The federal Treasurer says he is concerned that social media platform TikTok’s China-based employees are able to access Australian user data.
Key points:
- TikTok has confirmed China-based employees can access Australian data
- Chinese cyber security laws compel social media companies to hand over information if requested
- The company says its US-based security team limits data access only to employees who need it
Responding to a letter from Shadow Cyber Security Minister James Paterson, TikTok admitted its staff in China were able to access Australian data.
“Our security teams minimise the number of people who have access to data and limit it only to people who need that access in order to do their jobs,” the company’s Australian director of public policy, Brent Thomas, wrote.
“We have policies and procedures that limit internal access to Australian user data by our employees, wherever they’re based, based on need.
“We have never provided Australian user data to the Chinese government, we have never been asked for Australian user data by the Chinese government, and we would not provide it if we were asked.”
The letter comes after reports in US media that American TikTok data was able to be accessed and had been accessed in mainland China.
Senator Paterson said TikTok’s claim that Australian data cannot be compromised was not credible.
“TikTok denies they would ever hand over data to the Chinese Communist Party but this is very hard to believe given their national security laws,” he wrote.
“It’s time the Albanese government woke up and took action to protect the privacy of 7 million Australian users.”
Treasurer Jim Chalmers told TikTok users to be careful about what they did on the platform.
“Those concerns have been there for some time, and we take advice from our various national security agencies,” Mr Chalmers said.
“Australians need to be careful online and we need to recognise the risks of participating in some of those platforms.”
Chinese law requires TikTok to share user data
Chinese cyber security laws require Chinese companies to store certain data and allow Chinese authorities to conduct spot checks of their operations.
The laws also compel social media companies to hand over information if requested by Beijing.
Australian TikTok data is held on servers in the US and Singapore, and its security team, which provides authorisations, is US-based.
Mr Thomas wrote that Australian data integrity was of the “utmost importance” and at the core of its daily operations.
Cyber security expert Fergus Ryan from the Australian Strategic Policy Institute said the social media platform’s assertion it does not share data with Beijing could not be believed.
“They can’t [refuse an order for data], and even further than that, if the authorities in China sought to access any of the data that they had collected … TikTok and Bytedance, the parent company, would legally not be allowed to talk about the fact that data had been accessed,” Mr Ryan said.
Mr Ryan said over the years Beijing “has demonstrated it has an insatiable appetite for data”, and Australian data collected by TikTok could be used to help build “vivid” profiles of people’s lives.
“It’s up to individual TikTok users to decide for themselves how comfortable they are with their data being accessible from China,” Mr Ryan said.
“But for TikTok users to make that decision, TikTok needs to be up-front about the fact that their data is accessible from China, and is being accessed.
“There are users of TikTok who might be teenagers now, but in a few years’ time might be working in sensitive areas of the Australian government, for example.”
Mr Ryan said while the federal government should not rule out banning the platform, former US president Donald Trump’s attempt to do so proved bans do not always work.
Rather, the government should consider introducing regulations that require the platform to be transparent with its data, and label state-affiliated content from China.