The federal government has reignited its efforts to sign an expedited data-sharing deal with the US, with nearly $10 million provided for the scheme over the next four years.
On Wednesday afternoon, the powerful bipartisan national security committee called for 23 changes to legislation which will underpin such a deal with the Biden administration, paving the way for its passage through Parliament with amendments.
This week’s federal budget included $9.6 million over four years to assist with the exchanging of data between Australia and the US for the investigation of “serious crime”, including $1.5 million in 2021-22.
This will be through an agreement under the US government’s Clarifying Lawful Overseas Use of Data Act (CLOUD Act), with the two countries entering into negotiations in late 2019.
Such an agreement would allow for expedited data sharing between American companies and Australian authorities, and vice versa, without contact with local authorities.
The International Production Orders (IPO) Bill, providing the legislative basis for such an agreement to be signed, was introduced to Parliament in March last year and quickly referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for inquiry.
Despite being told it was “vital” to table its report by the Winter sittings last year, the inquiry was repeatedly delayed and stalled.
On Wednesday afternoon the PJCIS finally released its report on the IPO scheme, calling for a suite of major changes to the legislation before it is passed by Parliament.
These changes include that any proposed agreement with another country must be published and tabled prior to it being signed, with 15 sitting days given for Parliament to block it. The PJCIS also recommended that a data-sharing agreement can be renewed for three years without going through the Parliamentary process, but only if there are no changes to it.
The committee also called for improved safeguards in the bill, including prohibitions on foreign governments accessing data on Australian citizens or residents and strengthened safeguards around data handling.
International production orders should only be allowed for the “prevention, detection, investigation or prosecution of serious crime, including terrorism”, the PJCIS said.
Foreign governments that Australia is looking to ink deals with should have a demonstrated respect for the rule of law, international human rights obligations and have clear procedures and restrictions, the report said.
The legislation should also define “urgent circumstances”, under which a data request can be made over the phone rather than in writing, as when there is an imminent risk to a person or property and such a request is necessary for dealing with it.
Both oversight agencies – the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security – need to be sufficiently resourced to conduct these roles, the PJCIS urged.
Any agreement signed by Australia, such as under the CLOUD Act, would be subject to another PJCIS rule after three years, under the committee’s plans.
Once these amendments are included, the PJCIS said it would give the data-sharing legislation the green light.
The PJCIS heard widespread concerns around the IPO scheme and the prospect of Australia entering into a hastened data-sharing deal with the US, and potentially other countries in the future.
The Australian Privacy Foundation told the committee the legislation was “deeply flawed” and created a “framework for future abuses” which would “erode privacy and civil liberty protections”.
The International Civil Liberties and Technology Coalition also said that the IPO legislation “does not provide adequate safeguards to protect human rights” and that it requires “significant revisions”.