Skip to main content
Open this photo in gallery:

The TikTok startup page is displayed on an iPhone in Ottawa on Feb. 27, 2023.Sean Kilpatrick

Matt Malone is an assistant professor at Thompson Rivers University’s Faculty of Law in Kamloops, B.C.

Last February, in the glare of The Globe and Mail’s reporting on alleged Chinese foreign interference in the 2021 election, Ottawa rushed to ban TikTok on its work-issued devices. Enjoying all-party support, the ban was a convenient way for the federal government to score points for talking tough on “privacy and security.”

Since then, the inconsistencies and ineffectiveness of this selective ban have come into sharper focus. Concerns about privacy and security do not explain why the federal government waited five months to act on the intelligence brief that informed the ban. They also do not explain why the government has not stopped buying advertising on TikTok itself.

Nor do they explain why the federal government has also not banned other apps associated with suspect actors such as the Russian-affiliated VKontakte, Yandex and apps. In addition to TikTok, only two apps are currently barred from use and downloading on government-issued mobile devices: WeChat and Kaspersky.

But the problem isn’t exclusive to Chinese and Russian apps. There are other social-media platforms that have no business on government-issued devices and yet are still available for download and use: Facebook, Instagram, Snapchat, Tinder, Bumble, Grindr, Truth Social, Gab and Discord.

In general, it would be best for Ottawa to ban all social-media apps on government-issued devices, unless there is a strong business justification otherwise. The Chief Information Officer of Canada basically suggested as much in a recent appearance before a parliamentary committee.

“Ninety per cent of Government of Canada devices allow downloads of whatever the user would like,” she noted. But her suggestion to “tighten the environment” has not been followed. She is now leaving government.

Even if we did such a thing though, Canadians would face another problem: effectiveness. Law enforcement has struggled to address the type of harms we see perpetuated online these days. In Canada, online fraud continues to reach historic levels, and many young people are suffering unprecedented harms.

Despite these crises, the RCMP’s national cybercrime and fraud reporting system is two years behind schedule, still in beta testing and says on its website that it only accepts 25 complaints a day nationwide. Less than half of cybercrime files received are even cleared, according to the RCMP’s latest Departmental Results Report. (This data is from 2021-22. The RCMP declined to share more recent numbers in its latest result report.)

Canada seems to have a congenital problem with matching resources to impact when it comes to digital safety. In 2018, we gave $28.4-million to a cybersecurity certification program for small- and medium-sized businesses. It promised 5,000 certificates. So far, it has delivered 41. The trend is downward as of August – there were just two this year.

Despite the program’s disappointing results, we are already repeating it. Earlier this year, then-defence minister Anita Anand announced another cybersecurity certification program with a $25-million price tag.

Canada shows little interest in keeping up with its peers, too. Unlike Australia, Britain and the U.S., it does not have a law regarding cybersecurity for critical infrastructure. Its proposed bill in this area has been languishing for well over a year now. Most of its provisions are outdated. They are evidently inspired from a directive passed by the European Union in 2016 that has already been replaced.

The proposed Canadian law also does not even mention ransomware, even though more than half of reports about cybercrime to the RCMP are about that. To understand the pressing importance of this threat, consider just how often hospitals in Canada get hit by ransomware attacks.

The head of the Canadian Centre for Cyber Security recently told a parliamentary committee that “every time” his organization talks with businesses, ransomware comes up. Elsewhere, the federal government has noted the average Canadian ransomware payout now reaches $250,000.

None of the foregoing dismisses TikTok’s bad conduct. Like many social-media apps, TiKTok deserves plenty of opprobrium for privacy violations, data harvesting, narrative control and granting access to data despite assurances otherwise. Like other social-media apps, it is a vector for online harm. The app’s safety features for children are all easy to bypass. And its business model is focused on privacy-invasive targeted advertising.

But Canadian law does little to stop those practices on any social-media service. As TikTok lobbyists appearing in October before a parliamentary committee repeatedly underscored, the platform’s “handling of Canadians’ user data is governed by Canadian laws.” That is the problem: Premised on an outdated consent model, Canada’s privacy laws largely fail to protect the rights and interests of individuals and collectives in the digital age.

Federal privacy laws also place no meaningful constraints on cross-border data transfers to places such as Russia and China, and the newly proposed privacy bill does not change that. It is telling that these new privacy reforms are stewarded by the industry cabinet portfolio – as opposed to one focused on human rights, public safety or national security.

As they stand, privacy legislation deprives citizens of meaningful protection, federal funding priorities are out of alignment with values and needs, and gaps exist in law and policy that the government shows no urgency to fill. Unless they change, Ottawa’s policies and practices will continue to pose significant challenges in addressing the harms we see perpetuated on social media.

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe