Almost every AI tool you use is hosted overseas

OpenAI is headquartered in San Francisco. Microsoft Azure — which powers Copilot — operates data centres across the US, Europe, and Asia. Google's AI infrastructure spans multiple jurisdictions. Even tools that feel local are typically built on overseas cloud infrastructure.

This matters because under Australian Privacy Principle 8, when an APP entity discloses personal information to an overseas recipient, that entity remains accountable if the overseas recipient mishandles the data. This isn't a technicality — it's a substantive legal obligation with real consequences if something goes wrong.

Most SMEs using AI tools aren't aware of this. They assume that by choosing a reputable vendor, they've discharged their obligations. They haven't.

What APP 8 actually says

APP 8.1 requires that before an APP entity discloses personal information to an overseas recipient, it must take reasonable steps to ensure the overseas recipient doesn't breach the APPs in relation to that information.

APP 8.2 provides an exception: the obligation doesn't apply if the individual has consented to the overseas disclosure with full knowledge that the Australian entity won't be accountable for how the information is handled.

There's also an exception where the overseas recipient is subject to a binding privacy scheme that the Attorney-General has determined provides substantially similar protections to the APPs. Currently, no country or region has been formally designated under this provision — which means the consent or contractual compliance route is the practical path for most businesses.

The "accountable anyway" rule

Here's the part that surprises most people. Under APP 8.1, if you fail to take reasonable steps and the overseas recipient mishandles the data, you are treated as having breached the APPs yourself. You can't point to the vendor and say it was their fault. The liability sits with you.

This means a data breach at your AI vendor's end can become your NDB notification obligation. It means the OAIC can investigate your business for the vendor's conduct. It means your clients can complain to the OAIC about what happened to their information — and your business bears the consequences.

What "reasonable steps" actually looks like

The OAIC hasn't defined "reasonable steps" exhaustively, but based on regulatory guidance and enforcement practice, the following are generally expected:

  • Review the vendor's privacy policy and terms. Specifically: where is data stored? Who has access? Is data used for training? What is the breach notification process?
  • Enter into a data processing agreement (DPA). A DPA contractually requires the vendor to handle personal information in accordance with the APPs (or equivalent standards). Enterprise tiers of most major AI tools offer DPAs — free tiers typically do not.
  • Assess the vendor's privacy certifications. ISO 27001, SOC 2 Type II, or equivalent certifications indicate that the vendor's data handling practices have been independently assessed.
  • Document your due diligence. Keep records of the steps you took. If the OAIC investigates, documented due diligence demonstrates good faith.

Free tier vs enterprise: This distinction is critical under APP 8. Free-tier AI tools almost never include data processing agreements, and most use inputs for model training. Enterprise tiers of the same tools typically offer DPAs, data residency options, and training opt-outs. If you're handling personal information, the free tier is usually not an option.

The consent alternative — and why it's rarely practical

APP 8.2 allows you to bypass the reasonable steps requirement if the affected individual consents to the overseas disclosure after being informed that the Australian entity won't be liable for how the overseas recipient handles their information.

In practice, this is rarely workable for AI tools used in normal business operations. Asking every client to consent to their data being processed by an overseas AI vendor — and sign a specific disclaimer about accountability — is operationally complex and, frankly, likely to undermine client confidence. The contractual compliance route is almost always preferable.

What to do right now

  1. Identify which AI tools in your business process personal information. This includes any tool where client names, contact details, employment information, health data, or financial information might be entered.
  2. Check where each tool's servers are located. This information should be in the vendor's privacy policy or data processing documentation.
  3. Confirm whether a DPA is available and sign one. For enterprise tools, this is usually a standard option. For tools where it's not available, assess whether using personal information in that tool is appropriate at all.
  4. Update your AI Register to record the vendor's jurisdiction, your DPA status, and the types of personal information processed.
  5. Review your privacy policy to ensure it accurately describes how personal information may be shared with overseas AI vendors.

The bottom line

APP 8 doesn't prevent you from using overseas AI tools. It requires you to take reasonable steps to ensure the personal information you share with those tools is handled appropriately. For most businesses, that means moving from free-tier to enterprise plans for tools used with client data, signing DPAs, and documenting the process.

It's not complicated. But it does need to be done deliberately, not assumed.

Get your AI governance pack

A complete, tailored set of AI governance documents for your Australian business — ready in minutes.

Get started →