TikTok has provided an update on Project Clover, its initiative aimed at bolstering the protection of European user data. The company is taking several measures to safeguard user information and enhance data controls.
One significant step is the commitment to store European user data locally by default. TikTok has already inaugurated its first data centre in Dublin, Ireland, with the migration of European user data underway. Two more data centres are in the construction phase, one in Norway and another in Ireland.
To ensure the integrity of these data controls and protections, TikTok has enlisted the services of NCC Group, a respected European cybersecurity company. NCC Group, which holds TIBER-EU accreditation and UK National Cyber Security Centre (NCSC) approval, will perform independent audits of data controls, monitor data flows, verify security measures, and promptly report any security incidents. The collaboration will involve teams from various European offices and the UK.
NCC Group will oversee data traffic in and out of the secure environment to confirm that only authorised personnel can access specific data types. They will also conduct ongoing security assessments of security gateways, the TikTok app, data centres, and other infrastructure components. Furthermore, NCC Group will serve as a managed security services provider, conducting real-time monitoring to identify and respond to any suspicious access attempts.
These comprehensive measures are designed to establish a protective environment where European user data remains secure and accessible solely to approved employees. TikTok and NCC Group plan to engage with European policymakers in the coming months to clarify the practical implementation of these security enhancements.
Stephen Bailey, Global Director of Privacy at NCC Group, “We’re proud that TikTok has recognised NCC’s cyber security track record and expertise and chosen us as the independent third-party security provider on this project. Our objective scrutiny, monitoring and assurance means platform users in Europe and the UK can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements.”
Why is this important?
TikTok is keen to ensure it will not see its platform curtailed within the EU market due to new user privacy regulations. Its major investment in the establishment of local data centres, third-party oversight by NCC Group, and enhanced data controls is seen as a solution to the new regulatory systems.
These measures aim to fortify the security of European user data, ensuring that it remains accessible only to authorised personnel and subject to stringent oversight. TikTok’s proactive approach seeks to build trust among its users and regulators, surpassing existing data protection standards.