TikTok has signed a contract to build a data center in Dublin, Ireland. From 2023, the Chinese social medium will store the data of European users here. With this, the platform hopes to allay concerns about the processing and storage of this data.
That writes Elaine Fox, the head of the department that deals with privacy, in a blog.
Data exchange much more difficult due to the end of the Privacy Shield
Since the European Court of Justice ended the Privacy Shield in the summer of 2020, European and other international companies, including TikTok, have been struggling with issues such as data storage and data exchange. Since then, companies and organizations that process personal data and other data flows of European citizens have to work with model contracts. These are legal documents in which agreements on data storage and security measures are laid down.
In practice, however, this rarely happened. To enforce compliance, the Austrian privacy movement Noyb sent 101 complaints to national regulators in 30 countries. After more than a year and a half of negotiations, the European Union and the US reached an agreement in principle at the end of March. In the coming months, politicians will dot the i’s and cross the t’s.
That wasn’t the only thing that bothered TikTok. The Chinese social network has been under fire for some time for its data collection practices. In the Netherlands, there are various parties that demand billions from the company, because it would violate European privacy and consumer legislation. The Consumers’ Association and the Take Back Your Privacy Foundation demand more than 2 billion euros from TikTok. The company accused the company of “outrageously” abusing young children to make “gross profits”.
The Mass Damage & Consumer Foundation is claiming compensation of 6 billion euros from TikTok. The platform claims to collect as much information from users as possible in order to create user profiles and offer targeted advertisements. Furthermore, TikTok is not open and honest about the data it collects and processes data of young children without a lawful basis.
The Market Information Research Foundation (SOMI) demands an amount of 1.4 billion euros from TikTok. According to the foundation, the platform does not comply with the transparency obligations mentioned in the General Data Protection Regulation (GDPR). The Irish Data Protection Commission (DPC) launched two investigations into the platform in September 2021. The regulator looks at, among other things, the age verification methods of the social network, and whether the data exchange of European users to China complies with the GDPR.
TikTok is going to restrict data flows
TikTok is trying everything to regain trust in privacy and data sharing. Last year, in January and August, the company announced measures to protect the privacy of young children on the platform. For example, since last year, all accounts of 13 to 15-year-olds have been set to private, young people’s response options to videos have been limited and the Direct Messaging option for 16 and 17-year-olds is set to ‘Nobody’ by default.
TikTok goes one step further. In a blog post, privacy chief Elaine Fox announced today that the company no longer stores data of European users in Singapore and the US. From the beginning of 2023, this data will be stored on the servers of a data center in Dublin. Why not directly? For the very simple reason that the data center has yet to be built.
“A regional approach to data governance allows us to stay aligned with European data sovereignty goals,” said Fox. “At the same time, we are minimizing data flows outside the region in a way that allows us to maintain the global interoperability needed to ensure our users in Europe can stay in touch with our strong community of 1 billion users.”
Improve data storage
Fox promises that TikTok currently uses model contracts to exchange data from Europe with non-European countries. To provide the same level of protection as in Europe, the company has taken additional technical and organizational measures. “In practice, this means that all personal data is protected by a strong set of physical and logical security controls, along with various policies and controls over employee access to the data,” said Elaine Fox.
She continues her story. “TikTok is also committed to providing an entertaining and fun platform for the European community while protecting privacy and data. This large-scale expansion of our activities and staff are concrete steps that show what that commitment to Europe looks like in practice.”
Fox promises that TikTok is constantly working to improve data storage in Europe and beyond. “In addition to our local data governance strategy, we will continue to implement more features and controls to protect European user data and further minimize the transfer of data outside the region. Our approach reflects our commitment to being accountable to our thriving community, while further enhancing the protection of their personal data.”
Catch up on more articles here
Follow us on Twitter here