TikTok Shares Update on Its Efforts To Separate EU User Data

TikTok's looking to reassure EU officials on data separation.

TikTok Shares Update on Its Efforts To Separate EU User Data

As TikTok stares down a potential ban in the U.S., despite a billion-dollar effort to prove that it’s keeping U.S. user data separate from its Chinese parent company, it’s also still working to reassure European regulators that EU user data is also safe, by building new data centers in the region.

And on that front, today, TikTok has delivered a new update on the progress of “Project Clover”, its EU user data separation project.

As per TikTok:

The first building in our Norwegian data center is now operational and migration of European user data from the US has begun. This is the second of our European data centers to come online, with our first data center in Ireland coming online last year.”

TikTok’s first European data center, based in Dublin, was switched on last September, the first step in TikTok’s plan to separate EU user data, and ensure that it’s not being accessed by Chinese staff. But in July, TikTok confirmed that its China-based staff can still access information on publicly posted content, as well as other info on EU users.

To address this, it’s also working “pseudonymisation” elements to essentially mask EU user info when it’s accessed by the company’s Chinese staff. But it will still be accessible. TikTok says that phone numbers and IP addresses will not be viewable by Chinese staff, but certain other elements will be, and given that most of TikTok’s uploads are shared publicly, it seems like quite a lot will still be shared across borders in certain applications.

Which I’m not sure will address all of the EU Commission’s privacy concerns, but TikTok’s moving ahead with the project, with the Norwegian data center adding another piece to the Project Clover puzzle.

Our dedicated European enclave, where the data of our European users is now stored by default, is hosted on servers in our US and Ireland data centers and now in Norway. We are also pleased to announce that NCC Group, the independent security provider for Project Clover, has begun continuous monitoring of the security gateway environments that provide additional protection to our European data.”

As noted, TikTok has taken a similar approach in the U.S. with “Project Texas”, which it hoped would show U.S. officials that there’s a clear separation between U.S. user data and its Chinese staff. It also partnered with Oracle to provide U.S.-based oversight of its source code, and ensure its compliance with data separation expectations.

But that didn’t work. Congress still voted in favor of forcing TikTok into a sell-off if it wants to remain in operation in the U.S., which TikTok is currently challenging in court. And while the U.S. government has been hesitant to share specifics with the public about the threat that TikTok poses in this respect, it does seem like, eventually, that bill will be enacted, which will force TikTok into U.S. ownership, or it’ll face a full ban in the region.

TikTok has said that it can’t separate its U.S. operations within the time frame provided, while Chinese official have vowed to opposed the sell-off push entirely. Which could see TikTok effectively banned in the region some time next year, though that may also depend on the outcome of next month’s election, with Presidential candidate Donald Trump vowing to “save TikTok” as part of his appeal to younger voters.

In Europe, EU officials are also keeping a close eye on TikTok’s data practices, though a forced sell-off or ban hasn’t been among the solutions discussed as yet. Last year, the European Commission banned its staff from using TikTok on work-related devices, due to cybersecurity concerns, while EU officials have also pressed TikTok for more information on its measures to protect minors in the app, amid questions over the addictiveness of its algorithms.

Given the region’s more stringent data privacy and consent laws, you would expect EU officials to be pressing harder than U.S. authorities on this front, though the sharing of data back to China would likely fall into a different category than the current Digital Services Act (DSA) legislation.

Either way, TikTok still needs to convince EU officials that it’s keeping EU user data safe, or it will face more scrutiny. And if the U.S. ban does go through, that could raise the stakes once again, and put more pressure on the app.