Wikileaks leak shows data sovereignty threat

Wikileaks leak shows data sovereignty threat

Summary: A leak of documents from the Trade in Services Agreement negotiations show Australia and other negotiating parties would be prevented from ensuring sensitive customer data remains in the country of origin.

TOPICS: Cloud, Privacy, Australia

The secret draft text for the Trade in Services Agreement (TISA) Financial Services Annex released by Wikileaks shows 50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin.

Australia, the United States, Canada, New Zealand, Japan, and the European Union, among others, have all been in negotiation for new financial services rules for operating between participating countries. In Australia, it has been reported that the negotiations would result in a deregulation of Australia's banking and finance sector, resulting in the end of the "four pillars" policy, and allowing more freedom for foreign banks operating in Australia.

In Article X.11 of the annex, the draft document reveals that the United States and the European Union are pushing to prevent signatory countries from preventing the transfer of data across nation borders.

"No Party shall take measures that prevent transfers of information or the processing of financial information, including transfers of data by electronic means, into and out of its territory, for data processing or that, subject to importation rules consistent with international agreements, prevent transfers of equipment, where such transfers of information, processing of financial information or transfers of equipment are necessary for the conduct of the ordinary business of a financial service supplier," the draft document states.

The US has specifically stated in the draft text that each member country must allow financial services supplier from other nations to transfer information in and out of its territory for data processing "where such processing is required in the financial service supplier's ordinary course of business."

US companies such as Microsoft and Amazon Web Services have previously tried to brush off concerns in Australia about Australian customer data being hosted in the United States and being subject to the Patriot Act, but a University of New South Wales study released last year stated it was a real issue facing Australian businesses.

The issue may also impact US customers, with a US judge ruling in April that local search warrants must include customer data stored in servers located outside the United States.

The draft text also highlights that under the agreement, signing countries would be forced to allow financial service providers to import specialist computer services, or telecommunications services staff into the country to work for the financial provider.

Topics: Cloud, Privacy, Australia


Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • patriot act

    The way it was explained to me when it comes to the patriot act is the clause where any company that is based in the US (microsoft, google, amazon, etc) if it receives a request for data under the patriot act then it doesn't where in the world the data is physically located (except Europe) and if any company operates in the US (fujitsu for example) then the rule also applies to them - which means unless your data is in Europe and thus under safe harbor then your hosed - and if your data is in Australia or New Zealand and is housed in a data centre run by a company that doesn't fit the above cases then your still hosed due to the ANZUS treaty which means our government would just hand it over anyway.

    Of course the other point was that the patriot act only applies to stuff related to national security investigations - so unless your planning on blowing something up then they ain't never going to come for your data under those rules anyway.
    • Patriot Act

      I could be wrong but I was under the impression that the ANZUS treaty was a defence co-operation treaty and doesn't have anything to do with intelligence gathering which is subject to different agreements. Currently the way I understand it the USA has to make a request to our intelligence agencies to obtain information in relation to an Australian Citizen. This proposed agreement is trying to nullify that requirement. Trust the USA to do the right thing? No flaming way when they start talking patriotism - look at what they did to David Hicks for one.