TikTok’s response to EU’s data privacy concerns

In response to allegations from the US government and European institutions, the social media app attempts to show its goodwill and provide more openness with two major initiatives.

Project Clover

This month, amidst criticism from European institutions expressing doubts about spying, TikTok provided a preview of the changes the app will make. Called “Project Clover”, this initiative aims to create more transparency on what happens with the data of Europe’s customers. Accordingly, TikTok announced the inauguration of two centres for data storage inside the continent, in Ireland and Norway.

The company is investing €1.2 billion in constructing these new facilities, intending to ensure that by 2024 all European users’ data is hosted and processed within the EU.

An independent third-party contractor has been appointed to review its data controls and protection systems and to monitor its data flows and incident handling procedures. The name of this company is expected to be revealed in the following weeks.

Ultimately, the app pledges to implement new technologies to protect users’ data and privacy. For example, “pseudonymisation” of the collected data will be used, thus making it impossible to link a user to their name or other significant information.

Project Texas

“Project Clover” was born from the efforts already taken by the US branches of TikTok to respond to worries about data being transferred to China raised by Trump’s administration. Since 2020, the company has been working on implementing “Project Texas”, a migration scheme for eventually shifting all American users’ data to localised servers owned and maintained by Oracle in the US.

In addition to this data migration, TikTok has also made other assurances. It established a US-based subsidiary called US Data Security (USDS) to be in charge of the app’s activities in the US. This company has an independent board of directors unrelated to ByteDance, TikTok’s parent company. Notably, Oracle will take a prominent role and partner with seven other firms to scan the source code and app updates prior to their release in US application markets.

 Recent reports have suggested that the Texas project, although announced for July 2022, is not definite yet. TikTok has already shifted its business operations to Oracle-run servers; however, they still require their own data centres in America and Singapore to hold data backups.

The Clover project, which features comparable stipulations for Europe, may thus also take time to be implemented and secure all the necessary approvals.