Zi Chew visited Brussels at the beginning of the year and met with a number of commissioners who raised privacy concerns. However, the company was told it had to follow EU rules in order to operate on the continent.
Read: Tencent in big push to build its own TikTok
Internal market commissioner Thierry Breton, however, gave a forceful warning to the company shortly after that it would be banned from the continent if there are further content moderation or data protection issues. — Jillian Deutsch and Olivia Solon, (c) 2023 Bloomberg LP