TikTok is set to establish two new data centres in Europe as the Chinese social media platform looks to comply with local data laws.
The company, which has more than 150 million users across Europe, said that it’s finalising a plan for a second data centre in Ireland with a third-party service provider.
It's also in talks to secure a third data centre in Europe. It didn’t specify where, though it said it will complement its Ireland operations.
European TikTok user data is set to begin migrating this year and continue into 2024.
“We also remain focused on building trust with our community by demonstrating to them that their data is secure,” said Rich Waterworth, general manager of operations, Europe, at TikTok.
“We're continuing to deliver against the data governance strategy we set out for Europe last year, which includes further reducing employee access to European user data, minimising data flows outside of Europe, and storing European user data locally.”
TikTok tightens data protection
TikTok announced in April 2020 that it would establish a data centre in Ireland, its first in Europe, with the intent to store European user data at the facility.
The following year, the company also revealed its data governance strategy, underlining that it was committed to Europe’s data protection regulations.
In April 2022, TikTok gave an update on this data governance strategy for Europe and revealed that it had finally signed a contract for a data centre in Dublin to store UK and EEA user data through a third-party service.
Operations at this site were expected to commence in early 2023. A spokesperson from TikTok told IT Pro that it plans to start the migration of Europe user data beginning in Q2.
TikTok has stored global user data overseas, in locations like Singapore or the US. However, it said it wanted to provide a localised solution which would help it to comply with European data sovereignty laws.
“Chinese-owned TikTok is under pressure to assure its international customers that the user data it holds is secure and safe from being accessed by the Chinese state,” said John Abbott, infrastructure analyst at 451 Research, part of S&P Global Market Intelligence.
“It’s part of a broader data governance plan set out by TikTok intended to reduce the flow of European user data outside of Europe.”
Abbott said that Ireland has been chosen as a location for data centres as it’s popular with hyperscalers, like AWS, Google, and Microsoft, as well as colocation providers like Digital Reality and Equinix.
Why technology, cyber and privacy risk management are critical for digital transformation
How ServiceNow Integrated Risk Management helps you embrace the digital future
“Opening data centres nearer customers has two benefits: It can help reduce lag by allowing access to data locally rather than thousands of miles away in China,” said Frank Jennings, partner and head of commercial at Teacher Stern LLP.
“It can also help assuage concerns over the transfer of personal data to China, a regime that doesn’t have a strong human rights record, let alone data protection laws comparable to GDPR.”
Jennings said that keeping data in the EU won’t fix all the problems facing the company on this issue.
“It wasn’t that long ago that a New York District Court forced Microsoft to hand over customer data it was holding in its Dublin data centre under the aptly named “Clarifying Lawful Overseas Use of Data” – aka the Cloud Act,” he said. “No doubt the Chinese government will have such powers too.”
The new data centres are a good start, said Jennings, but won’t be enough to address the underlying issue.
In June 2022, the head of the FCC in the US urged Apple and Google to remove TikTok from their app stores due to the way it handled data.
FCC commissioner Brendan Carr said the app collects vast troves of sensitive data on its users. He pointed to a report which stated that ByteDance officials, the company which owns TikTok, had accessed the app’s sensitive data which had been collected from US citizens.
