Jordon Steele-John (WA, Australian Greens) Share this | Hansard source

I am aware of that. I was just clarifying for the benefit of the community, which is, as I mentioned earlier, following along with this debate in earnest. They can be forgiven, I think, for sometimes finding these debates a little bit arcane.

I want to now move to the question of ecommerce, which is a less debated issue in relation to these relevant trade deals. We in the Greens party are deeply concerned by the efforts to reduce the regulatory capacity of government in relation to electronic commerce and trade. It has been made very clear by the ACCC in their recent digital platforms inquiry, and through an extensive and growing body of evidence apart from that, that the big tech companies and multinational corporations can engage and are engaging in anticompetitive practices, breaches of privacy, tax avoidance and the exploitation of workers more generally.

Both the Indonesia free trade agreement and the Hong Kong agreement contain chapters outlining frameworks for ecommerce, which permit the free flow of data, including financial data, across borders. We in the Greens party are firmly committed to ensuring that digital rights and data privacy are strongly protected and we do not believe that either of these agreements provide tangible or sufficient protections to achieve these goals. The intention of ecommerce, as related in the chapters in these agreements, is to reduce the regulation of data flows.

This is, I have to say, at odds with the responsibility the government has to adapt to the future needs of data privacy in this space. This is referenced by the AFTINET submission to the JSCOT inquiry. It says, in the 'Concerning provisions in the electronic commerce chapter':

Article 11.3 prevents governments from developing measures to govern electronic authentication, which are the security standards for electronic transactions (DFAT 2019c: Article 11.3). This can prevent governments from regulating electronic transactions to ensure their security. For example, requiring encryption of personal data (Reid Smith 2018:8).

Article 11.7 locks in the free flow of data including personal data across borders. Government regulation of data flows is permitted but it must not "constitute a means of arbitrary or unjustifiable discrimination, or a disguised restriction on trade" (DFAT 2019c: Article 11.7.3). Article 11.8.2 prevents governments from requiring companies have a local presence in the country where they are providing services (DFAT 2019c: Article 11.8.2).

It goes on to say:

These provisions undermine the government's ability to protect privacy by enable companies to move data, including personal data, to jurisdictions where privacy laws are more limited, as privacy requirements are determined by the country where the data is stored not the country where it originated.

Governments are required to adopt consumer protection laws under Article 11.5 (DFAT 2019c:Article 11.5) and a "legal framework that provides for the protection of the personal information" under Article 11.9.2 but there are no minimum standards for this legislation (DFAT 2019c: Article 11.9.2).

They went on to say that provisions that prevent government from requiring that companies have a local presence can also make it more difficult to hold companies to account if there are issues of noncompliance with consumer protection laws and rights and other nationally relevant legislation. Then:

Article 13.13 prevents governments from requiring companies to transfer or give access to their source code (DFAT 2019a: 136). This can prevent governments from reviewing source code or algorithms in response to potential race, gender, class or other biases. This is of particular concern given the growing evidence that algorithms "are inescapably value-laden …

This is a barrier and an issue which the government is already confronting on our home turf in relation to identity capabilities. It continues:

… Operational parameters are specified by developers and configured by users with design outcomes in mind that privilege some values and interests over others …

With all this context in mind—and I'm aware that I've read a lengthy part of the submission to the minister—I fear that many of AFTINET's valuable observations were brushed aside, sadly, by both sides of politics during the JSCOT process. How does the minister respond to concerns about reduced data safeguards in relation to international data floats?