Australian Information Commissioner inquiring into potential breaches of the Privacy by Tik Tok

January 1, 2024 |

Tik Tok has a truly dismal record when it comes to privacy. 

In September the Irish Data Protection Commission fined Tik Tok 345 million euros for breaching the GDPR regarding personal information of children using Tik Tok. In April the UK Information Commissioners’ Office fined Tik Tok 12.7 million pounds for misusing children’s data. In 25 March 2022 the U.S. District Court for the Northern District of Illinois approved a $1.1 million settlement with TikTok Inc. (“TikTok”) to resolve claims that TikTok collected children’s data and sold it to third parties without parental consent. In October 2021 Tik Tok reached a 92 million privacy settlement for breaching Illinois’s Biometric Privacy Act.

The genesis of this inquiry is the discovery that Tik Tok has been using tracking tools to harvest data without consent. Now the Australian Information Commissioner is inquiring into Tik Tok’s alleged practice of siphoning personal data of non users without consent.

Senator Patterson, the opposition spokesman, has been very active in scrutinising Tik Tok, not just on the privacy issues but Tik Tok’s potential national security threat given it is a company which is subject to control of the Chinese Government. It has been the subject of criticism of the information it spreads which is anti Western to say the least.

The Attorney General has been drawn to give a comment last week on this inquiry and he said:

JOURNALIST: On another matter, has TikTok breached Australia’s privacy laws by harvesting data from websites without seeking their consent?

ATTORNEY-GENERAL: The Australian Government is very concerned to protect the privacy of Australians and the privacy of Australian children. We are very pleased that the Privacy Commissioner, who is the Australian official charged under the Privacy Act with investigating privacy breaches, has commenced an investigation. I’d make the point that we’ve shown how seriously we take breaches of Australian privacy by last year legislating to increase the penalties, massively increase the penalties for breaches of privacy by corporations. And we’ve also, at the same time, legislated to give additional powers to the Privacy Commissioner. I expect that the Privacy Commissioner will be using those additional powers in this investigation.

JOURNALIST: And what would your message be to TikTok?

ATTORNEY-GENERAL: To cooperate with the Privacy Commissioner in their investigation. That’s something that all Australian companies should do and particularly TikTok, with serious allegations of this nature being raised, that we expect TikTok will be cooperating fully with the Privacy Commissioner.


ATTORNEY-GENERAL: After a decade of inaction under the former government, where Australians were left unprotected and ill-prepared for the technological changes that pose a threat to the privacy of Australians, we’ve acted. We’ve acted to increase the penalties in legislation last year. We’ve acted to give additional powers to the Privacy Commissioner and I have published the Government’s response to the largest review of the Privacy Act in many, many years. I’m working now on legislation to to bring appropriate reforms to the Privacy Act to the Parliament in 2024.

JOURNALIST: Will the right to erasure and other reforms be a part of that legislation?

ATTORNEY-GENERAL: We have published a very, very extensive review of the Privacy Act conducted by my department over the last number of years. These sorts of reforms are all under active consideration. We’ve got very extensive reforms that are needed to give effect to the kinds of protections that are needed against the technological changes that we’re all now having to confront.

The Attorney General’s comments are not exceptional when faced with these questions. But not entirely accurate. His complaint that the previous Government took no action is mostly correct but previous Labor Governments have failed to implement necessary reforms. The Rudd Government received the Australian Law Reform Commission’s 3 volume Report For Your Information: Australian Privacy Law and Practice (ALRC Report 108) and opted to implement few of the important reform recommendations.  The 2014 ALRC report Serious Invasions of Privacy in the Digital Era contained many recommendations which the Government has opted not to implement including removing the small business exemption and the business records exemption.  The proposed changes contained in the Government’s response to the Attorney General’s Review of the Privacy Act (separate to the superior reviews by the ALRC in 2008 and 2014) will improve privacy regulation but will not result in optimal legislation. When the Attorney General refers to extensive reforms they may be so compared to previous amendments but they are modest compared to what the ALRC recommended in 2008 and 2014.

Leave a Reply