The National Farmers Federation of Australia has published a Farm Data Code to assist tech providers with development of policies for collection of agricultural data. The Australian Farm Data Code arrived nearly five years after the North America’s “Core Principles” for ag data, the Privacy and Security Principles for Farm Data, so I thought it would be worth examining how these two documents compare, and whether Australian Farm Data Code is a refinement of North America’s Core Principles or a different approach.
Because the Australian Farm Data Code is relatively short (like the Core Principles), I have posted the entire code below rather than paraphrase it. My analysis and comments follow.
In order to comply with this Code, Providers must commit to and uphold the following Principles:
a. Transparent, clear and honest collection, use and sharing of farm data
Providers will:
Be transparent (ie up-front and open) about what Farm Data is collected, as well as the purpose/s for which it is being collected, used and shared (including the use and sharing of Aggregated Farm Data).
Provide Farmers with plain-English information detailing:
The identity of the contracting party/ies and any affiliates who may receive Farm Data pursuant to the contract;
What Farm Data will be collected about them and their business;
How that Farm Data will be used and managed;
Processes and conditions for data retrieval and service termination; and,
Any risks or detriments that may adversely affect Farmers who share data with the Provider.
Provide appropriate updates about any changes to its Farm Data practices, and where a change to terms and conditions is proposed, obtain consent or provide an avenue for the Farmer to reject the change without incurring a financial penalty.
Provide a mechanism for Farmers to enquire about the collection, use, storage, security and sharing of their Farm Data.
Notify Farmers of the legal jurisdiction in which their Farm Data is stored.
b. Fair and equitable use of farm data
Providers must:
Only collect, use and share Farm Data for the purposes that they have made clear to the Farmer.
Recognise that Farmers should benefit from the use of Individual Farm Data.
Ensure that the privacy of Farmers is appropriately protected and that Farm Data is collected, stored and used in an ethical way.
Ensure Farm Data is not deleted without authorisation.
c. Ability to control and access Farm Data
Providers will:
Only use Farm Data for the purposes specified in the terms agreed by the Farmer.
Preserve the ability of the Farmer to determine who can access and use Individual Farm Data.
Protect sensitive data, such as personal/financial information, confidential information or intellectual property.
Comply with obligations imposed by the Privacy Act 1988 (Cth), including the Australian Privacy Principles.
Explain to Farmers what reasonable steps are being taken to ensure any affiliates permitted access to Farm Data do not contravene the provisions of this Code.
d. Documentation and Record Keeping
Providers must have a record keeping system in place to ensure that all processes and decision making related to Farm Data are documented in a clear and comprehensive manner.
e. Portability of Farm Data
Providers will:
Provide Farmers with the ability to retrieve their Individual Farm Data – in both a processed (cleaned) and unprocessed form – for storage and/or use in third party systems (this includes during any Data Retention Period).
At the request of a Farmer, delete any Individual Farm Data or Private Data relating to that Farmer.
f. Keeping Farm Data Secure
Providers will:
Take all reasonable and prudent steps, in line with industry best practice, to ensure Farm Data, Private Data and Public Data are protected at all times from unauthorised access, damage or destruction.
Promptly notify a Farmer where an attempt (successful or otherwise) has been made to gain unauthorised access to, or damage or destroy their Farm Data or Private Data.
Implement a backup and recovery regime that is appropriate for the scale, sensitivity and timeliness of the Farm Data.
Ensure that contingency plans exist to return or delete data (as per Principle 'e') in the event of insolvency.
Ensure all staff and sub-contractors a retrained to comply with the terms of this Code.
g. Compliance with National and International Laws
Where Providers are required by law to provide information to a third party, the Provider will:
Avoid disclosing any Farm Data or Private Data ; or,
If Farm Data or Private Data must be disclosed, where legally permissible the Provider must promptly notify any Farmer whose identifying information will be (or has been – if prior warning is not possible) disclosed.
Definitions:
Provider - any entity with a direct contractual relationship with a farm business which collects, interprets or manages data in the course of that relationship.
Data Retention Period - a period during which the Provider is allowed or required to retain Farm Data or Private Data relating to a Farmer after their commercial relationship has ceased.
Farm Data – Individual Farm Data and Aggregated Farm Data and each of them.
Individual Farm Data – any data produced by a Farmer, or by a Provider in the course of providing a commercial service to a Farmer, which relates to operations, conditions or other characteristics of a particular Farmer or farm. Examples of Farm Data include (but are not limited to):
production data; sensor data; soil data; climate data; transaction data; and, environmental data.
Aggregated Farm Data – Individual Farm Data which is aggregated or otherwise transformed, so that the Individual Farm Data of a particular Farmer or farm cannot be identified (including through matching with other data).
Public Data – data from any source which relates to a Farmer or farm business, excluding Farm Data.
Private Data – data that has direct or indirect identifiers that could be used (including through matching with other data) to identify an individual farmer or their business. Private Data may be personal information about individuals that are Farmers (and accordingly regulated by the Privacy Act 1988 (Cth), but will include many data sets that are not personal information about individuals.
Farmer – an individual, partnership, trust or company operating a primary production business, or an individual, partnership, trust or company which owns agricultural land.
My take:
For the most part, the Australian Farm Data Code follows the framework of North America’s Core Principles, focusing on clarity, portability, control, consent and sharing, and deletion rights. It is similarly an aspirational document, a set of guiding principles. As I have learned over the years, even though not legally binding, these type of best-practices documents can be very helpful for companies when figuring out how to address farmer concerns. Overall, I would call the Data Code complimentary to the Core Principles in most respects.
Some elements are unique. The Australian Data Code includes a “fairness” principle (part b). It is hard to put your finger on what is fair, but I give the drafters credit for trying. For example, the Code requires providers to explain if sharing data “may adversely affect” the farmer. Likewise, code states that providers should recognize that Farmers should be the beneficiary of sharing their data.
The Code lacks an “ownership” principle, which was central to the Core Principles. Instead, the Code focuses on transparency and control of data, where many of these concepts are similar.
Finally, the Code contains a robust definitions section. I think this is very helpful as ag data platforms proliferate on the market. I have noticed a lot of inconsistency in how companies define some of the most basic terms in their contracts, which in turn, creates farmer confusion. (E.g. What is a “data partner”?) The definitions also differentiate between “Individual Farm Data” (connected to the farmer) and “Aggregated Farm Data” (anonymized). This is definitely an improvement.
My overall conclusion is that this is another step in the right to direction towards protecting farmers data rights. The Australian Data Code also makes clear that farmers across the globe share many of the same concerns about data collection, storage, and use. Farming is truly a unique occupation.
