TikTok begins moving European data to Dublin centre

Project Clover migration to ringfence personal information

TikTok is ringfencing European user data as part of a new project to help assuage fears over potential security risks to personal information. Photograph: EPA
TikTok is ringfencing European user data as part of a new project to help assuage fears over potential security risks to personal information. Photograph: EPA

Social media company TikTok has begun moving its European data to a new data centre in Dublin, as part of a previously announced plan to ringfence personal information from its users in the European Economic Area, the UK and Switzerland.

The new European data security regime, known as Project Clover, was announced in March.

In a post by TikTok’s vice-president for public policy in Europe, Theo Bertram, the company said the first of the three new data centres planned was operational, and migration of European user data to the centre had begun.

The remaining two data centres – in Ireland and Norway – are still under construction.

READ MORE

‘We are in unchartered waters on health insurance pricing’

Listen | 38:19

Mr Bertram said the social media platform had engaged a third-party European security company – NCC Group – to independently verify its work, including auditing data controls, monitoring data flows and reporting incidents.

“As the independent security provider, NCC Group will monitor data coming in and out of the secure environment to independently validate that only approved employees can access limited data types.

“NCC Group will perform ongoing security assessments of the new security gateways we are building around European user data, the TikTok app, our data centres and other TikTok infrastructure,” Mr Bertram said.

“NCC Group will also serve as a managed security services provider for our security gateways, performing real-time monitoring to identify and respond to any suspicious or anomalous access attempts and provide assurance on the integrity of the enhanced security controls operations. They will validate that network traffic of TikTok’s European user data must pass through the security gateways.”

TikTok facing multimillion-euro fine for violating children’s privacy on appOpens in new window ]

TikTok has come under increasing scrutiny in recent months amid security concerns over the use of the app and its links to the Chinese government through its owner ByteDance.

It has faced a potential ban or divestiture of its business in the United States, with several other governments also piling on the pressure. Earlier this year the European Commission announced plans to ban staff from using TikTok, a move that Canada followed.

The popular social media platform is hoping that the current plan will be enough to assuage at least some of those fears.

“All of these controls and operations are designed to ensure that the data of our European users is safeguarded in a specially designed protective environment, and can only be accessed by approved employees subject to strict independent oversight and verification,” Mr Bertram said.

TikTok and NCC will now engage with policymakers across Europe to explain how the system would work, the company said.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist