Cybersecurity firm Internet 2.0 claims the rapidly deteriorating legal status of Hong Kong has undermined any claims by Chinese social media app WeChat that user data is being protected.
On Sept. 30, 2020, WeChat made a written submission to the Australian Parliamentary Select Committee on Foreign Interference through Social Media, claiming that user data was protected on the basis that much of its technical architecture was located in Hong Kong.
However, the takeover of the city in mid-2020 by the Chinese Communist Party (CCP) undermined any legal protection that the global city offered WeChat's international users.
The Chinese-owned WeChat is one of the world's largest mobile messaging apps, with approximately one billion active users. The app has a focus on Chinese-speaking communities and has evolved—particularly in China—into a multifaceted platform that offers payment services, video gaming, ordering at restaurants, and even shopping online.
Yet the app carries out extensive censorship of its messaging services, including the disabling of accounts that discuss sensitive issues around human rights, as well as concerns it is being used for surveillance. WeChat has around 1.5 million users in the United States, 600,000 in Australia, and 1.3 million users in the United Kingdom.
Morrison had supported initiatives to push back against Beijing's creeping foreign interference, including banning Huawei from Australia's 5G network in 2018 and being one of the first world leaders to call for a global inquiry into the origins of COVID-19.
Researchers at Internet 2.0 said all WeChat user data logged by the app was stored in Hong Kong and that the passing of Beijing's National Security Legislation—which effectively undermined Hong Kong's autonomy—has blurred the lines between mainland China and Hong Kong servers.
"We ascertained that WeChat users can interact directly with servers on mainland China and we consider that it is becoming quite difficult to manage the competing jurisdictional priorities of a software platform that connects mainland China under the CCP and international data privacy laws such as General Data Protection Regulation in the European Union and the California Consumer Privacy Act in California."