AWS, Microsoft, Google Cloud, Meta all oppose data localisation for Australia

By on
AWS, Microsoft, Google Cloud, Meta all oppose data localisation for Australia

No 'explicit approach' needed, they tell Home Affairs.

Amazon Web Services, Microsoft, Google Cloud and Meta are among top cloud providers and data repositories to warn the federal government against initiating data localisation requirements.

Home Affairs posed the question in an April discussion paper [pdf] as to whether or not Australia “need[ed] an explicit approach to data localisation”.

“Many countries have data localisation laws in place, while others are adopting legislation, often to stop insecure transfer of personal information across borders,” it said at the time.

However, it also considered localisation requirements to be fraught and requiring balance, if they are to be contemplated and/or initiated.

The major cloud providers, as well as large data holders like Meta, are unequivocal in opposing data localisation requirements.

Meta, in particular, warned that data localisation requirements were often linked to alleged surveillance regimes.

“Local data storage requirements also have broader implications for the state of an open, global internet,” Meta said in a submission [pdf].

“Personnel and data localisation measures such as those in India, Vietnam, Turkey and China, are often intended to facilitate the surveillance or censorship of citizens’ online activities and violate individuals' human rights including freedom of speech, expression, access to information, and privacy and due process rights. 

“Australia’s contemplation of local data storage requirements could set a concerning precedent that undermines the principles of an open internet and emboldens other countries with a different vision of the internet’s future.”

Cloud providers favoured specific and granular controls - rather than data localisation - as a more reliable way to secure cloud-hosted data.

Amazon Web Services (AWS) recognised Home Affairs’ “fairly nuanced view” on the issue.

But the cloud provider warned the discussion paper “mistakenly asserts that keeping data on-shore would minimise the risks associated with foreign threat actors or cyber attacks.”

“In reality, the location of data matters more for other reasons (e.g. operational resiliency and latency), rather than to address data security,” AWS said. [pdf]

“The most appropriate determinant of the security of data is the security controls applied to protect it, not its physical location. 

“Practically, the most important aspect of an effective data security strategy is to ensure that organisations have access to the most state-of-the-art and advanced security technologies.”

In a separate submission, Google Cloud said [pdf] “the desire to improve data security cannot be achieved by data localisation requirements.”

 ‘Data localisation’ is the opposite of ‘free flow of data across borders’ which forms part of many free trade agreements, including agreements that Australia is a signatory to,” Google said.

“Even where data localisation controls are applied, they have little effect over the privacy and security of data, which is ensured through controls applied to the data.”

Google Cloud said data localisation rules could make data “more susceptible to attack” by creating larger, more concentrated data stores that are easier to target.

It also argued such rules could preclude Australian users from security tools and services “that rely on cross border data flows” to function.

Microsoft offered to brief Australian government officials on the matter.

“Our view is that the locality of your data in the Microsoft cloud is not considered a security control for data, but is an architectural choice when building applications,” it said. [pdf]

“In essence, with the correct security controls in place, on the Microsoft global network of data centre regions, your data is no more secure in the Sydney data centre than it is in Washington, Auckland or Paris Microsoft data centres. 

“This is an area that is largely still misunderstood in the market, and misconceptions regarding threats such as insider threat or law enforcement access requests still exist. 

“If this is an area of concern, we would welcome the opportunity to brief policy makers on these matters.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
awscloudgoogle cloudmetamicrosoftstorage

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

AWS eyes $300m Sydney data centre under 'Project Echidna'

AWS eyes $300m Sydney data centre under 'Project Echidna'
AGL Energy is switching its CRM platform to Salesforce

AGL Energy is switching its CRM platform to Salesforce
IBM nears US$5 billion deal for Apptio

IBM nears US$5 billion deal for Apptio
Kyndryl lands role in aged care IT transformation

Kyndryl lands role in aged care IT transformation

Digital Nation

Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX

Log In

  |  Forgot your password?