Every time you download a new app, somewhere in the fine print is a promise: we take your privacy seriously. But here’s an uncomfortable question —- what does “privacy” actually mean when the rules change depending on which country you live in?
If you’ve ever used WeChat, scrolled TikTok, or updated your Facebook settings, you’ve been quietly living inside one of the biggest debates in digital policy: who actually makes the rules about your personal data, and whose interests are those rules really designed to protect? Spoiler: it’s often not yours. And as we’ll see, the answer looks very different depending on whether you’re in China, Australia, or Europe, because “privacy protection” often means something entirely different depending on where you are.
“The legal relationship of providers to users is one of firm to consumer, not sovereign to citizen.” (Suzor , 2019)
The Privacy Paradox: We Care, But We Don’t Act
Let’s start with something most of us can relate to. You’ve probably felt a little uneasy clicking “Accept All Cookies” on a website, or noticed an eerily relevant ad pop up after a private conversation. You know, somewhere in the back of your mind, that apps are collecting your data. And yet, you still keep using them.
Researchers have a name for this: the privacy paradox. It describes the gap between how much people say they care about their privacy and how little they actually do about it. A study by Chen and Cheung (2018) found this pattern clearly in WeChat users in China, where people expressed genuine concern about surveillance and data collection, yet continued sharing personal information daily because the social and professional costs of leaving the platform were simply too high. As the authors put it, once users embed their social lives in a platform, “the incentive for them to remain a part of the system outweighs their requirement to secure their privacy online” (Chen & Cheung, 2018).
This isn’t a uniquely Chinese phenomenon. A 2017 University of Sydney survey found that while 67% of Australians said they actively take steps to protect their privacy online, only 38% felt they actually had control over it (Goggin et al., 2017). We’re doing the rituals to changing settings, reading (well, skimming) privacy policies, but we don’t feel safe. That gap between action and confidence matters, because it hints at a structural problem. The issue isn’t just user behaviour. It’s the rules themselves, and those rules look very different depending on where you live.
WeChat in China: The Platform and the State Are One
To understand how dramatically privacy rules can differ across borders, WeChat is the place to start. With over a billion users, WeChat isn’t just a messaging app, it’s where Chinese users pay bills, book doctors, attend work meetings, and discuss politics. Chen and Cheung (2018) describe it as a convergence of the social, political, and transactional, embedded into nearly every aspect of daily life.
Here’s where it gets serious. In China, there is no standalone privacy law that gives citizens enforceable rights against platforms or the government. The term “privacy right” didn’t even appear in Chinese law until 1992, and it still isn’t a standalone protected right (Chen & Cheung, 2018). What exists instead is a patchwork of regulations that allow government authorities to access user data, and require platforms like WeChat’s parent company Tencent to comply. Articles posted on public WeChat accounts are routinely censored or taken down by both Tencent and government authorities (Chen & Cheung, 2018).
For users, this creates a strange reality: they are aware of surveillance, they often accept it as normal, and yet they feel increasingly anxious as their social networks expand beyond trusted friends into colleagues, employers, and acquaintances. Some users respond with creative “privacy work” that creating dozens of contact groups to filter who sees what, using false locations, or posting carefully curated “personas” rather than authentic content. But these are individual workarounds, not structural protections.
The deeper issue is that in China, the platform and the state are not truly separate, and so “privacy” as a right against institutional power barely exists in the first place. This becomes especially striking when you compare WeChat’s environment with how platforms in countries like Australia operate, where users have more formal protections on paper, even if those protections remain imperfect in practice.
TikTok: One App, Many Versions of Privacy
TikTok offers perhaps the most globally visible example of how the same app can operate under very different rules depending on where you are, and how much the rules, rather than the app itself, determine your privacy.
In the United States, TikTok, owned by Chinese parent company ByteDance has faced years of regulatory pressure over fears that user data could be accessible to the Chinese government. In 2024, Congress passed legislation requiring ByteDance to divest TikTok or face a ban, citing national security concerns. TikTok responded by launching “Project Texas,” a multi-billion dollar initiative to store American user data on servers managed by Oracle in the US, with auditing by external reviewers (Stokel-Walker, 2023). In the European Union, TikTok faced investigations from data protection regulators over the transfer of European user data to China, leading to fines and commitments to store EU user data locally. Meanwhile, in countries with weaker digital rights frameworks that across parts of Southeast Asia and Africa, that’s similar safeguards are largely absent.
What this illustrates is that the same company is able and willing to provide different levels of data protection depending on what regulators demand. Privacy, in this model, isn’t a universal commitment, it’s a compliance floor. You get the privacy protection that your country’s laws require, and not much more. If your government doesn’t fight for your data rights, the platform almost certainly won’t volunteer them. And as Flew (2021) observes, this is precisely why platform governance has become such an urgent policy challenge: major platforms now shape everyday life in ways that were once the domain of public institutions, yet they remain largely accountable only to market pressures and regulatory minimums rather than democratic values.
Meta in Australia: Stronger Laws, Still Not Enough
Australia sits in an interesting middle ground in this global picture. Australians are among the world’s heaviest social media users, and yet the country’s privacy laws have been widely criticised as outdated and under-enforced. Unlike the European Union’s General Data Protection Regulation (GDPR), which gives people enforceable rights to access, correct, and delete their data that Australia’s Privacy Act 1988 doesn’t give individuals a direct right to sue for privacy breaches. You can complain to the Office of the Australian Information Commissioner, but the process is slow and the outcomes are often limited (Goggin et al., 2017).
Meta —- the company behind Facebook and Instagram, has faced significant regulatory scrutiny in the EU, where GDPR enforcement has resulted in billions of euros in fines and forced real changes to how Meta handles data. In Australia, similar pressure has been slower and softer. Goggin et al. (2017) note that Australian law has not kept pace with the “capacity to gather data on a larger scale, to link datasets, to analyse data and to use such capacities to draw inferences about people”, it’s a gap that benefits platforms far more than users.
At the same time, the Australian survey found that 57% of respondents were concerned about corporations violating their privacy, and 78% wanted to know what social media companies actually do with their data (Goggin et al., 2017). Australians, in other words, want stronger protections, but the legal infrastructure to deliver them simply hasn’t caught up. This comparison between the EU and Australia around Meta is revealing: the same platform, operating under different rules, produces meaningfully different outcomes for users. The GDPR didn’t change Meta’s values, but it changed Meta’s incentives. That’s the power of enforceable law.
Who Actually Makes the Rules?
This brings us to what might be the most uncomfortable truth in all of this: the rules that govern your digital privacy are not primarily written by your government, or by you. They’re written by platform companies, and enforced (or not) based on what local laws require and what public pressure demands.
As Suzor (2019) explains, platform terms of service are essentially private contracts that reserve almost absolute discretion to the company. Your access can be terminated at any time, for any reason, and the platform’s decision is final. These documents are designed to protect the company’s commercial interests, not to guarantee users any meaningful rights. Suzor (2019) illustrates this pointedly with Facebook’s short-lived democratic governance experiment in 2009: when Zuckerberg promised users a vote on policy changes, the threshold was set so impossibly high —- 30% of all active users that meaningful democratic input was practically impossible from the start. When 88% of those who did vote opposed a policy change, Facebook simply ignored the result.
This matters for privacy because, as Flew (2021) notes, social media platforms have become central to how we work, communicate, and participate in public life, yet the decisions they make about our data happen largely behind closed doors, shaped by the legal minimums of the jurisdictions they operate in. Suzor (2019) adds that the real moderation and governance rules are often hidden from users entirely, developed by small, unrepresentative teams and applied mechanically at scale, with little room for context or genuine appeal. The result, across all the cases we’ve looked at, WeChat’s state-aligned surveillance, TikTok’s jurisdiction-by-jurisdiction compliance, Meta’s EU-versus-Australia divergence that is the same: users bear most of the risk and have the least power to change the rules.
So What Can We Do?
The gap between how privacy is promised and how it’s practiced is real, and it’s structural. Individual actions, like adjusting your privacy settings or reading terms of service, it’s matter at the margins, but they won’t close this gap on their own.
What would actually help? Regulatory reform that creates enforceable rights for individuals, not just guidelines. Transparency requirements that force platforms to explain in plain language what data they collect and how it’s used. And international cooperation to ensure that companies can’t simply route around protections by storing data in jurisdictions with weaker laws.
The GDPR in Europe is imperfect, but it has demonstrably changed how companies behave that not out of goodwill, but because the fines are real and the enforcement is credible. Australia’s Law Reform Commission has made similar recommendations for reform, and the Privacy Act review process has flagged the need for stronger individual rights, though progress remains slow (Goggin et al., 2017). In China, meaningful change would require a fundamental shift in the relationship between the state and digital platforms, nevertheless the shift that seems distant for now.
Your privacy matters —- But protecting it isn’t just a personal responsibility. It’s a political one. The next time an app asks for your data, the more important question isn’t whether you click accept, it’s whether the rules of the country you live in are actually fighting for you.
Reference list
- Australian Broadcasting Corporation. (2026, March 26). Unpacking the social media addiction ruling against Meta and YouTube, and what it means for users [Photograph]. ABC News. https://www.abc.net.au/news/2026-03-26/what-the-social-media-addiction-trial-means-for-australia/106497250
- Cheng Xin/Getty Images (2021, July 2). TikTok’s new privacy policy [Photograph]. Wired. https://www.wired.com/story/tiktok-new-privacy-policy/
- Chen, Z. T., & Cheung, M. (2018). Privacy perception and protection on Chinese social media: A case study of WeChat. Ethics and Information Technology, 20(4), 279–289. https://doi.org/10.1007/s10676-018-9480-6
- ExpressVPN. (2025.December 15.). Is WeChat safe? [Photograph]. ExpressVPN Blog. https://www.expressvpn.com/blog/is-wechat-safe/
- Flew, T. (2021). Regulating platforms. Polity Press.
- Goggin, G., Vromen, A., Weatherall, K., Martin, F., Webb, A., Sunman, L., & Bailo, F. (2017). Digital rights in Australia. University of Sydney. http://hdl.handle.net/2123/17587
- Marketing Minds. (2022, July 4). How to Choose The Right Social Media Platforms [Photograph]. Marketing Minds. https://www.marketingminds.co.nz/choose-the-right-social-media-platforms/
- Stokel-Walker, C. (2023, March 24). TikTok’s Project Texas is struggling to take off. Wired. https://www.wired.com/story/tiktok-project-texas-struggles/
- Suzor, N. (2019). Lawless: The secret rules that govern our digital lives. Cambridge University Press. https://doi.org/10.1017/9781108666428
Be the first to comment