Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Australia: Calls for amendments to Telecommunications Bill

In March 2020, the Australian Federal Government introduced the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 ('the Bill'). The Bill expands Australia's national security laws by amending the current Telecommunications (Interception and Access) Act 1979 (Cth) to create a new framework that enables certain Australian agencies to access overseas communications data to assist international crime cooperation efforts. However, a recent parliamentary inquiry1 conducted by the Parliamentary Joint Committee on Intelligence and Security (Committee) has called for additional safeguards to be incorporated into the Bill. Katherine Sainty, Director at Sainty Law, discusses the Bill and its possible amendments.

blackred / Signature collection /

Summary of the Bill

The policy objectives of the Bill are to streamline cross-border and reciprocal access to electronic information and communications data to combat serious crime and terrorism. On that basis, the Bill enables relevant Australian agencies, such as law enforcement and national security agencies, to seek orders for:

  • domestic interception;
  • stored communications; and/or
  • telecommunications data.

In order to access data held overseas, an Australian agency is required to first request an 'international production order' ('IPO') from an 'issuing authority', which for the purposes of the Bill, is any person appointed by the Attorney General such as a judge or magistrate. Importantly, IPOs must only be made:

  • for the purposes of enforcing the criminal law, to monitor a person subject to a control order, or to uphold Australia's national security; and
  • where a 'designated international agreement' is in place; a designated international agreement is an agreement which Australia is a party to, and which is specifically listed in regulations made under the Bill.

If the issuing authority is satisfied that the IPO meets the relevant criteria in the Bill, it issues the IPO. The Attorney General's Department ('ADG') must then consider whether the IPO complies with the terms of the designated international agreement nominated in the IPO. If it is satisfied that the order complies, the ADG then gives a copy of the order to the foreign-based communications provider which holds the requested data.

The Bill also enables a competent authority of a foreign country with which Australia has a designated international agreement to issue an IPO or make a request for access to data directly to an Australian service provider.

Summary of recommendations

The Committee has made a total of 24 recommendations in relation to the Bill. The recommendations include:

  • that the Bill stipulate that designated international agreements must, among a series of other requirements, prohibit the counter party foreign government from intentionally targeting:
    • an Australian citizen or permanent resident; and
    • a non-Australian person located outside of Australia, if the purpose is to obtain information about an Australian citizen or permanent resident.
  • that the Bill clearly stipulates that an incoming international production order (i.e. from a foreign entity) must only be issued for the purpose of obtaining information relating to the prevention, detection, investigation, or prosecution of serious crime, including terrorism.
  • that the Bill be amended to ensure that a country seeking to enter into a designated international agreement with Australia must:
    • demonstrate respect for the rule of law and the principles of equality and non-discrimination;
    • demonstrate respect for applicable international human rights obligations and commitments; and
    • have clear legal procedures and restrictions governing the use of electronic surveillance investigatory powers.

International implications

While the Bill intends to enhance Australian law enforcement operations, if implemented, it may have consequences for any decision made by the European Commission ('the Commission') as to whether Australia has an adequate level of data protection comparable to the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

The recent decision of the Court of Justice of the European Union in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Case C-311/18) led to a ruling that the EU-US Privacy Shield framework which governed data transfers between the EU and US was invalid, largely due to the lack of safeguards around the personal data of EU subjects once it was transferred to the US, and the lack of judicial protection against US surveillance programs. The decision ultimately means it is unclear what level of national security surveillance is compatible with the GDPR, meaning that if adopted, the Bill itself may potentially push Australia further away from an 'adequacy' decision.

In addition, the adoption of the Bill could potentially affect the ability of Australian organisations to rely on the EU's Standard Contractual Clauses ('SCCs'), which are commonly used to facilitate cross-border data transfers pursuant to the GDPR. On 4 June 2021, the Commission introduced new SCCs2, which impose a series of obligations on both the 'controller' and 'processor' of personal information when such personal information is accessed by public authorities. Importantly, the new SCCs cannot be adopted where a third-party country outside the EU is involved in the processing of data and its laws and practices prevent the data importer from complying with its obligations under the SCCs.

What's next?

Adopting the 24 recommendations made by the Committee would ensure that the Bill appropriately achieves its intended aims of providing significant assistance to agencies to investigate and prosecute serious crimes, monitor compliance with control orders, and to maintain Australia's overall national security. However, the Bill is likely to affect any determination made by the Commission as to whether or not Australia has an adequate level of data protection on par with the GDPR, and it may also affect the ability of Australian organisations to comply with the newly introduced SCCs. We anticipate that the Government will continue to work closely with community, industry, and law enforcement stakeholders as it considers whether or not to implement the Committee's recommendations.

Katherine Sainty Director
[email protected]
Sainty Law, Sydney