TikTok opens first European data centre to address privacy concerns

TikTok has opened its first European data centre to address concerns about privacy concerns. The new facility is based in Dublin, Ireland.

The new data centre comes under TikTok’s ‘Project Clover’ in which the social media giant will vet any transfer of data outside of Europe. Reuters reported data is already being migrated to the Ireland facility.

“We are not waiting for our European data centres to become fully operational … we have already started storing personal data for our EEA and UK,” said Elaine Fox, TikTok’s Head of Privacy in Europe during a media call.

Specific details about the data centre have not been released. What is know is that TikTok has enlisted UK-based cybersecurity firm NCC Group to independently audit its data controls, monitor data flows, and report incidents.

“We will be conducting security assessments of the TikTok platform, validating the type of data being transferred or accessed in the European data centres and we will also be conducting security assessments of the TikTok platform from mobile iOS devices and Android,” said Stephen Bailey, Global Director of Privacy at NCC Group.

Back in March, TikTok announced it will open two new data centres in Europe as part of its data governance strategy for the region.

Why is Project Clover necessary?

With over 150 million European users coming to its platform every month, TikTok’s European expansion is a strategic step to improve user experience, adhere to regional regulations, and strengthen its foothold in the European market.

TikTok announced Project Clover in March following pressure from lawmakers regarding security

Opening new data storage facilities in the EU aligns with TikTok’s strategy in building trust with the community by demonstrating that ‘data is secure’.

The European Parliament, European Commission, and the EU Council recently banned TikTok from public servants’ phones. The ban is a response to concerns about the app’s risks to cybersecurity and data privacy or its potential use to push pro-Beijing narratives and misinformation.

“We are a pro-compliance company. Tell us what the problems are, and then let’s work together on the solutions.

“Our approach is very much open to governments, regulators, and experts to give us their counsel and advice on how we can do this even more effectively,” said Theo Bertram, VP of Government Relations and Public Policy.

Since then, TikTok has made changes to its app as required by the EU Digital Services Act. It calls for all large online platforms to share data with authorities. Changes for users include easier reporting of illegal content, no personalised video recommendations, and no targeted ads for users aged 3-17.

Similarly, TikTok has an American iteration of this initiative known as ‘Project Texas’. This is designed to house data from US users exclusively within their national borders. The project will utilise servers managed by Oracle.

For companies that fail to adequately protect user data, hefty fines can be imposed by regulators.

Ireland’s Data Protection Commission (DPC) fined Meta, the owner of Facebook, £1 billion (€1.2 billion) for violating a portion of the European GDPR rules. Additionally, the DPC ordered the company to cease transferring user data from European users to its US servers.

What are TikTok’s future plans?

TikTok is said to be planning to build two more data centres. One data centre in Norway will be built by Green Mountain exclusively for TikTok. It is expected to provide between 90 and 150MW capacity. A second data centre in Ireland is also planned.

TikTok aims to complete full migration of user data from the European Economic Area and the UK to these data centres by the end of 2024. These data centres will become the default data location for users within this region.

TikTok and NCC are expected to engage with European policymakers to explain how the system will work in practice.

The EU Data Act is poised to play a significant role in the broader digital strategy for European Union member states. If passed, it will promote data sharing by setting clear rules for access and use within the EU, granting connected device users more control over their data, while also imposing new obligations on industry actors.

Hungry for more tech news?

Sign up for your weekly tech briefings!