TikTok European user data to be stored in three new data centres in Europe

TikTok has said that it is committed to storing their European user data locally by default, by establishing three new data centres in Europe. The first data centre in Dublin, Ireland, is now operational and migration of European user data to the centre has begun. The other two data centres in Norway and Ireland are under construction.

They have engaged a third-party European security company to independently audit their data controls and protections, monitor data flows, provide independent verification, and report any incidents. They are pleased to announce that NCC Group will conduct this oversight of their data security measures.

NCC Group is a globally respected, long-standing cybersecurity company with offices across Europe, including Germany, Portugal, the Netherlands, Spain, Denmark and the UK. Teams from several European offices and the UK will work on this programme. The NCC Group is TIBER-EU accredited and a UK National Cyber Security Centre (NCSC) approved CHECK company.

As the independent security provider, NCC Group will monitor data coming in and out of the secure environment to independently validate that only approved employees can access limited data types. NCC Group will perform ongoing security assessments of the new security gateways they are building around European user data, the TikTok app, their data centres, and other TikTok infrastructure.

NCC Group will also serve as a managed security services provider for their security gateways, performing real-time monitoring to identify and respond to any suspicious or anomalous access attempts and provide assurance on the integrity of the enhanced security controls operations. They will validate that network traffic of TikTok’s European user data must pass through the security gateways.

In the coming months, TikTok and NCC Group will engage with policymakers across Europe to explain how this comprehensive system will work in practice.

Stephen Bailey, Global Director of Privacy at NCC Group, said: “We’re proud that TikTok has recognised NCC’s cyber security track record and expertise and chosen us as the independent third-party security provider on this project. Our objective scrutiny, monitoring and assurance means platform users in Europe and the UK can have confidence in the enhanced data security standards that TikTok is setting, which go above and beyond European regulatory requirements.”