As part of its Project Clover initiative, TikTok announced on Tuesday that it has opened the first of three European data centers and is in the process of transferring users’ data to the new facility, noting that the data migration will not be complete until Q4 2024.
The social media company first announced its plan to open European data centers in 2020, deciding on two locations in Ireland and one location in Norway, which it says will run entirely on renewable energy.
Until all three locations are fully ready, TikTok says it has begun storing the personal data of users in the EU, Switzerland, and the U.K. in a secure U.S.-based location.
A key part of Project Clover also involves data access solutions called “security gateways” that monitor which TikTok employees are allowed to access certain European user data. These were put in place after it was revealed last year that TikTok's parent company ByteDance had access to data from its global user base, sparking widespread government bans of the app on workers' devices.
“All of these controls and operations are designed to ensure that the data of our European users is safeguarded in a specially-designed protective environment, and can only be accessed by approved employees subject to strict independent oversight and verification,” the company wrote in a statement.
TikTok says its employees based in China will not be able to access any data stored in its European locations.
The platform has chosen NCC Group to provide third-party oversight, in charge of auditing TikTok’s data controls and protections as well as monitoring data flows, providing independent verification, and reporting any incidents.
The cybersecurity company's global director of privacy Stephen Bailey said in a statement that by allowing NCC Group's oversight, TikTok is going “above and beyond European regulatory requirements.”