Since 2018, TikTok, the Chinese-based video-sharing platform, has faced relentless criticism over its alleged mishandling of data security. Initially, the United States banned the app’s use on all government-issued phones, setting off a domino effect that led to similar actions in Australia, Germany, the UK, and New Zealand.
Despite TikTok’s efforts to reassure the public that it doesn’t transmit user-generated data to servers in Beijing, the leaders of major Western nations remained unconvinced and skeptical of these explanations.
To address these lingering data security concerns, Byte Dance, the parent company of TikTok, has taken the proactive step of enlisting the expertise of the UK-based cybersecurity firm NCC to conduct a thorough review of its data storage and security practices, with the aim of producing a comprehensive report.
This independent review, conducted entirely separate from the GCHQ cyber arm NCSC, will scrutinize all the controls and safeguards in place within the world’s most popular social media platform.
This initiative is part of the broader “Project Clover” program, designed to ensure the secure transit of European user-generated data to TikTok’s recently established data center in Dublin. This move aligns with the General Data Protection Regulation (GDPR) laws that came into effect in 2018.
“Project Clover” represents TikTok’s commitment to safeguarding user data against potential espionage and unauthorized access. As part of this commitment, TikTok plans to store the data of its 150 million European users across three data centers: two in Dublin and one in Norway, with full operation scheduled for April 2024.
Beginning on September 5, 2023, the NCC Group will have the authority to conduct a comprehensive data audit, ensuring that user information is only accessible to authorized personnel and is maintained in secure environments.
With these measures in place, TikTok, a platform particularly popular among young and middle-aged women, can finally breathe a sigh of relief, as it seeks to dispel allegations from Western media sources that suggest Chinese intelligence may be misusing and analyzing user-generated data for its own interests.