In an era where data security is paramount, TikTok has taken a transparent stance to dispel misconceptions and educate its users about its data handling practices. From managing personal information to outlining its approach towards data storage, TikTok is committed to ensuring its platform’s reliability, safety, and security. This is evident in the company’s decision to rename its series to TikTok Facts, where it delves into the specifics of its data protection measures.
“Security is a critical part of maintaining the integrity and safety of our platform.” – TikTok.
Ensuring Data Security and Privacy
TikTok has a global workforce dedicated to safeguarding the information of its community. The company implements a range of controls, authorization protocols, and localized storage mechanisms to limit access to personal data. User data is stored in servers in the United States, Singapore, and Malaysia and is protected by physical and logical security controls. This includes gated entry points, firewalls, and intrusion detection technologies.
Controlling and Limiting Data Access
In its commitment to privacy, TikTok aims to limit data access to only those employees who require it to perform their job functions. This is managed through robust controls based on an internal data classification system, including encryption for specific data. Access to user data by employees, regardless of their location, is restricted based on necessity. This means when a TikTok employee needs to access user data for role-specific functions, such as debugging or troubleshooting, they are subject to comprehensive security controls and authorization protocols.
Protection of U.S. User Data
A carefully selected and approved team, known as TikTok U.S. Data Security (USDS), manages access to U.S. user data. Additional safeguards are also implemented, including an independent board to which USDS leaders and employees report. This oversight structure prevents unauthorized access to U.S. user data or systems.
Approach to Data Storage
TikTok takes a local approach to compliance as a global platform. It works closely with stakeholders to understand local concerns and meet regulatory commitments. The company remains dedicated to building on its efforts to be trusted and reliable partners through transparency and engagement in all its markets.
Data Storage for U.S. Users
As of July 2022, all new U.S. user data is automatically stored in Oracle’s U.S. Cloud infrastructure, with access managed exclusively by the TikTok US Data Security team. The USDS team is dedicated to ensuring every U.S. TikTok user feels safe and confident that their data is secure and the platform is accessible from outside influence. Oracle and a third-party source code inspector work together to ensure no unauthorized access to the systems, like “backdoors” or data leaks.
Data Storage for U.K. and European Economic Area Users
TikTok has introduced Project Clover’s initiative to create a secure enclave for European user data, aligning its data governance approach with the principle of European data sovereignty. While European TikTok user data was historically stored in the U.S., Malaysia, and Singapore, the company is migrating it to three data center operations in Dublin and Norway. Like the USDS model, a third-party European security company will monitor and audit TikTok’s data controls and protections, observe data flows, provide independent verification, and report incidents.