The social media giant has announced Project Cover and two new European data centers as government agencies around the world seek to ban TikTok on official devices over data security concerns.
The introduction of “Project Clover,” which will strengthen TikTok’s 2021 data governance strategy, comes just two weeks after the EU Commission banned TikTok on corporate devices.
TikTok says Project Clover “moves from meeting industry standards to setting entirely new standards when it comes to data security.” Implementation of Project Clover will continue through 2023-2024.
As part of the enhanced measures, TikTok will strengthen data security controls by introducing security gateways that determine employee access to European TikTok user data and data transfers outside of Europe.
Significant concerns were raised in November 2022 when the company confirmed that some employees outside the continent, including China, had access to the data of individuals using the app in Europe.
In its latest statement, TikTok said this means that any data access must first pass through these security gateways and additional checks, as well as comply with relevant data protection laws. .
This process is monitored and checked by a third party European security company. The company’s name has not been mentioned on TikTok, but more details are to be announced.
new data center location
Compliance with the EU’s GDPR regulations is a problem for many international groups such as TikTok. One of the many requirements is that data be stored within the EU or, if outside the EU, in a location with an adequate level of data protection. .
To this end, TikTok says it will begin storing European TikTok user data locally this year, with the migration continuing through 2024.
Read more about TikTok here: Unpacking the recent government TikTok ban
In 2022, the company announced details of its European data center in Dublin, Ireland. As part of Project Clover, TikTok has confirmed two more data center sites. A second data center is located in Dublin and a third in the Hamar region of Norway.
Once operational, these three data centers will have a total annual investment of €1.2 billion.
government perspective
The Danish Cyber Security Center (CFCS) is one of a number of groups that issued an advisory against the use of TikTok on official devices used by government agencies on March 1st.
At the Logpoint ThikIn conference in Copenhagen on March 8, 2023, Mark Fiedel, head of cybersecurity analysis at CFCS, said one of the main reasons they’re talking about TikTok is that a lot of people think about the app. I said it was because I was being questioned. However, the security issue itself is not new.
“I’ve received a lot of questions about TikTok as an app. I’ve given guidance on security and mobile devices for years before telling the public about this,” he explained.
“If you want to maintain a high level of security, it’s a good idea to separate work and personal life functions,” he outlined. “Use only a few relevant apps on mobile devices at work.”
He said this was “basic” and nothing new to him.
The reason for the advice against using TikTok on certain devices is that the CFCS is concerned with cyber espionage, and that government agencies as a general organizational group have no access to information required by other states. Because you can access it.
For other non-governmental organizations, CFCS recommends conducting a risk assessment of what is important to a particular business and how work devices are used.
“People should use common sense and be concerned about what apps they have on their devices and what access and permissions they have,” he added.
As part of the European Commission’s ban on the use of the app, approximately 32,000 full-time and contract employees will have until March 15, 2023 to remove the app.
Image credit: Ti Vla / Shutterstock.com
