As government bodies across the globe have sought to ban TikTok on official devices over data security concerns, the social media behemoth has announced Project Clover and two new European data centers.
The introduction of ‘Project Clover,’ an enhancement to TikTok’s 2021 data governance strategy, comes just two weeks after the EU Commission banned TikTok on corporate devices.
TikTok said that Project Clover will “move away from meeting industry standards to setting a new standard altogether when it comes to data security.” Implementation of Project Clover is set to continue throughout 2023 and into 2024.
As part of the enhanced measures, TikTok will strengthen data security controls by introducing security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe.
Major concerns were raised in November 2022 when the company confirmed that some employees outside the continent, including in China, can access the data of individuals using the app in Europe.
In its latest statement, TikTok said that this means that any data access will not only comply with the relevant data protection laws but also have to first go through these security gateways and additional checks.
This process will be overseen and checked by a third-party European security company. The name of the company was not mentioned by TikTok, but more details are to be announced.
New Data Center Locations
Compliance with the EU’s GDPR regulation is an issue for many international groups, like TikTok, as one of the many requirements is for data to be stored with in the EU or, if outside the EU, somewhere where there is an adequate level of data protection.
To this end, TikTok says it will begin storing European TikTok user data locally this year, with migration continuing into 2024.
Read more on TikTok here: Unpacking Recent Government TikTok Bans
In 2022 the company announced details of its European data center in Dublin, Ireland. As part of Project Clover, TikTok is confirming two more data center sites - a second data center in Dublin and a third in the Hamar region of Norway.
Once operational, these three data centers will represent a total annual investment of €1.2bn.
A Government Perspective
The Danish Centre for Cybersecurity (CFCS) is one of many groups which has published a recommendation against the use of TikTok on official devices used by government agencies on March 1.
Speaking at the Logpoint ThikIn conference in Copenhagen on March 8, 2023, Mark Fiedel, head of cybersecurity analysis at CFCS said one of the main reasons they are talking about TikTok is because they are being asked a lot about the app; however, the security issues themselves are not new.
“We got a lot of questions regarding TikTok as an app and prior to communicating to the public about this we have, for a number of years, done guidance about security and mobile devices,” he explained.
“Some of the things we advise is to separate your work life and private life functions if you want to have a high security level,” he outlined. “On the workplace mobile devices, only have a few and relevant apps.”
He mentioned that this is “basic stuff” and for him is not new. “It’s something we’ve communicated before.”
The reason for the advice against the use of TikTok on specific devices, Fiedel explained, is because cyber espionage is something the CFCS is concerned about and government agencies as a general organization group have access to information that other states want.
For other organizations outside of government, the CFCS has recommended carrying out a risk assessment on what’s important to the specific business and how work devices are used.
“For the public in general, use your common sense and take an interest in what apps you are putting on your devices, what access and rights it has,” he added.
As part of the EU Commission’s ban on the use of the app, approximately 32,000 permanent and contract employees must remove the app by no later than March 15, 2023.
Image credit: Ti Vla / Shutterstock.com