The Australian government can force companies to store your personal data in Australia, despite a clause in the Trans-Pacific Partnership saying otherwise.
Buried in the 6500 pages of the Trans-Pacific Partnership text released on Friday is a provision that, according to the Department of Foreign Affairs and Trade is a commitment made by TPP countries to not impede cloud computing companies to deliver services in the signatory countries. The provision in the electronic commerce chapter means that countries that have signed the agreement must not prevent the flow of data across borders of TPP countries, and cannot force businesses to either buy storage or build local data centres for storing data created by their customers in that country.
This means that companies like Google and Microsoft do not need to keep the emails created and sent by Australians on Australian shores, for example, meaning vast swathes of Australians’ personal information can be held outside of Australia, subject to the laws of the country where the data is held.
But there are a few significant exceptions that mean the Australian government has some leeway to force companies to keep data in Australia. In its outline of the advantages of the TPP, the Department of Foreign Affairs and Trade acknowledges this requirement but maintains the personally controlled e-health record system the government is currently trying to roll out is exempt from the legislation. How exactly?
A spokesperson for DFAT told Crikey: “The [e-health] legislation is not affected by TPP commitments on the movement and storage of data because the TPP includes exceptions which allow parties to regulate to meet public policy objectives, such as privacy and health.”
Health Minister Sussan Ley recently announced a new revamped version of the e-health record system — called “My Health Record” — would be trialled in early 2016 in the Blue Mountains and in far north Queensland as an opt-out model in which patients’ records would be created unless they specifically said no.
Ley suggests the new system will give the patient complete, “open-source” access and control over their health data, and patients would be free to give it to “an app developer, to a dietitian, to a retailer and say how can you deliver the best health services for my needs?”
With all that wider access to confidential medical data, protections will need to be in place to ensure it isn’t mishandled.
Crikey understands that during the negotiations, Australia secured an exclusion for e-health records from the agreement, but there is a broad exception that means governments can continue to regulate the flow of data, and where data is stored to “meet public policy objectives”. This means that if a government that had signed onto the TPP decided to introduce a law to retain health information or other data held by private companies on their citizens, the government would not be in breach of the TPP agreement.
Labor has not yet said whether it will back the TPP agreement. In the party’s platform, agreed to at its national conference in July, the party set out that it would require companies that want to hold Australian customers’ personal information overseas to first obtain the consent of those customers.
The Australian government is planning to introduce legislation that would require companies to report when they suffered a data breach. It was due to be passed this year, but there are only two and a half sitting weeks left. Attorney-General George Brandis said the legislation would be introduced this year but would not passed until next year.
The biggest problem with the TPP is that it is a treaty not an agreement and it is a multi-party treaty which is even worse. To change it is going to be almost impossible unless someone can enlighten me otherwise because you would have to get all 12 to agree to that change. So once they have everyone signed up after which they discover that it is not to their advantage after all, I would like to know :
1) How you get out of it altogether without repercussions i.e. penalties and make goods and
2) How you could possibly change the agreement if you found that say seven of the twelve were going to get screwed.
The rest you can raffle.
Was the treaty negotiated in good faith if some parties (e.g. pharmaceutical industry) had preferential access in the process?
BO @1 – It is well night impossible to alter signed treaties but withdrawal in toto is not.
If, as expected, the pusillanimous poltroons of ‘Labor’ are complicit in passing this treasonous legislation, OUT! it would be a good issue for their successors to use as a sign that they are different.
In 2014, OPSM had it’s $33 million contract with the ADF terminated because they were found to be sending Australian defence personnel’s data overseas to be processed. I wonder how defence personnel will be protected under the TPP given that much (non-defence) data identifies them as being a member of the defence force.