One of the proposed Australian Privacy Principles (APPs), outlined in the proposed Privacy Amendment (Enhancing Privacy Protection) Bill 2012, will limit the adoption of the cloud in Australia, according to the Australian Information Industry Association (AIIA).
Government agencies and private companies must abide by the principles or face strong penalties.
In a submission to the inquiry on the legislation, the AIIA said that APP 8 — which requires companies to take reasonable steps to ensure that any organisation that discloses personal information about customers to an overseas organisation, must ensure that organisation is compliant with the APPs — would impact on the adoption of cloud services overseas, because the Australian organisation would be held liable for what the overseas third party does.
The AIIA instead suggested that a "safe harbour" provision could be included in the legislation that would shield Australian organisations from liability for what overseas companies do, or alternatively, companies should be able to show that they have signed a contract with the overseas company that indemnifies the domestic company for privacy breaches as a result of the negligence of the overseas company.
In a joint submission, Google, Facebook, Yahoo7 and the Interactive Advertising Bureau Australia also said that they were concerned about liability for information passed to overseas companies. The joint submission also stated that many of the principles listed in the legislation do not adequately cover the requirements of foreign laws, reducing the flexibility of companies to comply with the laws of the countries those companies operate in.
Ultimately, the four organisations said that it was in their best interest, overall, to protect the privacy of their users.
"If people do not trust our services and if they do not have positive experiences on the platforms we provide, then we are not successful in fulfilling our respective missions, and users will switch to a different service."
The Communications Alliance was concerned that the legislation did not take into account that telcos already have credit-related obligations as part of the Telecommunications Consumer Protections code, and the legislation should be more flexible to exclude companies that already comply with similar consumer protection codes.
Microsoft was largely in favour of the proposed legislation, saying that the changes were, "on balance, a positive move".
The committee reviewing the legislation is due to hand down its report in late September.