Australia steps closer to cross-border data transfers with US

An image of encrypted data on a screen
(Image credit: Shutterstock)

Australia’s Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended passing a bill that would allow the country to share communications data with other countries, but only after its 24 report recommendations are enacted first.

If the bill passes, it would allow Australia to obtain an agreement with the US under its Clarifying Lawful Overseas Use of Data Act (CLOUD).

The Telecommunications Legislation Amendment (International Production Orders) Bill 2020, introduced on 5 March, seeks to address Australia’s evolving technological landscape where data previously held in the country is now stored overseas.

Its Explanatory Memorandum states that Australian law enforcement and national security agencies need access to electronic and communications data from foreign communications providers for criminal investigations. Currently, the country has relied on mutual legal assistance from overseas jurisdictions, which it calls a “lengthy process”.

For requests received from foreign governments with a designated international agreement, the bill would remove the blocking provisions that prevent domestic communication providers and tech companies from cooperating with a request from a foreign government, when the request complies with the conditions of the designated international agreement.

However, the committee has outlined 24 recommendations which it thinks should be implemented before the IPO Bill can go ahead.


The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365


One recommendation is that designated international agreements must be published and tabled in the regulations, and are subject to parliamentary scrutiny, as well as to a period of disallowance.

Another recommendation is that the agreement must not be used by a foreign government to target an Australian citizen. Information cannot be obtained to provide to the Australian government or a third-party government, the recommendations state.

Any country wishing to seek this kind of agreement must demonstrate respect for the rule of law, equality and non-discrimination, respect for international human rights, and have clear legal procedures and restrictions governing the use of electronic surveillance investigatory powers.

Furthermore, as some countries still practice the death penalty, including the US, the PCJIS said a minister should receive a written assurance from the government of a foreign country relating to the non-use of Australian-sourced information obtained through the agreement “in connection with any proceeding for a death penalty offence in the country or territory”.

The committee’s last recommendation was that “following implementation of the recommendations in this report, the Bill be passed by Parliament".

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.