BRUSSELS — TikTok has launched its European counteroffensive to assuage politicians’ fears over Chinese surveillance.
Two weeks after the European Union institutions introduced a ban on the app on officials’ devices over data security concerns, the social media platform on Wednesday announced a plan to safeguard Europeans’ data from the Chinese government’s reach.
The plan — a bid to stave off more restrictions on its app’s use — centers on keeping European users’ data on servers in Europe and allowing a European security company far-reaching access to audit cybersecurity and data protection controls.
“That process is there to ensure a level of data sovereignty that we believe goes beyond what any company has done, and indeed believe what any of our peers said was possible,” said Theo Bertram, Europe’s vice president for government Relations and Public Policy.
TikTok is calling it “Project Clover,” a nod to its plan to process European data in Ireland and an analogy to its “Project Texas,” which promised similar controls to U.S. lawmakers in 2020.
The company’s General Counsel Erich Andersen is touring key capitals to deliver the message in person to policymakers. He traveled to London and Brussels this week and will visit The Hague and Paris next.
One key concern of European security officials is the risk that TikTok data on its users would leak to China or be accessed by Chinese authorities. TikTok is owned by Beijing-based company ByteDance, which is subject to Chinese security legislation that could force it to cooperate with the Chinese state on data access requests. TikTok says it has never provided data to the Chinese government.
The app in past months has faced creeping government restrictions on its use on cybersecurity and privacy grounds. So far, at least seven national governments as well as the European Commission, the Council of the EU and the European Parliament have restricted all or parts of their staff from using the app on phones.
Europe’s Project Clover would task a third-party European security company with auditing TikTok’s data controls and protection; monitoring data flows; and verifying and reporting any incidents, the social media said.
The data of TikTok’s more than 150 million European users will be moved, beginning this year and into 2024, to two data centers located in Dublin and a third in the Hamar region of Norway. All the centers will be co-operated by third-party service providers. In the U.S., the company has partnered with cloud software company Oracle.
The company said the project has been in the works since last year — before the EU made its bombshell announcement to ban the app on officials’ phones — and will include stronger security measures to determine employee access to European users’ data and data transfers outside Europe.
“Our approach is very much open to governments, regulators, experts to give us their advice on how we can do this even more effectively. But if the concern is data access, we believe this solution,” Bertram said.
The company has been discussing with a European third-party company for the last six months to monitor its data security and said it expects to implement its new measures throughout this year and into 2024.
Laura Kayali reported from Paris.