Australia may be setting a bad example and limiting its options when it comes to providing offshore services due to a lack of strong data protection laws, according to the Council of Europe head of data protection and cybercrime division, Alexander Seger. Seger said that Australia should examine whether it would be appropriate to join Convention 108 — an international agreement for the protection of individuals’ privacy when dealing with automatically processed data. The absence of strong data privacy laws would result in a country missing out on being able to provide offshore services to European citizens. On the matter of cyber security and the requirement for internet service providers to preserve data for 180 days under the Cybercrime Legislation Amendment Bill 2011, Seger noted the problem was even more complex due to different countries specifying different retention periods. He said that the conditions specified by legislation in each country needed to be clearer and, ideally, harmonized to provide greater clarity.