TikTok, the popular social media app, has recently hired British cybersecurity firm NCC to audit its data controls and protections, and provide independent verification as part of the company’s data security regime, nicknamed “Project Clover”. This move comes amid growing concerns about the company’s data privacy practices, particularly in relation to its Chinese ownership. Project Clover is TikTok’s response in Europe to implement measures to allay concerns it could be made to share user data with China.

Several government bodies have banned TikTok from staff phones due to concerns about whether China’s government could harvest users’ data to advance its interests. In response to these concerns, TikTok is opening three data centers in Europe - two in Ireland and one in Norway - to store user data locally. The first Irish data center is already online, and TikTok has started to migrate data. The remaining data centers will be up by the end of 2024.

“We’re ahead of the curve on this because we have to be - because we need to earn trust,” said Theo Bertram, TikTok’s Vice President of Government Relations and Public Policy in Europe.

Project Texas

Similar to Project Clover in Europe, TikTok also has Project Texas in the U.S. This initiative is dedicated to making every American on TikTok feel safe, with confidence that their data is secure and the platform is free from outside influence. The project is aimed at building trust with the American government and American users.

TikTok has created a new special purpose subsidiary called TikTok U.S. Data Security (USDS). USDS will be an entirely independent business entity tasked with managing all business functions that require access to user data identified by the U.S. government as needing additional protection and safeguarding the systems that deliver content on the app in the U.S.

One of the biggest aspects of the project is where U.S. user data is actually stored. Under Project Texas, all U.S. user data will be relocated to U.S. servers so that it never passes through Chinese servers.

TikTok’s Privacy Issues

TikTok’s privacy issues have been a topic of concern for some time now. The app has been accused of “aggressive” data harvesting practices, with some calling for it to be banned. Cybersecurity experts have warned that the Chinese government could use the app to harvest personal information from users, including in-app messages with friends and precise device locations.

A report by Australian-U.S. cybersecurity firm Internet 2.0 found that TikTok collects “excessive” amounts of information from its users. The report labeled the app’s data collection practices as “overly intrusive” and questioned their purpose. It concluded that “the only reason this information has been gathered is for data harvesting” .

By hiring NCC to audit its data controls and protections, TikTok is taking steps to address these concerns and demonstrate its commitment to user privacy. In the coming months, TikTok and NCC will engage with policymakers across Europe to explain how the system will work in practice.

In conclusion, TikTok’s decision to hire NCC for auditing its data security is a proactive step towards addressing concerns about its data privacy practices. By taking these measures, TikTok hopes to reassure users and regulators that their data is being handled responsibly and securely.