July 19, 2022
Home Affairs and Cyber Security Minister Clare O’Neil has warned Australians about giving up personal information to social media companies, following labelling of TikTok’s data collection as excessive.
On Monday, The Australian Financial Review reported analysis by Canberra-based cybersecurity and intelligence firm Internet 2.0 that revealed TikTok checks its users’ device location at least once an hour; continuously requests access to contacts even if the user originally denies; maps a device’s running apps and all installed apps; and more as part of broad permissions asked of users.
TikTok said its data collection was in line with industry standards to help the app function, operate securely and improve user experience.
Ms O’Neil said that the Australian government has the report and has been aware of the issues it raises for some years.
“They are complex and difficult and don’t just relate to TikTok,” she said.
“Australians need to be mindful of the fact that they are sharing a lot of detailed information about themselves with apps that aren’t properly protecting that information. I hope it concerns Australians because it certainly concerns me.”
Ms O’Neil also said that the Australian Competition and Consumer Commission’s digital platforms inquiry had asked the Coalition government three years ago to undertake work in data collection by social media companies “which they did not progress, which is regrettable”.
Social media apps, in general, collect huge amounts of data, much deemed unnecessary by many privacy experts, largely to profit from driving further engagement and selling targeted ads. For example, Facebook Messenger was signalled out by OpenDemocracy for its excessive data collection, which included name, email, location, user ID, iMessage, photos and videos, health and fitness, and more.
Last week, the Financial Review revealed an admission in a letter to Liberal Senator James Paterson by TikTok that Australian user data was accessible by its employees in mainland China. Senator Paterson wrote to TikTok earlier in July seeking clarification about local user data after a similar admission to US lawmakers.
The admission that Australian user data can be accessed by employees in mainland China has raised concerns by politicians and security experts about the safety of that information due to reports and research on the links between ByteDance, TikTok’s parent company, and the Chinese Communist Party, and the spreading of propaganda and censorship.
The analysis by Internet2.0 said the version of the TikTok app that runs on Apple devices “had a server connection to mainland China”. TikTok rejected the claim, asserting the IP address was in Singapore. Internet 2.0 countered that it found multiple subdomains resolving to locations across the world, from the US, to Europe, Australia, and China.
China’s National Intelligence Law of 2017 requires organisations and citizens to “support, assist and co-operate with the state intelligence work”.
The legislation was a major consideration for the Australian government’s 2018 ban of Chinese telecommunications companies, including Huawei and ZTE, from providing equipment in the rollout of 5G mobile phone networks.