TikTok has announced Project Clover, which will create a secure European enclave for UK and EEA TikTok user data. Project Clover will see TikTok introduce a number of new measures to enhance its existing data protections.
This comes on the heels of concerns as various governments around the world ban TikTok from staff devices, including the EU, the US and Canada. As TikTok Shop grows, this really matters to ecommerce as security concerns might not be top of consumer’s minds, but wider bans could introduce a fear that the platform isn’t safe.
Building on its data security approach in the US, TikTok will further enhance its data access controls by introducing security gateways that determine employee access to UK and European TikTok user data and data transfers outside of Europe. Any data access will not only comply with the relevant data protection laws but also have to first go through these security gateways and additional checks.
To provide independent oversight and checks of this, TikTok has announced it will appoint a third-party European data security partner, who will oversee and audit its data controls and protections, monitor data flows, provide independent verification and report any incidents.
TikTok will also work with third parties on incorporating the latest privacy-enhancing advanced technologies into its approach. This includes, but is not limited to, pseudonymisation of personal data, data aggregation and a system known as differential privacy.
In addition to its European data centre in Dublin, announced last year, TikTok has also today confirmed the details of two more European data centre sites – a second data centre in Dublin and a third in the Hamar region of Norway, the latter of which will be run on 100% renewable energy.
TikTok will begin storing European TikTok user data locally this year, with migration continuing into 2024. Once complete, these three data centres will be the default storage location for TikTok’s European user data, with a total annual investment of €1.2bn
A dedicated internal team has been working on Project Clover since last year and implementation of these novel and industry-leading measures will continue throughout this year and into 2024.
The measures in Project Clover will see TikTok move from meeting industry standards to setting a new standard altogether when it comes to data security in Europe. It will deliver on TikTok’s long-standing data governance strategy in Europe, which is based on the principles of storing European user data locally; minimising data flows outside of Europe; and further reducing employee access to user data.