TikTok has hired British cybersecurity firm NCC to evaluate its data controls and protections and provide third-party verification. This is part of its “Project Clover” data security initiative.
Due to rising worries about the startup, which is owned by the Chinese corporation ByteDance, and whether China’s government could gather user data to advance its interests, several government entities have banned TikTok from staff phones.
To keep user data in Europe, TikTok is opening three data centres as part of the regime—two in Ireland and one in Norway.
TikTok has started data migration, and the first Irish datacenter is already operational. Elaine Fox, the head of privacy in Europe, stated in a statement that the remaining data centres will be operational by the end of 2024.
“We are not waiting for our European data centers to become fully operational … we have already started storing personal data for our EEA and UK users by default in a designated secure area known as the European enclave which is hosted in the interim in the U.S.,” Fox said.
TikTok and NCC said they will interact with policymakers in Europe in the upcoming months to discuss how the system will actually function.