Data control conditions for foreign investment approvals in Australia

Articles Written by Jeremy Davis (Partner), Isabella Bosworth, Greg Travers

Key takeaways

Recent decisions by the Treasurer indicate a growing trend towards the imposition of data control conditions in connection with foreign investment approvals. In particular, the conditions focus on personal information and other sensitive, industry-specific data (sensitive data) being stored or accessed from outside Australia.

Implications for foreign investors

The imposition of data control conditions may in certain cases slow down the approval process and, potentially, lengthen the timeline for completing a transaction. Investors should allow for the possibility of delays at various stages in the approval process, including due to the consultation process between FIRB and CIC and negotiations between the investor and FIRB regarding the appropriateness of any conditions imposed.

Importantly, recent consultations with stakeholders indicate that FIRB and the CIC are seeking to better understand any practical challenges which may arise when implementing these conditions. This will hopefully provide foreign investors with greater clarity regarding compliance with conditions.

What conditions will be imposed?

Conditions may include obligations on foreign investors to ensure that:

  • sensitive data remains stored in, and is only accessible from, Australia (subject to limited exceptions);
  • where sensitive data is stored in the cloud, the cloud provider is on a preapproved list maintained by the Australian Signals Directorate; and
  • certain representatives of the foreign investor, for example directors of parent companies and nominee directors of Australian target companies, must not access sensitive data.

In circumstances where the Foreign Investment Review Board (FIRB) has not restricted offshore storage or access to sensitive data, it may still impose conditions requiring foreign investors to:

  • maintain detailed records of each instance of offshore access to sensitive data;
  • store those records and provide access to them to FIRB or the relevant customer or individual upon request; and
  • notify customers if sensitive data is stored offshore.

What has prompted FIRB’s focus on data control?

FIRB’s increasing use of data control conditions is likely driven, at least in part, by the recent establishment of the Australian Federal Government’s Critical Infrastructure Centre (CIC).

Our September 2017 update, The Critical Infrastructure Centre: what foreign investors need to know, noted that the aim of the CIC was to bring together all levels of government, owners and operators of critical infrastructure to identify and manage potential national security risks. CIC then uses that information to advise FIRB in relation to inbound investments.

While the CIC is primarily focused on the high risk telecommunications, electricity, gas, water and ports sectors, recent FIRB decisions indicate it is also willing to recommend data control conditions in respect of businesses and assets in other sectors that hold large amounts of sensitive data.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).

Related insights Read more insight

Review 2019

With significant regulatory change coming into effect the spotlight is staying firmly on culture, ethics and regulatory compliance. An organisation’s social licence to operate remains a priority...

Dealings between major shareholders in a scheme of arrangement – without needing joint bid relief

The Federal Court has approved one of the more novel schemes of arrangement in recent times, where the bidder (already a major shareholder), required that both the target’s Executive Chairman...

When should a director refrain from recommending a scheme?

The information to be sent to target shareholders seeking their approval of a scheme of arrangement is required to include whether or not each director recommends approval of the scheme; or if a...