TikTok’s first European data centre begins operations to address privacy concerns over China ties

INTERNATIONAL DESK: TikTok has confirmed that its first European data centre in Ireland is now operational and the social media giant has begun to migrate European user data to the site, as part of its ongoing response to data privacy concerns around the app’s links to China.

The centre in Dublin is the first of three in Europe to be built and will house data from TikTok users from across the European Economic Area (EEA), the United Kingdom and Switzerland.

The social media giant’s construction of the centres comes as it faces ongoing scrutiny from regulators around the world over its links to China.

TikTok, which is owned by Chinese firm ByteDance, has long said it does not share data with China, but critics fear it could be compelled to expose data to Beijing, with growing concerns about how President Xi Jinping’s administration could use technology against the West.

Earlier this year, the UK government banned ministers from using the video-sharing app on their work phones following a security review, and a number of other governments around the world have also introduced similar bans.

As part of an initiative called Project Clover, TikTok had set out plans to build three new data centres in Europe – two in Ireland and one in Norway – to enable more local data storage, reduce data transfers across regions and reduce employee access to user data as part of its response to privacy fears.

In an update on the project and alongside the announcement of the first data centre coming online, TikTok vice-president for public policy in Europe, Theo Bertram, said a third-party security company would also be used to independently audit TikTok’s work at the data centre.

“We’ve committed to storing our European user data locally by default, by establishing three new data centres in Europe,” Bertram said in a blog post.

“Our first data centre in Dublin, Ireland, is now operational and migration of European user data to the centre has begun. The other two data centres in Norway and Ireland are under construction.

“We have engaged a third-party European security company to independently audit our data controls and protections, monitor data flows, provide independent verification, and report any incidents. We are pleased to announce that NCC Group will conduct this oversight of our data security measures.”

Bertram added that the NCC Group would independently validate that only approved employees can access limited data types and carry out a number of other security controls.

“All of these controls and operations are designed to ensure that the data of our European users is safeguarded in a specially-designed protective environment, and can only be accessed by approved employees subject to strict independent oversight and verification,” he said.

Stephen Bailey, global director of privacy at NCC Group, said the set-up means European and UK TikTok users “can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements”. (SCMP)