TikTok launched a new effort to assuage European leaders' worries over data security on Wednesday, as Western governments consider further bans on the video-sharing app. Their initiative came as the Czech cyber watchdog issued its own warning, describing the Chinese-owned video-sharing app as a security threat.
Western powers, including the European Union and the United States, have taken a tough approach to the app, which is owned by Chinese company ByteDance. They are worried that Beijing could access sensitive user data from around the world.
TikTok executives said the company was working with a third-party European security company to oversee and check how it handles European users' data, which will be stored at two centres in Dublin and one in Norway from 2023 onwards.
European users' data are currently stored in the United States and Singapore. TikTok insisted this project would also reduce its own employees' access to user data. The company has refused to name the partner, but the three centres will cost 1.2 billion euros ($1.3 billion) annually and the project began six months ago, Theo Bertram, TikTok's vice president of European public policy said in an online briefing.
TikTok already has a similar deal in the United States with Silicon Valley giant Oracle to keep US users' data in the country. "In the same way we have done... in the US, we'll build a secure environment around that data to prevent access from outside of the region," Bertram said.
As the company pushes a new charm offensive to convince lawmakers there is nothing to worry about, TikTok's general counsel Erich Andersen is in Europe this week. He held talks with policymakers in Brussels and London. Bertram said Andersen would also speak to officials in Paris and The Hague.
Andersen will meet French Digital Minister Jean-Noël Barrot on Friday, Paris said. The EU's governing institutions told staff in recent weeks to purge the app from smartphones and laptops used for work purposes.
US lawmakers are pushing a bill that would make it easier to ban the app, coming hot on the heels of a US Congress-ordered purge from all government-issued devices. Some national governments in Europe have also restricted TikTok for government employees, and others are considering how to address cybersecurity concerns that arise from the app.
The Czech Republic became the latest to issue warnings on Wednesday. Its National Cyber and Information Security Agency (NUKIB) said it was concerned because TikTok's parent company, ByteDance, "falls under the legal jurisdiction of the People's Republic of China".
The Czech government, while part of the EU, has not introduced a ban so far. But in a report last year its intelligence agency, the BIS, singled China out as a major threat targeting Czech cyberspace. TikTok says it has over 150 million users in Europe, including the United Kingdom.
The EU has pointed to concerns over data protection, but TikTok has always strongly denied China has any control or access. "The Chinese government never asked us for data, and if they would, we would refuse to do so," Bertram said. While a 2017 law requires Chinese companies to assist the government in matters of national security, Bertram said that as TikTok is not itself a Chinese company it would not have to hand over data.
The Irish privacy regulator is investigating ByteDance over whether it violated the EU's data protection law, the GDPR, with its processing of children's personal data and transfers of data to China.