In an attempt to combat distrust by politicians, TikTok is teaming up with security company NCC Group, the owner of the Dutch company Fox-IT. The company will monitor the data of European users of the popular app from China.
The data will be held in data centers in Ireland and Norway. The aim of TikTok’s measure is to regain the confidence of politicians in Europe in particular.
The fear is that the Chinese government can access user data via TikTok or carry out influence campaigns. The company has always denied these allegations. Recent research by NOS Stories in collaboration with security researchers revealed no evidence that the amount of data being collected goes beyond what other apps do or that users are being spied on.
Civil servant ban
In Europe, confidence in TikTok fell to an all-time low at the beginning of this year, including a ban on the app for European Commission officials. This was followed by a ban in various countries, including for civil servants of the Dutch government. No other well-known social media or video app faces the same kind of measures.
The company itself also emphasized that the stakes are high in a briefing held this afternoon for journalists. “This is an area for our business that requires significant long-term attention and investment,” said Theo Bertram, vice president of public policy in Europe.
The plan has been named ‘Project Clover’, a reference to the clover, the symbol of Ireland, where TikTok’s headquarters in Europe are located. The project is a ‘little brother’ of an even bigger plan from TikTok for the American market. This involves a far-reaching collaboration with Oracle; all data is on servers of the company, which also monitors any influence campaigns.
All European data will eventually be located in three data centers, two in Ireland and one in Norway. The process of moving that data has already begun, says TikTok. The whole process will take until the end of next year. By then, all three data centers will be online. In the meantime, all data is stored in separate environments in the US.
Monitor data
The NCC Group will monitor the data 24 hours a day, says Stephen Bailey, head of privacy at the company. “We look for suspicious or rogue traffic, including identifying security vulnerabilities.” The company will then advise how to solve this. NCC will also conduct “detailed” investigations into the source code to ensure that only approved software is installed.
In addition, the security company is investigating the platform itself, via the apps that TikTok offers for iOS and Android. The goal is to find security vulnerabilities or misconfigurations that could lead to problems. TikTok’s Bertram expressed the expectation that NCC Group will find business. He further pointed out that it is contractually stipulated that the NCC Group is allowed to consult with governments on security matters without the intervention of TikTok.
Tomorrow there will be representatives of TikTok in the House of Representatives. “Our goal is to be as helpful as we can, to help them understand the platform and explain how we protect our users’ data,” said Bertram when asked what the message is tomorrow. He further expressed the hope that the fact that NCC handles security “gives security to the government”.
It is unclear to what extent NCC’s Dutch subsidiary Fox-IT is still involved in the work that the security company does for TikTok. A spokesperson was not immediately available for comment.
- Tiktok deletes hundreds of accounts with Chinese propaganda
- From alternative timeline to stricter supervision: new EU rules for big tech
