The Chinese social media giant is attempting to head off a general ban threatened by both the EU and the US
This week, TikTok announced a new European data security regime in an attempt to assuage security fears that have already led to limited bans on both sides of the Atlantic.
The new regime, nicknamed Project Clover, is “a clear data governance strategy for Europe based on the principles of storing data locally; minimising data transfers outside of the region; and further reducing employee access to TikTok user data”, the company said.
Trying to avoid a complete ban
The announcement comes close on the heels of the European Parliament, European Commission and the EU Council banning TikTok from staff phones due to growing security concerns about the company. The EU decision in February follows a similar move in the US, where the House of Representatives banned all staff use of TikTok in December.
The legislators fear that TikTok, which is owned by Chinese firm ByteDance, could provide China’s government with a way to harvest users’ data or advance its interests via the app.
The EU decision follows several warning shots fired by Italy’s Data Protection Authority (DPA) as well as the EC’s Commissioner for Internal Market, Thierry Breton, who has accused TikTok of violating the EU’s Digital Services Act (DSA).
Project Clover is most likely designed to prevent the governmental ban being extended to the general public.
Regime is based on TikTok’s US approach
TikTok has launched a similar program in the U.S., nicknamed Project Texas, in an attempt to placate hostile lawmakers in Washington. The company now plans to expand this strategy to the EU.
“Building on our data security approach in the US, we are further enhancing these controls by introducing security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe”, they claim. This move will add another level of control over data access, according to TikTok.
“Any data access will not only comply with the relevant data protection laws but also have to first go through these security gateways and additional checks”, the company asserts.