Member states to the Trans-Pacific Partnership reached a consensus on Monday 5 October 2015. The agreement is expansive and introduces a number of trade initiatives including proposals regarding data flows. What are the implications of these provisions for your business and how do they operate under Australian privacy laws?
What is the Trans-Pacific Partnership?
On Monday 5 October 2015, Australia, the United States, and 10 other Pacific Rim nations reached a consensus on the terms of the Trans-Pacific Partnership (TPP).
The TPP covers 40 per cent of the global economy and aims to create a Pacific economic bloc with reduced trade barriers to products ranging from dairy and agriculture to textiles and intellectual property. The TPP also introduces new rules related to investment, the environment and labour.
The text and specific terms of the TPP have not yet been made public (save for extracts or draft versions that have found their way into the public domain). The final terms were agreed to by the member states in near-total secrecy. At this stage there is little information regarding the exact terms of the agreement and the deal’s implications for Australian businesses. However, certain principles can be gleaned.
Cross-border data flows (or information flows) are now a fundamental component of commerce, for example through Internet-based communications and platforms such as e-mail and eBay which bring buyers and sellers together online.
Although the Internet has increasing importance for international trade, governments may restrict the Internet (both from a regulatory and technical perspective) in such a way that reduces businesses’ ability to utilise the Internet for international commerce.
Governments may wish to restrict or limit data flows for a number of reasons including political restrictions, national security reasons or protection of intellectual property. One of the key restrictions in Australia relates to privacy and data protection. Similar to other countries, there are restrictions on the ability for organisations to transfer personal information offshore.
TPP and data flows
The publically released material indicates that the TPP includes a ban on hindering the free flow of data across borders. The agreement prevents signatories from blocking cross-border transfers of data over the internet. The TPP further nullifies requirements that servers be located in the country in order to conduct business in that country.
The push to restrict data sovereignty laws through the TPP was largely a commercial one, in a bid to retain United States-based cloud service providers in particular, as major online storage providers.
This proposal drew concerns from Australia that it may conflict with domestic health and privacy laws which forbid some data being stored or transmitted offshore. However until the TPP text is released it will not be clear to what extent, if at all, the data flows provisions sit within Australia’s current privacy regulatory framework.
Next steps for your business
The TPP must now be formally signed by leaders of each country and ratified by their respective legislatures. Challenges to the TPP may well eventuate from political opponents in various countries. The Australian Government may face its own criticism from many diverse groups including those opposed to the data flows provisions addressed in this update.
As the terms and text of the TPP are made public in the coming months we will release a further update addressing how the TPP’s obligations regarding data flows interact with Australia’s privacy regulatory framework and ways for Australian business owners prepare for the TPP’s introduction to Australian law.