Building on its 2021 data governance strategy for Europe, TikTok is storing European users’ data locally, minimising data transfers, and reducing employee access. Tik Tok’s data separation project is a response to concerns and a DPA investigation over employee access to EU citizens’ data in China, where its owner, ByteDance, is located.

TikTok began data migration to a Norwegian data centre in 2024(1) and additional data centres have since been set up under “Project Clover”(2) in Ireland and the US to ensure that its employees based in China cannot access restricted data.

A spokesperson for TikTok told PL&B that under Project Clover, European user data is divided into two categories; “restricted data” and “allowable data”. Data is classified as restricted data unless it falls into the three categories of allowable data and includes things such as email addresses, phone numbers and IP address. “There is no access to restricted data stored in our European data enclave from employees in China,” TikTok says.