TikTok hires Britain’s NCC for auditing data security

STOCKHOLM (Reuters) – TikTok has hired British cybersecurity firm NCC to audit its data controls and protections, and provide independent verification, as part of the social media company’s data security regime, nicknamed “Project Clover”.

Several government bodies have banned TikTok from staff phones due to growing concerns about the company, which is owned by Chinese firm ByteDance, and whether China’s government could harvest users’ data to advance its interests.

As part of the regime, TikTok is opening three data centres – two in Ireland and one in Norway to store user data in Europe.

The first Irish datacenter is already online and TikTok has started to migrate data. The remaining data centres will be up by the end of 2024, Elaine Fox, head of privacy in Europe, said in a media call.

“We are not waiting for our European data centers to become fully operational … we have already started storing personal data for our EEA and UK users by default in a designated secure area known as the European enclave which is hosted in the interim in the U.S.,” she said.

In the coming months, TikTok and NCC said they will engage with policymakers across Europe to explain how the system will work in practice.

TikTok announced Project Clover in March amid growing pressure from lawmakers on both sides of the Atlantic over data security.

(Reporting by Supantha Mukherjee in Stockholm, editing by Ed Osmond)