In a letter to Liberal Senator James Paterson, TikTok has admitted its staff in China can access millions of Australian users’ private data, despite the viral video app’s previous assurances that the information it gathered is stored in the US and Singapore.
The opposition's cyber security spokesman, Senator James Paterson, wrote to TikTok last week seeking clarification about local user data after the viral video app disclosed that its staff in China can access US user data through "approval protocols".
"I’ve written to Minister for Cyber Security Clare O'Neil to urge the Albanese government to take action to protect Australia's 7 million TikTok users given these concerning revelations," Senator Paterson wrote in a Twitter post.
According to TikTok's director of public policy in Australia, Brent Thomas, "only people who need the data 'in order to do their jobs' have access", in the correspondence replying to Senator Paterson's inquiry.
Thomas also quoted Roland Cloutier, the platform's chief security officer who stated that "we [TikTok] would never give Australian user data to the Chinese government", assuring the Senate select committee on foreign interference through social media in 2020.
"TikTok Australia has replied to my letter and admitted that Australian user data is also accessible in mainland China, putting it within reach of the Chinese government, despite their previous assurances it was safe because it was stored in the US and Singapore," Senator Paterson wrote in another Twitter post.
However, Thomas affirmed "that no such request had ever been made", in response to questions on whether TikTok can "refuse a request by the Chinese government to hand over data, if one was made".
Research by Internet 2.0, a joint Australian-US cyber security firm has found that TikTok seeks an excessive amount of information from its users including device mapping to monitor all other apps running on a user's phone, hourly location checks, access to the user's calendar, access to user's contacts and it is also capable of pinpointing detailed information about the specifications of the user's phone.
Internet 2.0's researchers note "that much of the information being sought is not required to make the app work", which raises concerns as to why the data is being collected.
"The application can and will run successfully without any of this data being gathered.
"This leads us to believe that the only reason this information has been gathered is for data harvesting," Internet 2.0's researchers stated in the report.
The Internet 2.0 researchers warn that the "vast amounts of personal data" the viral video app has been harvesting could be "used by Beijing for intelligence purposes or cyber hacking".
In light of the admission, Senator Paterson has called for the Albanese government to take action in order to protect Aussie TikTok users.
"TikTok denies they would ever hand over data to the Chinese Communist Party, but this is very hard to believe given their national security laws."
"It’s time the Albanese government woke up and took action to protect the privacy of 7 million Australian users," Senator Paterson wrote in a follow up Twitter post.
[Related: Veterans complete SANS cyber course]