TikTok has provided an update on its "Project Clover" data separation project, which aims to ensure that European user data is not accessed by China-based employees and officials. The platform has implemented security gateways to restrict access and enforce technical protocols, ensuring that only approved employees can access certain data types. Since last summer, new security protocols have been in place to protect restricted data stored in TikTok's European data enclave, such as private videos and phone numbers.
Data Protection Measures
- Private Data: Private videos and phone numbers are stored in a European data enclave and cannot be accessed by China-based employees.
- Public Data: Technologies like pseudonymisation are used to de-identify public data before it can be accessed by China-based employees. This includes public videos and user privacy settings, which need to flow internationally for the app to function.
Compliance and Inspections
TikTok's measures are designed to comply with EU data regulations. Cybersecurity firm NCC Group has inspected TikTok's code and will continue to re-examine future updates. Additionally, TikTok is building three new data centers in Europe to house EU user data, with two already active in Ireland and Norway, and a third to come online next year.
Despite these measures, concerns remain about TikTok's potential use as a propaganda platform for pro-China messaging. There is no definitive evidence that ByteDance is manipulating user feeds, but the possibility remains, especially given ongoing China-based influence operations on other social apps. EU cybersecurity officials have also raised concerns about Chinese influence activity.
Conclusion
While Project Clover addresses key data sharing elements and aligns with EU expectations, it may not quell all concerns linked to TikTok. If TikTok is removed from the U.S., there could be increased pressure for other regions to follow suit.
