TikTok’s ownership by Beijing-based company ByteDance has raised security concerns, leading to a wave of bans on the app across Europe. In response, TikTok has announced a €1.2 billion ($1.3 billion) plan, known as Project Clover, to build three new data centers in Ireland and Denmark by 2024. The aim is to assure European governments that user data will not leave the jurisdiction, while also opening a European “transparency center” and hiring external consultants to assess cybersecurity.Despite these efforts, doubts persist. European politicians, along with US intelligence officials, worry about data access by Chinese authorities, censorship, and potential surveillance. While TikTok denies any data-sharing requests from Beijing and claims no identifying data reaches its Chinese headquarters, skeptics fear compliance with China’s telecom and security laws
TikTok’s popularity in Europe cannot be ignored, with 150 million users spending over 90 minutes daily on the platform. Yet, its association with China remains a constant threat to the app’s operations. Similar to the situation faced by Huawei, TikTok’s attempts to prove compliance and establish new governance structures may not be enough to quell concerns entirely.
“Huawei spent a decade going through all these processes of massive investment in PR and communications, and telling everyone [it was] a very normal business and putting in place particular processes for putting it in the UK, which was subject to all these additional checks,” Sharps says. “And in the end, it sort of just didn’t work.”
Several European countries have already banned TikTok’s use on official devices, with calls to extend the ban to political and economic decision-makers’ personal devices. To address this, TikTok is working towards legally enforceable data protection agreements between China and the EU, or even an EU-China no-spying agreement—an essential requirement for gaining the trust of European authorities.
Moreover, while Project Clover aims to protect European user data by migrating it to local data centers, there is still reliance on an “European enclave” in the United States. This temporary solution raises further skepticism, as European policymakers are wary of sending user data overseas.
“Until there is no legally enforceable data protection agreement between China and the EU, or at least an EU–China no-spying agreement, the data dragon TikTok must be placed under the constant surveillance of the European authorities,” says Körner. “Mobile phones are critical infrastructure. While the cybersecurity concerns remain, TikTok should be banned from the devices of European political and economic decisionmakers.”
TikTok’s investments in European infrastructure, though partially driven by public relations, demonstrate genuine commitment to complying with EU laws. However, the ongoing concerns and parallels with Huawei’s challenges in securing trust from governments highlight the uphill battle TikTok faces to convince European politicians and regulators.