New US / Aus cross-border data access regime
By Cameron Abbott, Warwick Andersen and Jacqueline Patishman
The Telecommunications Legislations Amendment (International Orders) Bill 2020 has just cleared both houses of parliament. The new bill establishes a reciprocal cross-border data access regime between the United States and Australia which will allow for cross-border communications between foreign governments for national security and law enforcement purposes.
In 2018, the US passed the ‘Cloud Act‘ (the Clarifying Lawful Overseas Use of Data Act) to allow US federal law enforcement to force US based organisations to provide requested data regardless of whether it was stored within the US or overseas. The introduction of the Cloud Act has made it necessary for Australia to enter into a bilateral agreement with the US to cover how this relationship would work where such data is stored in Australia. The Australian Government has been negotiating this agreement with the US since 2019.
The intention of the regime was to bypass the slow legal mechanisms which are usually required to permit this kind of data access between the states. The arguable downside for Australia and Australian privacy is that the regime now allows US authorities (and potentially other countries in the future where the requisite international agreements are in place) to access data held in Australia by Australian service providers.
There have been some privacy concerns raised by the introduction of the bill – especially considering that the bill passed both houses of parliament just one day after the over 500 amendments were introduced into the bill (as recommended by the Parliamentary Joint Committee). One of these concerns was the possibility that Australians may be targeted under these international agreements and the revised bill now indicates that orders for the purposes of obtaining information about the communications of a person who is an Australian Citizen or permanent resident will not be permitted.
The Greens have moved that the bill be placed under greater scrutiny and one senator suggested that the bill be withdrawn until the government had more time to understand the potential consequences of the over 500 amendments made.
Google has suggested that the reciprocal agreement may go beyond the scope of the Cloud Act as the regime will allow for the imposition of up to a $10 million fine on designated communications providers if they fail to comply an ‘international production order’ requesting access to data.
By contrast, the Home Affairs minister has dubbed the legislation an achievement for Australia which will allow for better international crime cooperation in the future considering that almost all serious crimes that threaten national security have an online element (a sentiment that is also reflected in the bill’s explanatory memorandum).
It will be fascinating to see how various stakeholders respond to the introduction of this bill in coming weeks.