Powerful forces are opposing plans that would force them to keep Australian customer data onshore. 

Australia’s big banks have backed US technology giants Google, Facebook and Amazon in their response to a Department of Home Affairs’ Data Security Action Plan Discussion Paper that lays out plans to legally require data to be held onshore in Australia. 

The Australian Banking Association says “the concept of data localisation can seem attractive as it can be viewed as a way to reduce dependencies on other countries and to give regulators greater visibility into where data is stored and who it’s shared with. However, ABA cautions against a general policy or prohibition on storing or moving data offshore”. 

“Data localisation can also weaken data security. Many Australian entities use third-party providers of software or platform services, including major global entities. Both Australian and overseas entities may use offshore data centres. Requiring data to be kept onshore would disrupt these existing commercial and infrastructure arrangements.”

Essentially, the banking lobby says the changes would force up tech costs for banks that have enjoyed giant savings by pushing their infrastructure onto public cloud providers.

Amazon Web Services, Google Cloud, Meta (Facebook) and Microsoft oppose in-country data localisation too, as it would require them to change their cloud storage infrastructure to conform with local laws.

Data localisation has become a major issue in Europe too, where the General Data Protection Regulation (GDPR) has been used to protect personal citizen data from mass harvesting and exploitation by US tech platforms.

Facebook parent company Meta is a vocal opponent of forced data onshoring and data protection regimes, arguing such moves would put Australia alongside despots.

“Local data storage requirements also have broader implications for the state of an open, global internet,” Meta said in its submission. 

“Personnel and data localisation measures such as those in India, Vietnam, Turkey and China are often intended to facilitate the surveillance or censorship of citizens’ online activities and violate individuals’ human rights including freedom of speech, expression, access to information, and privacy and due process rights.” 

The ABA says it “cautions against relying on new, standalone legislation to impose data security requirements across the Australian economy”, calling for consideration of “existing legislative vehicles” as ways to “ensure harmonisation between data security policy and existing requirements”. 

The Albanese government was seen to maintain a professional distance from major banking institutions during its Jobs and Skills Summit, which excluded individual representatives from the ‘Big Four’ banks in favour of ABA chief and former Queensland Labor premier Anna Bligh.