Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

MOU between the OAIC and the DPCI on mutual assistance in the enforcement of laws protecting personal information in the private sector

pdfPDF of MOU127.76 KB

The Office of the Australian Information Commissioner (“OAIC”) and the Data Protection Commissioner of Ireland (“DPCI”) (“the Participants”):

  • Recognising the nature of the modern global economy, the increase in circulation and exchange of personal information across borders, the increasing complexity and pervasiveness of information technologies, and the resulting need for increased cross-border enforcement cooperation;
  • Recognising that both the OECD Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy and the APEC Privacy Framework call on member countries and economies to develop cross-border information sharing mechanisms and bilateral or multilateral enforcement cooperation arrangements; and
  • Recognising that s. 27 of the Privacy Act 1988 (Cth) gives the Australian Information Commissioner the power to do all things necessary or convenient to be done for, or in connection with, the performance of his functions under the Privacy Act 1988 (Cth), including the investigative functions under Part V of that Act;
  • Recognising that s. 10(1A) of the Data Protection Acts, 1988 and 2003, authorizes the DPCI to carry out such investigations as he or she considers appropriate in order to ensure compliance with the provisions of the Acts and to identify any contravention thereof and that the effective discharge of this function in relation to entities providing services in Australia and Ireland would be facilitated by exchange of relevant information between the OAIC and DPCI; and
  • Recognising that the Participants have similar functions and duties with respect to the protection of personal information in the their respective countries;

have reached the following understanding.

I. Definitions

For the purposes of this Memorandum,

  1. “Applicable Privacy Laws” means the laws and regulations of the Participants’ countries the enforcement of which have the effect of protecting personal information. In the case of the OAIC, “Applicable Privacy Laws” means the Privacy Act 1988 (Cth) and, in the case of the DPCI, it means the Data Protection Acts, 1988 and 2003 and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011; as well as any amendments to the Participants’ Applicable Privacy Laws, and such other laws or regulations as the Participants may from time to time jointly decide in writing to be an Applicable Privacy Law for purposes of this Memorandum.
  2. “Person” means any natural person or legal entity, including any corporation, unincorporated association, or partnership.
  3. “Request” means a request for assistance under this Memorandum.
  4. “Requested Participant” means the Participant from which assistance is sought under this Memorandum, or which has provided such assistance.
  5. “Requesting Participant” means the Participant seeking or receiving assistance under this Memorandum.
  6. “Covered Privacy Contravention” means conduct that would be in contravention of the Applicable Privacy Laws of one Participant’s country and that is the same or substantially similar to conduct that would be in contravention of the Applicable Privacy Laws of the other Participant’s country.

II. Objectives and scope

  1. The Participants understand that it is in their common interest to:
    1. cooperate with respect to the enforcement of the Applicable Privacy Laws, including the sharing of relevant information and the handling of complaints in which the Participants are mutually interested;
    2. facilitate research and education related to the protection of personal information;
    3. promote a better understanding by each Participant of economic and legal conditions and theories relevant to the enforcement of the Applicable Privacy Laws;
    4. keep each other informed of developments in their respective countries that have a bearing on this Memorandum; and
  2. In furtherance of these common interests, and subject to Section IV, the Participants will use best efforts to:
    1. share information that a Participant believes would be relevant to ongoing or potential investigations or proceedings in respect of a Covered Privacy Contravention in the other Participant’s country;
    2. exchange and provide relevant information in relation to matters within the scope of the Memorandum, such as information relevant to consumer and business education; government and self-regulatory enforcement solutions; amendments to relevant legislation; and staffing and resource issues;
    3. arrange for short-term and, possibly, long-term staff exchanges to facilitate and develop enforcement cooperation between the Participants; and
  3. In furtherance of these common interests, and subject to Section IV, the Participants recognise the following items as priority issues for potential cooperation:
    1. potential parallel or joint investigations or enforcement actions by the   Participants.

