A TikTok representative wrote to the federal government just weeks after a report was released to refute its claims that the social media giant was collecting “excessive” data and that its app connects to mainland China.
Home Affairs Minister Clare O’Neil on Wednesday complied with a Senate order to release the letters she received from ANZ TikTok director of public policy Brent Thomas since taking on the role in early June.
Thomas first wrote to O’Neil days after she was appointed as Home Affairs Minister, congratulating her on her appointment and attempting to arrange a meeting to “discuss the government’s priorities and how we can collaborate to support the millions of Australians that have embraced TikTok”.
O’Neil did not respond to this letter, and there was no correspondence between the two parties until cyber security firm Internet 2.0 released a report in early July claiming that TikTok collects “excessive” data and that its iOS app connects to mainland China-based infrastructure.
Internet 2.0 analysed TikTok’s source code and found that it checks device location at least once an hour, continuously requests access to contacts even if the user denies this, and maps a device’s running apps and all installed apps.
The company also claimed that TikTok’s iOS app had a “server connection to mainland China” after it studied its data flow.
This report was released on 4 July.
On 21 July, TikTok’s Thomas wrote to O’Neil again to refute the claims in the report, labelling it “flawed” and containing “various erroneous claims about TikTok’s data and security practices”.
“We wanted to take this opportunity to provide you with some additional information and context regarding these matters, and extend a standing invitation to you and your teams for ongoing engagement on these, or any other matters relating to TikTok in Australia,” Thomas wrote.
“Internet 2.0’s research reveals fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims.
“Despite their claims to the contrary, Internet 2.0 did not directly engage TikTok before sharing their research publicly – we would have welcomed the opportunity to review their findings and clarify their misunderstandings.”
Thomas said that Internet 2.0 was “categorically wrong” to claim that the TikTok iOS app has server connection to mainland China, saying that the IP address is in Singapore, and that network traffic doesn’t leave the region.
And Thomas said that the amount of data hoovered up by TikTok is “not unique” and “less than many popular mobile apps”.
“In line with industry practices, we collect information that users choose to provide to us and information that helps the app function, operate securely and improve the user experience,” Thomas said in the letter.
A similarly-timed BuzzFeed News investigation based on 80 leaked internal TikTok meeting records claimed that US user data is being accessed repeatedly from mainland China.
While not addressing this report directly, Thomas said that Australian user data is stored only in the US and Singapore and that “access to that data is subject to a series of robust controls, safeguards like encryption for certain data and authorisation approval protocols overseen by our US-based security team”.
“We have policies and procedures that limit internal access to user data by our employees, wherever they’re based, based on needs.
“There is nothing unusual about TikTok having engineering teams around the world with strict and limited access to Australian user data. Indeed, this is a publicly stated practice among leading Australian companies and organisations today.”
TikTok also offered the Minister a meeting with its Chief Counsel Erich Anderson, and a virtual tour of its Transparency and Accountability Centre.
A Home Affairs representative replied to Thomas’s letter, saying that O’Neil would be unable to meet with TikTok but the Department would be in touch in the coming weeks.
“Social media platforms in Australia are increasingly used for business and recreation purposes,” Home Affairs assistant secretary, cyber, digital and technology policy division Peter Anstee wrote in reply.
“As social media user bases continue to grow, transparency and user consent are crucial to empower Australians to be able to make informed decisions about where they store their data on the internet and how their data is used.
“The Australian government acknowledges the need for uplift of cybersecurity, data protection and privacy settings.”
