Australia steps closer to cross-border data transfers with US
A parliamentary committee has recommended 24 changes to a bill before Australia can share data with foreign countries
Australia’s Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended passing a bill that would allow the country to share communications data with other countries, but only after its 24 report recommendations are enacted first.
If the bill passes, it would allow Australia to obtain an agreement with the US under its Clarifying Lawful Overseas Use of Data Act (CLOUD).
The Telecommunications Legislation Amendment (International Production Orders) Bill 2020, introduced on 5 March, seeks to address Australia’s evolving technological landscape where data previously held in the country is now stored overseas.
Its Explanatory Memorandum states that Australian law enforcement and national security agencies need access to electronic and communications data from foreign communications providers for criminal investigations. Currently, the country has relied on mutual legal assistance from overseas jurisdictions, which it calls a “lengthy process”.
For requests received from foreign governments with a designated international agreement, the bill would remove the blocking provisions that prevent domestic communication providers and tech companies from cooperating with a request from a foreign government, when the request complies with the conditions of the designated international agreement.
However, the committee has outlined 24 recommendations which it thinks should be implemented before the IPO Bill can go ahead.
The Total Economic Impact™ of Mimecast
Cost savings and business benefits enabled by using Mimecast with Microsoft 365

One recommendation is that designated international agreements must be published and tabled in the regulations, and are subject to parliamentary scrutiny, as well as to a period of disallowance.
Another recommendation is that the agreement must not be used by a foreign government to target an Australian citizen. Information cannot be obtained to provide to the Australian government or a third-party government, the recommendations state.
Any country wishing to seek this kind of agreement must demonstrate respect for the rule of law, equality and non-discrimination, respect for international human rights, and have clear legal procedures and restrictions governing the use of electronic surveillance investigatory powers.
Furthermore, as some countries still practice the death penalty, including the US, the PCJIS said a minister should receive a written assurance from the government of a foreign country relating to the non-use of Australian-sourced information obtained through the agreement “in connection with any proceeding for a death penalty offence in the country or territory”.
The committee’s last recommendation was that “following implementation of the recommendations in this report, the Bill be passed by Parliament".
The global use of collaboration solutions in hybrid working environments
How companies manage security risks

How to build a cyber-resilient business ready to innovate and thrive
Outperform your peers in your successful business outcomes