III. Procedures Relating to Mutual Assistance

  1. Each Participant will designate a primary contact for the purposes of requests for assistance and other communications under this Memorandum.
  2. In requesting assistance in procedural, investigative and other matters involved in the enforcement of Applicable Privacy Laws across borders, Participants will ensure that:
    1. Requests for assistance include sufficient information to enable the Requested Participant to determine whether a request relates to a Covered Privacy Contravention and to take action in appropriate circumstances. Such information may include a description of the facts underlying the request and the type of assistance sought, as well as an indication of any special precautions that should be taken in the course of fulfilling the request.
    2. Requests for assistance specify the purpose for which the information requested will be used.
    3. Prior to requesting assistance, Participants perform a preliminary inquiry to ensure that the request is consistent with the scope of this Memorandum and does not impose an excessive burden on the Requested Participant.
  3. Participants intend to communicate and cooperate with each other, as appropriate, about matters that may assist ongoing investigations.
  4. The Participants will notify each other without delay, if they become aware that information shared under this Memorandum is not accurate, complete, and up-to-date.
  5. Subject to Section IV, Participants may, as appropriate and subject to their Applicable Privacy Laws, refer complaints to each other, or provide each other notice of possible Covered Privacy Contraventions in the other Participant’s country.
  6. Participants will to use their best efforts to resolve any disagreements related to co-operation that may arise under this Memorandum through the contacts designated under Section III. A, and, failing resolution in a reasonably timely manner, by discussion between the signatories of this MOU or their successors.

IV. Limitations on Assistance and Use

  1. The Requested Participant may exercise its discretion to decline the request for assistance, or limit or condition its cooperation, in particular where it is outside the scope of this Memorandum, or more generally where it would be inconsistent with domestic laws, or important interests or priorities. The Requesting Participant may request the reasons for which the Requested Participant declined or limited assistance.
  2. Participants will only share personal information pursuant to this Memorandum to the extent that it is necessary for fulfilling the purposes of this Memorandum, and will, wherever possible, use best efforts to obtain the consent of the individual(s) concerned before doing so.
  3. Participants will not use any information obtained from the Requested Participant for purposes other than those for which the information was originally shared.

V. Confidentiality

  1. The Participants will accept any information shared under this Memorandum on a confidential basis, and handle personal information in accordance with the Applicable Privacy Laws of a Participant’s country.
  2. The Participants acknowledge that information shared under this Memorandum may need to be disclosed in accordance with the laws applying in the Participant’s country. The Participants agree to consult with the other Participant before disclosing information received from the Participant, and to keep the Participant informed of any disclosure or use of that information.
  3. The Participants will oppose, to the fullest extent possible consistent with their countries’ laws, any application by a third party for disclosure of confidential information or materials received from Requested Participants, unless the Requested Participant consents to its release. The Participant who receives such an application will notify forthwith the Participant that provided it with the confidential information.

VI. Changes in Applicable Privacy Laws

In the event of significant modification to the Applicable Privacy Laws of a Participant’s country that are within the scope of this Memorandum, the Participants will use best efforts to consult promptly, and, if possible, prior to the entry into force of such enactments, to determine whether to amend this Memorandum.

VII. Retention of Information

Information received under this Memorandum will not be retained for longer than is required to fulfill the purpose for which it was shared or than is required by the Requesting Participant’s country’s laws.

VIII. Costs

Unless otherwise decided by the Participants, the Requested Participant will pay all costs of executing the Request. When the cost of providing or obtaining information under this Memorandum is substantial, the Requested Participant may ask the Requesting Participant to pay those costs as a condition of proceeding with the Request. In such an event, the Participants will consult on the issue at the request of either Participant.

IX. Duration of Cooperation

  1. This Memorandum takes effect on the date it is signed and supersedes any previous memoranda between the Participants.
  2. Assistance in accordance with this Memorandum will be available concerning Covered Privacy Contraventions occurring before as well as after this Memorandum is signed.
  3. This Memorandum may be terminated on 30 days written notice by either Participant. However, prior to providing such notice, each Participant will use best efforts to consult with the other Participant.
  4. On termination of this Memorandum, the Participants will, in accordance with Section V, maintain the confidentiality of any information communicated to them by the other Participant in accordance with this Memorandum, and return or destroy, in accordance with the provisions of Section VII, information obtained from the other Participant in accordance with this Memorandum.

X. Legal Effect

Nothing in this Memorandum is intended to:

  1. Create binding obligations, or affect existing obligations under international law, or create obligations under the laws of the Participants’ countries.
  2. Prevent a Participant from seeking assistance from or providing assistance to the other Participant pursuant to other agreements, treaties, arrangements, or practices.
  3. Affect any right of a Participant to seek information on a lawful basis from a Person located in the territory of the other Participant’s country, nor is it intended to preclude any such Person from voluntarily providing legally obtained information to a Participant.
  4. Create obligations or expectations of cooperation that would exceed a Participant’s jurisdiction.

 

Signed in duplicate, each copy being equally authentic.

Billy Hawkes 
Data Protection Commissioner of Ireland

Prof John McMillan
Australian Information Commissioner
Office of the Australian Information Commissioner