Wikileaks leak shows data sovereignty threat

A leak of documents from the Trade in Services Agreement negotiations show Australia and other negotiating parties would be prevented from ensuring sensitive customer data remains in the country of origin.

The secret draft text for the Trade in Services Agreement (TISA) Financial Services Annex released by Wikileaks shows 50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin.

Australia, the United States, Canada, New Zealand, Japan, and the European Union, among others, have all been in negotiation for new financial services rules for operating between participating countries. In Australia, it has been reported that the negotiations would result in a deregulation of Australia's banking and finance sector, resulting in the end of the "four pillars" policy, and allowing more freedom for foreign banks operating in Australia.

In Article X.11 of the annex, the draft document reveals that the United States and the European Union are pushing to prevent signatory countries from preventing the transfer of data across nation borders.

"No Party shall take measures that prevent transfers of information or the processing of financial information, including transfers of data by electronic means, into and out of its territory, for data processing or that, subject to importation rules consistent with international agreements, prevent transfers of equipment, where such transfers of information, processing of financial information or transfers of equipment are necessary for the conduct of the ordinary business of a financial service supplier," the draft document states.

The US has specifically stated in the draft text that each member country must allow financial services supplier from other nations to transfer information in and out of its territory for data processing "where such processing is required in the financial service supplier's ordinary course of business."

US companies such as Microsoft and Amazon Web Services have previously tried to brush off concerns in Australia about Australian customer data being hosted in the United States and being subject to the Patriot Act, but a University of New South Wales study released last year stated it was a real issue facing Australian businesses.

The issue may also impact US customers, with a US judge ruling in April that local search warrants must include customer data stored in servers located outside the United States .

The draft text also highlights that under the agreement, signing countries would be forced to allow financial service providers to import specialist computer services, or telecommunications services staff into the country to work for the financial provider.