TikTok unveiled new measures Wednesday to protect European user data as it takes steps to head off further government bans on employees using the Chinese-owned video-sharing app on their work phones.
The company aims to create “a secure enclave for European TikTok user data," Theo Bertram, vice president for European government relations and public policy, said in a blog post. TikTok will tighten access to user data in a process overseen by outside auditors as well as beef up privacy protection.
TikTok is under pressure in Europe, where it has 150 million users, the US, and other countries that fear the app could pose risks to cybersecurity and data privacy. Western officials also worry that the Chinese government could use parent company ByteDance to push pro-Beijing narratives and misinformation.
The European Union's executive branch, parliament, and council have ordered staff to delete TikTok's app from devices used for official business, mirroring action by US states, the federal government, Denmark's defense ministry, and Canada.
A top EU official also has warned TikTok's CEO that the company must comply with the bloc's tough new regulations for online platforms.
Bertram, the TikTok vice president, provided more details Wednesday on plans to localize data storage with servers based in Europe, where there are stringent rules on protecting user information. The new data centers will be operated by third-party service providers, which weren't identified.
The tactic is similar to TikTok's approach in 2020 when it teamed up with database software company Oracle to avoid a US ban from then-President Donald Trump's administration.
TikTok will set up a second data center in Dublin and a third one in Norway's Hamar region, Bertram said. The company previously announced that it would open its first European data center in Ireland and said last month that it was adding two more, without providing details.
In the US, TikTok routes all data to servers controlled by Oracle, though it's also storing backups on its servers in the US and Singapore. The company has said it expects to delete US user data from its servers but hasn't specified when.
The new measures include “security gateways” to add an extra layer of control, determining whether company employees can access data on European TikTok users and whether the data can be transferred outside of Europe. A European security company will be appointed to audit the process, Bertram said.
To improve privacy, the company will work with third parties, which it didn't identify, to use technology that will make it harder to identify people from personal data.
CEO Shou Zi Chew is set to testify next month before Congress, where US lawmakers will grill him on privacy and data security practices as well as TikTok's relationship with the Chinese government.