Your AI Tool Is Probably Exporting Personal Data Overseas — And You Didn't Notice
APP 8 makes Australian organisations liable for how overseas AI vendors handle personal data. Most businesses breach it unknowingly by adopting AI tools that process data on overseas servers. Reasonable steps require vendor assessment against the APPs, data flow mapping, and documented compliance decisions. The December 2026 Privacy Act amendments make this urgent with penalties up to $50 million.
There is a specific clause of the Australian Privacy Act that most organisations breach every day without realising it. It is Australian Privacy Principle 8: cross-border disclosure of personal information. And the reason organisations are breaching it is not malice or negligence in the traditional sense. It is that they do not realise their AI tools are exporting data at all.
Here is how it happens. A team adopts a meeting transcription tool. Someone installs a browser extension that summarises documents. The HR department trials an AI resume screener. The contact centre turns on customer sentiment analysis. Each of these tools processes data. Each of these tools is hosted by a vendor. And in almost every case, the vendor's servers are not in Australia.
Under APP 8, an organisation that discloses personal information to an overseas recipient must take reasonable steps to ensure the recipient does not breach the APPs. The organisation remains liable for the recipient's handling of the data. If the vendor stores Australian customer data on a server in the United States, and that server is breached, the Australian organisation that sent the data there is responsible. Not the vendor. The organisation.
Most Australian businesses using AI tools have not taken reasonable steps. They have taken no steps at all. They adopted the tool, accepted the terms of service, and assumed the vendor had it covered. APP 8 does not accept that assumption.
Where the Data Actually Goes
The AI tools Australian businesses use most commonly involve one of three data pathways, all of which trigger APP 8 obligations.
The first pathway is direct cloud processing. The user uploads a file, records a meeting, or types a query. That data goes to the vendor's servers for AI processing. In most cases, those servers are in the United States, Europe, or Singapore. The data has left Australia. APP 8 applies.
The second pathway is API-based processing. The tool sits on the user's device or in their browser, but sends data to an AI model hosted by a third party — OpenAI, Anthropic, Google, or a specialist provider. The vendor might be Australian, but the AI model provider is not. The data transits through an overseas infrastructure chain that the organisation did not review and does not control. APP 8 applies.
The third pathway is the one most organisations miss entirely: training data and model improvement. Many AI vendors use customer data to improve their models, either by default or through an opt-out buried in settings. Even if the primary processing happens in Australia, if the vendor uses customer data for model training on infrastructure overseas, that is a cross-border disclosure. And if the vendor's privacy policy or terms of service permit this, and your organisation did not check, you have likely breached APP 8.
What Reasonable Steps Actually Look Like
APP 8 does not require organisations to prevent all cross-border data flows. It requires reasonable steps to ensure the overseas recipient handles the data in accordance with the APPs. The key word is reasonable. A one-line statement in a vendor contract saying "the vendor complies with all applicable privacy laws" is not reasonable steps. It is wishful thinking.
Reasonable steps for an AI vendor include: reviewing the vendor's privacy policy and data processing terms against the APPs, not just accepting the summary; identifying where the vendor stores and processes data, including any subcontractors or AI model providers they use; verifying whether the vendor uses customer data for model training and, if so, whether that has been disclosed to and consented to by the individuals whose data is involved; assessing the data protection laws of the jurisdictions where data is stored and processed; and documenting the assessment. When the OAIC asks what steps you took, a document that says "we checked and it was fine" is not adequate. A document that shows what you checked, what you found, and why you concluded the risk was acceptable — that is reasonable steps.
If the vendor cannot or will not provide the information needed for this assessment, the reasonable step is to not use the vendor. APP 8 does not require you to find a way to make an opaque vendor compliant. It requires you to take reasonable steps. If the vendor makes those steps impossible, the only reasonable course is to choose a different vendor or accept the legal risk of non-compliance.
The Vendors That Are Most Likely to Fail
Startups and early-stage AI companies are the highest risk. They often have lean legal teams, privacy policies that were written for the US market and never adapted for Australian law, and data infrastructure that was designed for speed and cost rather than jurisdictional compliance. They may not even know what the APPs are. If your organisation is using an AI tool from a company that did not exist two years ago, and you have not reviewed their data handling practices against Australian law, you should assume APP 8 compliance has not been addressed.
Open-source AI tools present a different risk. If your team has adopted an open-source model and is running it on cloud infrastructure, the data is going wherever that infrastructure is hosted. If the infrastructure is AWS US East, your data is in Virginia. If it's Google Cloud, your data could be in any of their global regions. The model might be free, but the data handling obligations are not.
Even large, established vendors can fail. We have audited AI tools from publicly traded companies whose data processing terms did not address Australian privacy law, whose privacy policies referenced compliance with GDPR and CCPA but not the APPs, and whose data flow documentation did not account for the specific requirements of APP 8. Size and reputation are not compliance. Only verification is compliance.
The December 2026 Deadline Makes This Urgent
The Privacy Act amendments taking effect on 10 December 2026 strengthen the OAIC's enforcement powers significantly. APP 8 breaches that might have attracted a letter in 2024 could attract an infringement notice in 2027. The penalty framework is now serious: the greater of fifty million dollars, three times the benefit obtained, or thirty per cent of turnover.
The organisations that will be caught out are not the ones deliberately ignoring their obligations. They are the ones that never realised the meeting transcription tool, the document summariser, and the customer sentiment analyser were each triggering APP 8, and that the cumulative effect of a dozen AI tools processing customer data across six different jurisdictions represents a compliance gap that the amended Act was specifically designed to close.
What to Do This Month
First, identify every AI tool your organisation uses that processes personal information. Not just the ones IT approved. The ones individual teams adopted because they were useful. If it handles customer data, employee data, or any information that could reasonably identify an individual, it is in scope.
Second, for each tool, map the data flow. Where is the data collected? Where is it processed? Where is it stored? Which jurisdictions does it pass through? Who are the subcontractors? Does the vendor use customer data for model training? Document the answers.
Third, assess each vendor against the APPs. Not against the vendor's own privacy policy. Against the APPs. The vendor's policy might be excellent for GDPR compliance and silent on Australian requirements. That gap is your problem, not the vendor's.
Fourth, for any vendor that fails the assessment, either negotiate compliant terms or find an alternative. This is not a theoretical exercise. The amended Act is coming. The vendors you are using today will be your liability in December. Start now, because vendor negotiations take time and alternatives take time and December does not move.
Book a scoping call to discuss an APP 8 compliance audit of your AI vendors.
Frequently asked questions
What is APP 8 and how does it apply to AI tools?
Australian Privacy Principle 8 requires organisations to take reasonable steps to ensure overseas recipients of personal information handle it in accordance with the APPs. AI tools that process data on overseas servers trigger this obligation, and the Australian organisation — not the vendor — is liable for breaches.
How do I know if my AI vendor is compliant with APP 8?
You need to review the vendor's data handling practices against the APPs, not against their own privacy policy. Map where data is stored and processed, check if it's used for model training, and document your assessment. If the vendor can't provide this information, they likely aren't compliant.
What happens if we breach APP 8 through an AI vendor?
Under the amended Privacy Act effective December 2026, penalties reach the greater of $50 million, three times the benefit obtained, or 30 percent of turnover. The organisation is liable, not the vendor.
Do free or open-source AI tools trigger APP 8?
Yes. If your team uses an open-source AI model running on overseas cloud infrastructure, the data goes wherever that infrastructure is hosted. The tool being free does not exempt you from APP 8 obligations.


