TikTok unveils European data security plan amid calls for US ban
TikTok has announced a data security regime for protecting user information across Europe, as political pressure increases in the US to ban the social video app.
The plan, known as Project Clover, involves user data being stored on servers in Ireland and Norway at an annual cost of €1.2bn (£1.1bn), while any data transfers outside Europe will be vetted by a third-party IT company.
TikTok is under pressure in the US and Europe over its links to China via its Beijing-based parent, ByteDance.
On Tuesday the White House gave its backing to a Senate bill that would give the administration the power to ban TikTok and on Wednesday the FBI director Christopher Wray told a Senate hearing that the app “screams” of national security concerns.
TikTok, which stores its global user data in the US and Singapore, has denied its data or algorithms can be accessed or manipulated by the Chinese government.
“The Chinese government have never asked us for data, and if they would we would refuse to do so,” said Theo Bertram, TikTok’s vice-president of government relations and public policy in Europe. TikTok, which has more than 1 billion users worldwide, has 150 million in Europe.
TikTok had said it would store data in two servers in Ireland but announced on Wednesday that it would also use a datacentre in Norway for the same purpose under Project Clover. The use of the Irish and Norwegian data servers will cost TikTok €1.2bn a year.
Under Clover, TikTok’s data controls and transfer of data outside of the continent will be monitored by a third-party European cybersecurity firm, although the company has yet to disclose the name of its security partner.
TikTok said it would introduce “pseudonymisation” of personal data so an individual could not be identified without additional information.
Last year TikTok confirmed employees outside the continent, including in China, could access user data to ensure their experience of the platform was “consistent, enjoyable and safe”. It said European user data could be used to conduct checks on the performance of its algorithms, which recommend content to users, and tracking vexatious automated accounts.
TikTok’s European proposals mirror a plan to reassure the US about user data, called Project Texas. Under the US plan, TikTok will store data from American users in the US on servers run by the tech firm Oracle.
Oracle will also monitor TikTok’s algorithms and source code – to try to assuage concerns that the Chinese state could influence what people see on the app – as well as vetting updates and delivering them to the Google and Apple app stores.
However, the proposals have not received political sign-off from the White House, amid fresh tensions between Washington and Beijing over the shooting down of a Chinese spy balloon off the US east coast. TikTok’s credibility was also damaged last year when ByteDance admitted employees had attempted to use the app to spy on reporters.
Concerns about TikTok’s data have been heightened by fears that companies could be legally compelled to hand over data by the Chinese government, citing examples such as China’s national intelligence law of 2017, which states that all organisations and citizens shall “support, assist and cooperate” with national intelligence efforts.
Last month the European Commission, the EU’s executive body, banned TikTok from work phones and devices, while the European parliament has also banned the app from staff phones.
However, the UK has ruled out similar moves despite lobbying from Conservative politicians, including the former Tory leader Iain Duncan Smith. Michelle Donelan, the secretary of state for science, innovation and technology, said last month there were no grounds for a ban.
“We have no evidence to suggest there is a necessity to ban people from using TikTok. That would be a very, very forthright move … that would require a significant evidence base to be able to do that,” she said.