It has been a long time coming, but TikTok says that its first European data center is finally operational — partially, at least — with the process of migrating users’ data to the new facility now underway.
The short-form social video giant announced it was opening a data center in Ireland way back in 2020, noting at the time that it expected to open in the region by early 2022. This timescale was subsequently pushed back to late 2022, and then again to 2023.
So, third time’s a charm, and all that.
The company confirmed that while the data migration has now begun, it likely won’t be complete until Q4 2024, by which point it should in fact have two (previously announced) additional data centers in operation — a second one in Ireland, plus another in Norway, which will apparently run entirely on renewable energy.
As an interim measure until the new data center(s) is fully operational, TikTok says that it has started storing the personal data of its European users — which includes those in the European Union, Switzerland, and the U.K. — in a dedicated secure enclave, though this resides in the U.S.
Project Clover
TikTok recently bundled its European data center efforts together with a bunch of additional data privacy and security efforts, calling it Project Clover. Part of this involved bringing in fresh data access and control processes, including “security gateways” that stipulate which employees can access European TikTok user data. This followed a controversial revelation the previous year, when TikTok confirmed that staff at its parent company in China could access data from users around the world, including those in Europe. This sparked countless governments around the world to ban TikTok on government devices due to security concerns.
And that, it seems, is partly what its temporary new enclave is all about. TikTok says that employees based in China won’t be able to access any data stored in the new enclave.
As part of its data privacy bolstering efforts in Project Clover, TikTok also previously revealed that it would engage the services of an independent security company to audit its data controls and practices. Today, the company confirmed that company’s identity: NCC Group, a publicly traded U.K.-based information assurance firm, with offices across Europe.
“NCC Group will perform ongoing security assessments of the new security gateways we are building around European user data, the TikTok app, our data centres, and other TikTok infrastructure,” wrote Theo Bertram, TikTok’s European VP of public policy, in a blog post. “NCC Group will also serve as a managed security services provider for our security gateways, performing real-time monitoring to identify and respond to any suspicious or anomalous access attempts and provide assurance on the integrity of the enhanced security controls operations.”
Bertram added that TikTok and NCC Group plan to work with European policymakers in the coming months to outline how its new data security system works.