Just five years after TikTok launched in Europe, more than 134 million people across the European Union come to our platform each month to express themselves, learn a new hobby or skill, build their businesses – and increasingly, to hear from the politicians that represent them, or would like to.
Theo Bertram, Vice-President of Public Policy Europe.
As our platform has grown, so has our responsibility. We know that building trust through our actions and ensuring the safety, privacy and security of our community is critical.
Last week our CEO Shou Chew visited Europe, for the second time this year, to update French President Emmanuel Macron, German Ministers and EU Commissioners on the action TikTok is taking on safety and security, including additional protection put in place for teenagers.
In Brussels, Berlin and Paris he set out the significant effort and resources that TikTok commits to countering misinformation, removing harmful content and complying with the EU’s Digital Services Act.
He also updated them on developments on Project Clover, our industry-leading initiative to further enhance data security for people using TikTok in Europe.
It was encouraging to hear President Macron, EU Commissioner Thierry Breton and German Digital Minister Dr. Wissing all recognise the progress we are making in implementing the Digital Services Act.
Over 1,000 people across our business worked to get us ready to comply with the legislation from day one and we implemented significant changes to the TikTok product experience.
We currently have more than 6,000 moderators focused on content in Europe. TikTok is also a signatory to the original Code of Practice on Disinformation and we are proud of the part we played in the co-regulatory process to draft the strengthened Code.
But regulatory compliance should be a floor, not a ceiling, in our efforts to keep our community safe. We are determined to go further, which is why we launched Project Clover, our own initiative which will set new standards for data security in Europe.
Project Clover is based on several core tenants: storing European user data in Europe, building additional protections, checks and restrictions around that data, and subjecting our data security procedures to oversight from an independent third-party security company.
We will be investing €1.2 billion annually in three new data centres in Europe. Our first data centre in Dublin, Ireland is online and migration of European user data to the centre has begun. Our other two data centres in Norway and Ireland are under construction and will come online next year.
But we’re not waiting for these data centres to be completed before implementing our additional data security measures: we’re doing it now.
We recently announced that globally respected cybersecurity firm NCC Group are the independent security provider for Project Clover. NCC Group is TIBER-EU accredited and a UK National Cyber Security Centre (NCSC) approved CHECK company. NCC will independently audit our data controls and protections, monitor data flows, provide independent verification, and are able to speak to regulators and government agencies independently of TikTok.
We are also building additional security gateways around our European data through which any data transmission or access will have to first pass. The gateways will determine the employees who are allowed limited access to European user data, provide additional checks and protections and significantly restrict that access even further. Employees based in China will not be able to access European restricted user data stored in our new European data enclave. Data designated as restricted data includes personal data such as email address, phone number, IP address. While our three European data centres come online, this enclave is being hosted in the interim in the US.
NCC Group will perform 24/7, 365 day security monitoring of these security gateways and perform source code reviews of them to identify any vulnerabilities. They will monitor data coming in and out of the secure environment to independently validate that only approved employees can access limited data types and perform ongoing security assessments of the gateways, the TikTok app, our data centres, and other TikTok infrastructure.
All of these controls, checks and operations are designed to ensure that the data of our European users is safeguarded in a reinforced protective environment, and can only be accessed by approved employees subject to strict independent oversight and verification.
We believe taken together, Project Clover will see us move from meeting industry standards to setting a new standard altogether in European data security.
TikTok has become an integral part of many people’s lives in Europe. The visit by our CEO last week reflects our ongoing commitment to and investment in our thriving community here. Our commitment to building the safest and most secure platform for them is what drives us each day, so that the 134 million EU citizens who love our platform can continue to find in it a source of inspiration, creativity and joy.