TikTok to open cyber-security centre in Ireland

The Chinese social media giant has announced that Dublin will be the first location of what it calls regional 'fusion centres' around the world, designed to help the company respond to security incidents in real time, 24 hours a day.

Roland Cloutier, the platform’s chief security officer, said these centres are intended as the next step for TikTok to ensure security is “built-in from the start”.

“When people use TikTok, we know they’re entrusting us with their data and we take our duty to protect that data very seriously,” he said. “Our global security organisation operates a ‘follow the Sun’ approach, so that people on teams around the world are always focused on protecting people’s information and ensuring that our next-generation entertainment platform can anticipate and stay ahead of next-generation security threats.”

The new Dublin centre will create over 50 new jobs in security, privacy and policy. Recruitment is already underway, with a focus on acquiring people with "diverse" skill sets and experience of solving "converged security challenges".

Cloutier said the Dublin site will “advance our on-platform threat discovery to protect our community; accelerate the delivery of next-generation cyber-threat monitoring, and assemble cyber investigations and working groups to tackle digital crime”.

He added that while these latest security efforts will be led from an existing centre based in Washington D.C. in the US, the Irish centre will play a “critical role” in helping the platform “identify, evaluate and eliminate risks” to the platform and its users.

TikTok has existing centres based in Ireland, including an EMEA Trust and Safety Hub and its European data and privacy hub focused on transparency and accountability. The new 'fusion centre' will be TikTok's first European security hub, with the company saying that this offers further evidence of its ongoing investment in Europe and underscores the strategic importance of Ireland to its global operations.

Leo Varadkar, Ireland's Tánaiste (deputy head of government), said: "I'm really pleased TikTok has chosen Dublin as the location for its first regional 'fusion centre'. This new centre will detect and respond to critical incidents as they happen and will help improve online safety for TikTok users worldwide.

"This announcement underlines the company's continued commitment to our country and will allow it to continue to benefit from our rich and highly skilled talent pool. I wish the team at TikTok the very best in their expansion plans."

Cloutier added that TikTok is looking to tap further into Ireland's "strong talent pool" as it adds more security roles in the coming months.

"There's a strong university system and there's this strong international talent following in Ireland that brings people from all over the world to Ireland," he said. "It's really impressive the number of resources we've been able to find."

Today's news echoes a similar story in August 2020, when TikTok announced its plans to build a $500m (£375m) data centre in Ireland. That facility was intended to store the videos, messages and other data generated by TikTok's European users. Until that time, all user records were stored in the US, with a backup copy held in Singapore.

At that time, TikTok was under pressure from then-President Donald Trump, who was waging what was effectively a one-man war against the popular video-sharing app, ostensibly on the basis that its parent company, ByteDance, is Chinese owned and thus constituted a national security risk.

An executive order signed by Trump in August 2020 forbade transactions with ByteDance and also WeChat parent company Tencent, claiming that the Chinese apps were threats to national security, foreign policy and the US economy.

The situation escalated in September, with the US moving to ban downloads of the TikTok and WeChat apps in order to “combat China’s malicious collection of American citizens’ personal data”. Twitter, Oracle, Microsoft and WalMart were amongst the big US corporations in the frame to acquire TikTok's US operations.

Later that month, it was suggested that ByteDance had chosen Oracle over Microsoft as its preferred candidate to manage TikTok in the US, should the Chinese company be obliged to exit the US market. Trump continued to accuse TikTok of acting as a tool for espionage by the Chinese Communist Party.

However, as Trump's re-election hopes faded later in 2020, so did the existential threat to TikTok in the US. New US President Joe Biden has since repealed and replaced Trump’s TikTok executive order, as the new administration takes a more nuanced, less hysterical approach to the perceived threat from China.

Concerns about Chinese-owned software companies are still valid currency amongst cyber-security experts. TikTok, like many other social media platforms, harvests a considerable amount of personal information from its users on an ongoing basis. The standard terms and conditions of its privacy statment, very infrequently read by its users, most of whom are teenagers, allow TikTok access to a user's address book, their age, GPS coordinates, IP address; device information and other unique identifiers; all activity on the app, including comments, photos and videos; web browsing data outside of TikTok, gathered by cookies, plus much more data collected by third-party widgets. Even keystroke patterns and screen taps are logged by the app.

Despite ByteDance's protestations that it protects the privacy of its users, critics say that the Chinese Communist Party could demand full access to the data under its National Intelligence Law at any time.

TikTok's decision to open new centres in which to host user data outside of both the US and China is possibly intended to avoid these accusations that it may be complicit with the Chinese government, as well as better positioning the company to avoid any future legal complications in specific economic and global regions. Previously, ByteDance stored its user data for all countries outside China in the US, which left the country open to political pressure.