TikTok executive admits Australian users’ data accessed by employees in China

Liberal senator and chair of the committee James Paterson, who has led the opposition’s push against the app, questioned how many times Australian user data had been accessed by TikTok staff based within China.

Farrell could not provide the number immediately, but admitted it did happen.

Farrell said there were “a number of protections in place”, including that employees only get the minimum amount of access to data to do their job, and when they access that data they need to provide a business justification that needs to be approved by their manager and the database owner within TikTok. If the data is being accessed across a national border, it has to be approved by the global security team based in the US, which also monitors all data access.

“Employees can’t get access without a clear justification and levels of approval,” Farrell said.

A similar security review would apply if an employee based in China tried to change the recommendations algorithm, he said.

The company’s local head of public policy, Ella Woods-Joyce, said China’s 2017 national security law – which requires companies to give the government any personal data relevant to national security – would apply to any company that had operations and staff in China.

When asked on what ground TikTok would refuse to comply with the law, Woods-Joyce said TikTok had never been asked for personal data by the Chinese government and would refuse if asked.

In October, TikTok’s ANZ managing director, Lee Hunter, claimed in a Daily Telegraph opinion piece that reports about TikTok monitoring the specific location of American citizens were false.

“TikTok has never been used to ‘target’ any members of the US government, activists, public figures or journalists, nor do we serve them a different content experience than other users,” he said at the time.

It was revealed in December that employees had used the app to attempt to identify the source of a leak to journalists.

Hunter told the committee that he stood by the sentiments expressed in his original article, and blamed “rogue employees” who had since been fired from the company for accessing the data.

He said “serious misconduct from these rogue employees” had taken place.

He said GPS location information was not collected in Australia.

Paterson took aim at another China-owned app, WeChat, which was asked to appear before the committee on multiple occasions but refused. The company has said it has no presence in Australia, and Paterson admitted this meant that the parliament could not compel the company to speak to the committee.

Paterson indicated the failure to appear could lead to adverse recommendations against the app in the committee’s report.

“Compelling evidence has been put to the committee by expert witnesses that WeChat engages in surveillance, censorship and foreign interference on its platform,” he said. “WeChat has an estimated userbase of 1 million people in Australia, yet does not have an Australian presence and does not feel the need to even pretend to participate in the inquiries of a parliament.

“It is untenable for a company with such an influence on our diaspora communities to continue to operate with impunity and demonstrated disregard for our government without consequences.”

Paterson said if the recommendations of the committee were unfavourable to WeChat “they’ll have no one to blame but themselves”.

WeChat said in a letter published by Paterson on Twitter that it would be responsive in writing to the committee and would answer any questions the committee has.

Paterson said the company was continuing to show contempt for the parliament.

Unlike TikTok, WeChat is not covered by a blanket restriction from federal government devices, despite similar concerns over the data collection and security on the app.