With a potential US ban on the horizon, TikTok has outlined a new data policy designed to convince European lawmakers it is not a security threat. Dubbed Project Clover, the guidelines will see TikTok introduce “security gateways” governing employee access to European user information and data transfers outside of the continent. “This will add another level of control over data access,” TikTok states. As before, data requests will also need to comply with local data protection laws.
A third-party security firm will be responsible for overseeing TikTok’s new data security controls and conducting audits of the company’s data practices. The third-party will also “monitor data flows” and report incidents. TikTok said it would have more information to share about the partnership soon. The company also plans to partner with other companies to implement technologies that can augment and improve its new data policy.
According to TikTok, an internal team has been working on Project Clover since last year. The company expects to implement the changes it outlined today throughout 2023 and next year. Separately, TikTok today announced plans to open two new data centers in Ireland and Norway. Both will be operated by third parties and powered by renewable energy. The company plans to begin storing European user data locally starting this year, at an annual cost of €1.2 billion.
"We're ahead of the curve on this because we have to be – because we need to earn trust," TikTok vice-president of government relations and public policy in Europe Theo Bertram told BBC News.
The announcement comes after the European Commission, the EU’s executive wing, banned staff from installing and using TikTok on work devices. Whether the company’s new policy will be enough to prevent European lawmakers from imposing additional limits on the platform is hard to say. Project Texas, an agreement TikTok struck with Oracle to route US user traffic through the firm’s cloud infrastructure, has seemingly done little to convince American lawmakers the app is not a national security threat. Whatever course of action the US takes, it’s likely to push its allies in Europe to do the same, much like it did with Huawei.