Australia’s privacy watchdog is considering investigating Chinese ride hailing company Didi after a request from shadow Cybersecurity minister James Patterson, who raised concerns with the company’s data practices.
Similar concerns are behind a new Home Affairs-led inquiry into TikTok, as scrutiny of the Chinese-owned platform mounts.
Mr Patterson’s request to the regulator follows what he said was a failure by the company to substantively address his concerns about the privacy and security of its Australian user data and if it is being accessed by entities operating in China.
China’s internet regulator fined Didi $1.7 billion earlier this year for violating the country’s security and privacy laws, while the China-based employees of fellow platform company TikTok are reportedly routinely accessing foreign users’ data.
On Saturday, Mr Patterson, also the shadow minister for countering foreign interference and former chair of the Parliamentary Joint Committee on Intelligence and Security, wrote to Australian Information and Privacy Commissioner Angelene Falk, urging her to investigate Didi’s privacy practices.
“Australians deserve to know exactly how their sensitive private information is being handled by this company and only complete transparency about their data-handling process will reassure Australians about their privacy and cyber security,” he wrote.
Mr Patterson wrote to Didi’s Australian executives in August to ask them what steps the company had taken to comply with Australia’s privacy principles and to confirm if the personal information of Australian Didi users is “stored or accessed in anyway by entities operating in mainland China”.
Didi’s response on Thursday, three weeks later, said it had complied with all local laws since it launched in Australia in 2018, including the Privacy Act.
In the response, the company’ head of government affairs Maria Silos said the “personal information of DiDi users in Australia is only stored and accessed outside of China”.
The response did not satisfy Ms Patterson, who points to the company’s privacy policy which states DiDi may share users’ personal information with third parties, including entities in mainland China, for a range of broad reasons such as to “use or disclose it as otherwise authorised or permitted by law”.
A spokesperson for the Office of the Australian Information Commissioner confirmed the independent agency will consider the Senator’s concerns in line with its regulatory action policy, which allows investigations based on complaints of alleged interference with privacy or for the Commissioner to initiate their own investigation.
“Platforms and apps must be transparent in how they treat their users’ data and protect their privacy and should only collect information that is reasonably necessary to deliver the service,” the spokesperson told InnovationAus.com.
The potential of Chinese government authorities to access user data held by Chinese companies has sparked fears in Australia that foreign owned companies like Didi and TikTok may have to hand over user data.
TikTok, now used by around 7 million Australians, has previously confirmed its China-based employees are able to access Australian user data.
Home Affairs minister Clare O’Neil on the weekend revealed she has ordered her department to investigate the harvesting of data by TikTok and to provide a briefing by early next year on possible sector-wide responses.
“It’s not just about TikTok,” she told The Sydney Morning Herald.
“We’ve got this basic problem here where we’ve got technology companies that are based in countries with a more authoritarian approach to the private sector, and this is a relatively new problem.
“The fact that we’ve got millions of Australians accessing an app where the usage of their data is questionable is very much a modern security challenge for the country and no country in the world has found the easy solution for managing this.”
TikTok provides governments around the world access to its data through emergency and legal requests, with nearly 3500 combined requests in the second half of 2021, according to the company’s own reporting.
China is not included in the reporting, but Australia is. Australian authorities made seven emergency requests and 44 legal requests in the six-month period, with nearly half the legal requests resulting in some data being produced.
Australia’s privacy laws have been heavily criticised by advocates, who say it does little to stop rampant data harvesting. The legislation is set for a landmark reform, with the government’s proposal to be released within months.
Do you know more? Contact James Riley via Email.