TikTok said it had issued an update detailing its work to enable more control and transparency over the way it is processing the data of European users, in line with its commitment to EU authorities on its data practices.
With "Project Clover," a project TikTok announced earlier this year, TikTok will ensure that all EU user data stays within the E.U. and not repatriated to Chinese servers owned by TikTok. Additionally, the company is strengthening third-party verification over its data practices and processes.
According to TikTok, it's making progress on both counts: its first data center in Dublin is operational, while construction on two new EU data centers — in Norway and Ireland, respectively — is now underway.
TikTok had planned to have its Dublin data center come into operation last year, but had construction progress delays. But it is now working well, meaning that all the user data in the EU will remain in the EU--important for countering one of the most contentious concerns about the platform's operating practices.
Much like the U.S., European regulators have raised concerns that TikTok data could be accessed by the Chinese Government, based on the C.C.P.’s strict cybersecurity laws, which essentially require Chinese-owned companies to share their user data with the Chinese Government on request. In the U.S. TikTok is also setting up local data center and verification partnerships, to keep user data domestic, though concerns remain over how exactly TikTok parent company ByteDance will be able to access and use user data going forward.
And those concerns could still see TikTok banned in America as CFIUS remains weighing a decision on the app.
EU regulators can also institute similar, which is why TikTok's also announced its new EU cybersecurity partner, that will audit and monitor its practices.
According to TikTok:
"We have engaged a third-party European security company to independently audit our data controls and protections, monitor data flows, provide independent verification, and report any incidents. We are pleased to announce that NCC Group will conduct this oversight of our data security measures.
NCC Group will scan data entering and leaving TikTok's safe environment "to independently validate that only authorized employees can access limited data types", says TikTok.
"NCC Group will continuously assess the new security gates we are building around European user data, the TikTok app, our data centres, and other infrastructure for the TikTok service. NCC Group also will be used as our managed security services provider for our security gateways, carrying out real-time monitoring to detect any suspicious or anomalous access attempts and provide assurance on the integrity of operations in our enhanced security controls."
The firm hopes that these new measures will help reassure the regulators in the EU regarding the safety of its operations so it can continue to operate in the region where it serves over 150 million EU users.
Data security has now emerged as the key risk to the prosperity of TikTok. It is the only apparent obstacle that can dampen the momentum of the application worldwide. That's why TikTok has gone ahead with such wide-ranging separation moves, but it's still unknown if all this will be enough for the authorities to feel comfortable about its separation from the C.C.P.
If those concerns persist, then all the time and effort, and money, that TikTok has committed to such projects will be for naught, but if it does nothing, it risks losing a great deal more in potential revenue around the globe.