TikTok opens first EU data center in major user privacy push

TikTok icon displayed on a phone screen with in the background European Union flag with cyber code, seen in this photo illustration.
(Image credit: Photo illustration by Jonathan Raa/NurPhoto via Getty Images)

Chinese social media giant TikTok has finally begun storing European users' data to local data centers. 

Three years after announcing its Project Clover program, which seeks to create a security-reinforced environment around the data of people across the UK, Switzerland and EEA countries, the company expects to complete the migration by the end of 2024.

The move comes following growing tensions that have even seen many nations look to ban TikTok on government officials' devices on security grounds. So, how does this shift affect TikTok users' privacy in Europe?

TikTok Project Clover

"We've committed to storing our European user data locally by default, by establishing three new data centers in Europe. Our first data center in Dublin, Ireland, is now operational and migration of European user data to the center has begun," confirmed Theo Bertram, TikTok’s European VP of public policy, in a blog post.  

The video-sharing platform announced its plan of opening a Dublin-based secure data center back in 2020. It took three years and some delay (initially the program was set to start early last year and then pushed back to late 2022), but the Project to safeguard the 150 million TikTok users in Europe has finally kicked off.

Two more data centers are on their way, too: another one will be based in Dublin and the other in the Hamar region of Norway. The latter also promises to take a more sustainable approach by running on 100% renewable energy.

Local data storage represents just one part of this new secure enclave, though. Other key factors are a series of enhanced data controls carried out by a third party security firm based in Europe: publicly-traded U.K.-based information assurance company NCC Group. 

"NCC Group will perform ongoing security assessments of the new security gateways we are building around European user data, the TikTok app, our data centers, and other TikTok infrastructure," explained Bertam, while adding that the company will be responsible to "monitor data coming in and out of the secure environment to independently validate that only approved employees can access limited data types."

One of the issues TikTok has been tangled up with, in fact, was around reports that employees from its China-based sister company ByteDance illegally accessed users' data. This possibility was—and still is, in the US at least—the main drive behind banning or restricting the use of TikTok.

NCC Group will also serve as a managed security services provider, said again Betram, by performing real-time monitoring to the security gateways for any suspicious or anomalous access attempts.

Both TikTok and the NCC Group are also set to engage with policymakers across Europe over the next months to explain how this comprehensive system will work in practice.

Stephen Bailey, Global Director of Privacy at NCC Group, said: "Our objective scrutiny, monitoring and assurance means platform users in Europe and the UK can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements."

More on security from TechRadar Pro

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com