Australia’s encryption laws are unlikely to be compatible with the United States’ CLOUD Act, as well as the European Union’s General Data Protection Regulation, the Law Council of Australia has said.
As for compliance with the European Union’s GDPR, the Council said that even though notices do not allow for the creation of systemic vulnerabilities, a vendor could inadvertently create one when attempting to comply, which could compromise personal data.
“The aims of the GDPR and the requirements of a TCN or TAN to remove or limit the security measures required to protect privacy may be difficult to reconcile,” the Council said.
The entire issue was “perhaps emblematic” of the different approaches the EU and Australia were taking to privacy, the submission said.
“In the EU, there is greater protection being given to the fundamental human right of privacy, as reflected in the enactment of the GDPR,” it said.
“However, in Australia, the laws relating to encryption are increasing the capacity of law enforcement to overcome one of the means by which privacy in electronic communications can be protected.”
Read: Home Affairs says no problems with encryption laws even though local companies suffer
Earlier this week, Telstra said in its submission that device vendors could skip Australia, thanks to the encryption laws, leaving local companies uncompetitive.
With vendors usually sharing technical information with telcos before launching products in order to test them, Telstra said the requirements in the encryption laws compelling them to share that information with interception agencies could see Australia being skipped — as well as Telstra breaching its “contractual confidentiality obligations”.
“This has potential to adversely affect the competitiveness of Australian telecommunications providers in international markets and their ability to deploy the latest technology developments (e.g. new smart phones, artificial intelligence and IoT devices),” the company said in a submission to the Parliamentary Joint Committee on Intelligence and Security’s encryption law review.
“International vendors may also simply refuse to supply new technology or devices to Australian DCPs [designated communications providers].”
In an earlier submission, Vault Systems said it was being materially and detrimentally impacted by the encryption laws, even if it was just in relation to how the company is perceived.
As foreign governments and customers are assessing against a ‘media headline test’, we are in an unfortunate position where logical persuasion is not sufficient to counter perception,” Vault said in its submission.
“We are currently seeing an exodus of data from Australia including physical, operational, and legal sovereignty.”
Related Coverage
Home Affairs says no problems with encryption laws even though local companies sufferEmployees not the target of encryption laws: Home AffairsOptus gained exemption to store metadata unencryptedAmendments to Australia’s encryption laws stranded before electionAustralian encryption laws sent off to Nat Sec Legislation Monitor for reviewLatest technology could miss Australia due to encryption laws: TelstraEncryption laws are creating an exodus of data from Australia: Vault
Related Topics:
Australia
Security TV
Data Management
CXO
Data Centers