TikTok attempts to sooth EU over privacy and security concerns

Social media app TikTok has launched Project Clover, which seems to be designed to alleviate fears that vast quantities of user data could be accessed by the Chinese state.

Andrew Wooden

March 8, 2023

4 Min Read
tiktok logo

Social media app TikTok has launched Project Clover, which seems to be designed to alleviate fears that vast quantities of user data could be accessed by the Chinese state.

Project Clover was introduced via a blog post by TikTok’s Vice President, Government Relations and Public Policy – Europe Theo Bertram, in which he described it as ‘a program focused on creating a secure enclave for European TikTok user data’, and is designed to ‘strengthen existing protections and further align our overall approach to data governance with the principle of European data sovereignty.’

Noises from various Western political bodies questioning the safety of TikTok with regards to user data have been getting louder, and recently the European Commission banned staff from having the app installed on work phones, as did the US House of Representatives, reportedly.

Since it is owned by Chinese firm ByteDance the criticism of TikTok are similar to that used to justify the Huawei ban –  at any moment the CCP could get involved and demand to get its hands on the data, and perhaps do something malevolent with it.

So what does Project Clover entail? Firstly, an enhancement of data access controls, achieved by adding security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe. This will apparently add another level of control over existing data access processes.

To make sure this is all done above board, TiKTok will apparently bring in a third-party European security company who will audit our data controls and protections, monitor data flows, provide independent verification and report any incidents.

It’s also looking into ‘pseudonymisation’ of personal data so that an individual ‘cannot be identified without additional information and aggregation of individual data points into large data sets to protect the privacy of individuals’, and says it will store all European TikTok data locally by opening  a couple of new data centres in Norway and Ireland.

“Project Clover reinforces our commitment to a European data governance approach that places the safeguarding of user data at its core and aligns with the principle of data sovereignty, says Bertram. “We believe that its implementation will ensure that the 150m people who come to TikTok every month enjoy industry-leading data protection and security.”

If that wasn’t enough to convince everyone, the announcement even threw a bit of green messaging into the mix, saying the new data centre on Norway will run on 100% renewable energy, and will ‘recycle excess heat, which will be made available as an energy resource for new and existing activities in the surrounding area.’

In December a group of politicians in the US put together a bill that would ban TikTok entirely. Representative Gallagher rather colourfully described the motivation to do so as: “TikTok is digital fentanyl that’s addicting Americans, collecting troves of their data, and censoring their news. It’s also an increasingly powerful media company that’s owned by ByteDance, which ultimately reports to the Chinese Communist Party – America’s foremost adversary. Allowing the app to continue to operate in the U.S. would be like allowing the U.S.S.R. to buy up the New York Times, Washington Post, and major broadcast networks during the Cold War.”

There have been similar statements from politicians in the UK, and alongside the recent staff ban the European Commission said in a statement: “This measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission. The security developments of other social media platforms will also be kept under constant review.”

The argument for kicking out Huawei was that since telecoms is such a vital part of the economy, if snooping/manipulation into western networks via some backdoor method might be possible then we can’t take the chance. It’s a slightly different situation with TikTok, since youngsters embarrassing themselves in short form videos couldn’t be said to be intrinsic the functioning of a country, but it does generate a data lake of personal information.

The argument here seems to be more like if the CCP wanted to dip into that for some purpose, private companies in China don’t have much in the way of pushing back, to put it lightly.

It should be added that in terms of gathering tons of user data, it’s the same picture at all the US based social media apps – collecting profiles in order to better target ads is the business model. And while we’re imagining problems with collecting vats of data on people, surely in a world where it seems no firm or organisation can entirely defend itself from concerted cyberattacks, we could theoretically foresee some problems effecting Instagram and Twitter as well.

As with the Huawei ban, it is hard to separate what might be legitimate security concerns from geopolitics. Degrading relations between the US and its allies and China is spreading into all sorts of arenas it seems, and even an app largely populated with cringeworthy lip-synching detritus can become a battlefield.


Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.

About the Author(s)

Andrew Wooden

Andrew joins Telecoms.com on the back of an extensive career in tech journalism and content strategy.

You May Also Like