Privacy Act

• The rationale was based on security fears and, in particular, the risk the platform will be used for foreign interference operations by China.
• TikTok is a video-sharing platform operated by ByteDance, a company headquartered in Beijing, but incorporated in the Cayman Islands.
• Like similar sites, TikTok’s privacy policy indicates an expansive approach to the collection and use of personal information.

The problem with focusing on only one app

• Given the ban only affects government devices, couldn’t the same people be susceptible to foreign interference through their use of TikTok on personal devices?
• What about other apps, such as Facebook, that collect significant amounts of user data – are these more secure than TikTok?
• In other words, the problem of digital security and foreign interference is bigger than just one app or the use of government devices.

A new, more effective cybersecurity strategy

• A discussion paper on the new strategy was released earlier this year, with submissions due this week.
• This process will hopefully result in a more holistic strategy on how to manage the cybersecurity and foreign interference concerns that led to the TikTok ban.


This kind of strategic approach, particularly on the education side, would give Australians better tools to arm themselves against foreign interference online, which as Home Affairs emphasises, is the “best defence” available.

A stronger privacy act could help, too

• Another relevant policy development is the government’s review of the Privacy Act, which is the primary Australian law on data protection.
• Changing the rules about how data is collected and used by platforms could provide less fodder for those running foreign interference operations.

What is needed is a strategy, not tactics

• Beyond Australia, at the United Nations level, some questions about whether international law can be applied to cyberspace have been resolved, while others remain open.
• Ultimately, what is needed is a strategy, rather than tactics, and better coordination of relevant policies across government.
• The TikTok example also highlights a truism that we shouldn’t think in terms of privacy or security, but rather privacy and security.

• The introduction of advanced technology with commercial security systems such as IP security cameras, which are connected to the internet, has a risk of cyber-attack, which acts as a restraint for the market's growth.
• The detection and response approach integrated into company policies to confront unwanted incidents may provide an opportunity for the commercial security market to grow.
• The COVID-19 pandemic has affected the demand for commercial security systems such as fire protection and video surveillance systems due to slowing down and postponing commercial infrastructure activities.
• The key vendors of commercial security systems are introducing cameras with comprehensive features using the latest technology for video surveillance systems.

• 1 December 2022
  The Office of the Australian Information Commissioner (OAIC) today commenced an investigation into the personal information handling practices of Medibank in relation to its notifiable data breach.
• The OAIC’s investigation will focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.
• The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs).
• Given that the breach involves sensitive information, we remind any Medibank customers affected that they may seek assistance through Medibank’s helpline.