Faced with criticism from European institutions, which fear a risk of spying, TikTok gave a first glimpse on Tuesday, March 7, of the changes planned by the app to reassure its users. Dubbed “Project Clover,” the program aims to offer greater transparency around what happens to the data of the app’s European customers. To this end, TikTok has announced the opening of two additional data centers in Europe, one in Ireland and one in Norway, bringing the total of centers built by TikTok in Europe to three.
The company says that the construction of these three facilities represents a total investment of €1.2 billion for the company. TikTok promises that by 2024, all of its European users’ data will be hosted and processed within the European Union.
In addition, the company has agreed to undergo a review by “a European security company” that will audit “data controls and protections, monitor data flows, provide independent verification and report any incidents.” For the moment, TikTok has not revealed which third party will be in charge of these verifications but states that it has already contacted a potential candidate and promises to announce the name of the company in the coming weeks.
Finally, the app promises that its teams will deploy new technologies to guarantee users better protection of their data and privacy. As an example, the company mentions the use of “pseudonymization” of the data collected by the app, which prevents the clear association of a user with a first and last name or any other identifying data.
European version
The Clover project is largely inspired by efforts already made by TikTok in the United States. In 2022, the company had responded to the criticisms aimed at it by unveiling an initial migration project, named “Project Texas.” Similar to the project proposed for the European Union, Project Texas aims to eventually repatriate all data belonging to American users of the app to servers entirely based in the United States and administered by the American company Oracle. This is a way for the company to respond to the criticism of the transmission of data collected by TikTok to China.
In addition to this relocation of data, the platform has made other guarantees, including the creation of a subsidiary called US Data Security (USDS) to manage TikTok’s US activities, with a board of directors that is independent of ByteDance. The American company Oracle will play a major role, and will also be responsible, along with seven other companies, for analyzing the source code and updates of the app before their deployment in US app stores.
The Clover project was announced in July 2022 but ByteDance teams have been working on it internally since 2020. That was in fact the year that the Trump administration had begun to issue the first criticisms of the Chinese app. According to recent reportsthe Texas project isn’t quite set in stone: TikTok has already migrated its operations to Oracle-administered servers but still relies on its own data centers in the US and Singapore to keep data backups.
We are interested in your experience using the site.
Similarly, the creation of the new USDS branch is conditional on an opinion from the US Foreign Investment Commission, which has not yet been published. The Clover project, which includes relatively similar provisions for Europe, could therefore also take some time to obtain all the necessary green lights for its implementation.