With Project Clover, TikTok touts new EU privacy and data security efforts
TikTok is today doubling down on its European charm offensive as it seeks to counter a growing tide of political discontent with the popular short-form video hosting platform.
A new program called Project Clover will serve to create “a secure enclave for European TikTok user data,” Theo Bertram, TikTok’s European vice president of government relations and public policy, wrote in a statement. blog post.
TikTok, which claims more than 1 billion users globally, has been in the regulatory spotlight for several years now due to its ties to Chinese tech company ByteDance. Indeed, the trajectory of TikTok lately suggests that some restrictions could be heading, with a group of US senators this week unveil bipartisan legislation this could allow the government to limit or ban foreign technologies such as TikTok, if they are deemed a threat to national security.
Elsewhere, the European Commission last month ordered staff to remove TikTok work devices, shortly after the United States House of Representatives issued a similar ban.
And it is against this backdrop that TikTok is now seeking to curry favor with European regulators with a series of region-specific commitments and address concerns about its data mining practices the light at The future of Europe Digital Services Act (DSA).
Data sovereignty
With Project Clover, TikTok essentially brings together some previously announced initiatives as well as new privacy and security efforts. We already knew that TikTok was planning major infrastructure investments for Europe in terms of local data centers. The first of these was due to open in Ireland last year, but has been hit with repeated delays, while the company recently announced plans for two additional data centers in the region. We now know where they will be, one will also be in Ireland, while the third will be deployed in Norway. Norway’s data center, he said, will run entirely on renewable energy
Migrating data to European servers, a process TikTok says is set to finally begin this year and run through 2024, will be crucial to satisfying EU regulators, and that comes soon after. news has emerged that personnel in China could access European user data.
With that in mind, Project Clover will also apparently inaugurate new data access and control processes, including “security gateways” that determine which employees can access European TikTok user data. But perhaps more importantly here, TikTok said it would hire an independent security firm in Europe to audit its data controls and practices.
“We are in discussions with a third party and will announce more details in due course,” Bertram said.
In addition to this, Bertram also noted that TikTok intends to partner with other third parties to integrate “the latest advanced technologies” into its existing systems. This includes so-called “pseudonymization” of personal data, which essentially makes it more difficult to identify individual users in the event of a data breach.
“A dedicated internal team has been working on Project Clover for the past year and we plan to implement these innovative and industry-leading measures throughout this year and into 2024,” Bertram noted.
While TikTok has arguably come under greater scrutiny due to its parent company being based in China, its announcements today are roughly in line with efforts by big tech companies elsewhere. . Data sovereignty is ultimately the name of the game, whereby companies wishing to do business in Europe are expected to keep their data locally and put measures in place to ensure consumers and businesses know exactly what is happening with their data. .
Last year, Microsoft launched Microsoft Cloud for Sovereignty for public sector customers, while has recently started a multi-year roll-out of a new EU data localization effort. Somewhere else, the likes of google and that of Amazon AWS has also been touted their digital sovereignty credentials, with Europe generally serving as the main driver.
“The Clover project reinforces our commitment to a European approach to data governance that puts user data protection at its core and aligns with the principle of data sovereignty,” Bertram said.
