Farm Data Code Update: Responsible Data Practices in Agriculture

28 July 2023

In the rapidly modernising world of agriculture, data harvested on farms is an increasingly valuable asset for the farmers as well as their supply chains and service providers. Despite its value, the use of such data comes with its own unique challenges, presenting risks for farmers and largely unregulated opportunities for service providers.

In response to the benefits and challenges associated with using data in the agriculture industry, the National Farmers’ Federation (NFF) introduced the Farm Data Code (Code) in February 2020 (Edition 1). After further refinement, the NFF more recently released an updated second edition in June 2023 (Edition 2).

The NFF says that the key driver behind the Code is to build trust between providers and farmers to promote the adoption of digital technology and encourage data sharing, whilst allowing farmers to have comfort in how their data is being used, managed and shared.

The Code sits in a unique space, covering data which tends to fall into a gap between other regulatory regimes. Data generated by farmers and agriculture is not always neatly covered by privacy laws, or consumer, health or financial data regulations.

The NFF says its intention is for the Code to form a key part of service providers’ broader data governance framework. It can also be used as a point of reference for farmers. Edition 2 updates the Code’s principles to better regulate the use of data.

What is Farm Data?

The Code defines ‘Farm Data’ broadly, to include a range of data relating to the operations, conditions or other characteristics of a farm. Farm Data can be data produced by the farmer or their farming business, created at the request of the farmer or in the provision of a service to the farming business.

Farm Data is further broken up into two subsets, being:

  • Identifying Farm Data – data that identifies a farm or farmer, such as personal information (including as defined in the Privacy Act 1988 (Cth) (Privacy Act)), and data about the farm including GPS coordinates, plant or animal DNA or soil information where the farm or farmer could be identified; and
  • Non-identifying Farm Data – being data which is deidentified, with only a remote risk of reidentification.

Identifying Farm Data is given the greatest protection under the code, given that it can identify the farm or farmer and may also include information which is Personal information under the Privacy Act.

A Voluntary Code with Farmer Control

The Code is a voluntary framework which the NFF expresses as being designed to allow farmers to retain a level of control over their farm data, giving them the power to understand how it is utilised and setting parameters for such use.

For service providers, the Code is a useful tool to develop and implement policies and contractual arrangements which meet the expectations of farmers and are seen as ‘industry standard’. The NFF’s ambition is that such compliance will lead to increased trust and confidence for farmers sharing data to service providers.

The Code has application across a range of industries which provide services directly or indirectly to farmers and farms, and collect data in the process. This includes:

  • software and hardware providers which provide or integrate with ‘smart’ farming equipment and other farm components;
  • farm management software providers;
  • transport providers;
  • produce processers and suppliers of tech to processors;
  • industry groups and other research bodies; and
  • distribution channels, including retailers and supermarkets.

The NFF has also introduced a certification process in Edition 2 of the Code to allow providers to apply to the NFF to obtain certification of compliance with the Code. Certification is only in respect of particular products or services, not for a provider’s practices as a whole. By being able to show certification, a provider can aim to further build positive relationships with farmers and a competitive edge over other providers.

Who could be impacted?

The Code is primarily aimed at providers directly engaging with farmers or their farms. Nearly any provider which has a relationship with a farmer or farm could fall under the purview of the Code. Some common examples of providers that could be covered include:

  • Vendors of smart farm equipment – vendors who sell smart machinery facilitate the collection of data through the machinery’s smart features. This data can directly or indirectly include information about the farm and is often used by farmers to monitor, manage and improve their farming business. With most data being stored in cloud storage, the vendor generally retains the ability to control, access and use this data;
  • Farm management software providers – many agriculture software solutions allow farmers to input their data for analysis to produce reports or other outputs. These software solutions can include software to evaluate business operations and efficiency, monitor environmental sustainability (such as emissions and use of chemicals/pesticides) and can even track farm outputs through supply chains. Even if data is not saved or accessible by the provider itself, the provider is still collecting and using farm data to provide its services; and
  • Agricultural researchers – research organisations can be directly or indirectly involved with farmers and farms. Although research is not often commercial, particularly at the collection stage, the research process still involves the collection and use of a broad range of Farm Data and would be captured under the Code.

Major changes from Edition 1

Edition 2 of the Code sees various updates to the Code. This includes the following notable updates:

  • The definition of Farm Data has been significantly refined. In Edition 1, data was broken up into ‘Farm Data’ (which included ‘Individual Farm Data’ and ‘Aggregated Farm Data’), ‘Private Data’ and ‘Public Data’. Edition 2, as above, amends and expands the definition of Farm Data to capture data that previously fell within the definitions of public data and private data;
  • The NFF has placed a greater emphasis on farmer control, strengthening requirements to obtain fully informed and express consent in respect of the terms of collection, use and sharing of their Farm Data. Further, providers will also be required to provide mechanisms to correct data and to include porting or deletion of data on service termination;
  • Express reference to, and requirements to comply with, the Privacy Act have been removed, as this is already a separate legal requirement. Meeting statutory obligations is now captured under the Compliance principle; and
  • In order to avoid notification fatigue, Providers will no longer need to keep records on processes and decision making or provide notifications where there is an (unsuccessful) attempt to gain unauthorised access.

Summary of key principles

The Code focuses on providing transparency over the collection, use and sharing of Farm Data by service providers, fairness to farmers and data accessibility (ie control, portability and security). This focus is represented in the six key principles under the Code, being transparency, fairness, control, portability, security and compliance.

  1. TransparencyTransparency seeks to ensure that the service provider is transparent around its data practices to farmers. The transparency requirements in the Code focus on requiring consent from farmers and allowing farmers to enquire about their data.
  2. FairnessThe fairness principle is centred around ensuring that farmers are treated equitably when providing data. This includes ensuring farmers derive value from the use of their Farm Data and are informed (and where needed, provide express consent) about use of Farm Data to avoid detriment to farmers.
  3. ControlControl focuses on giving farmers the ability to control how their Farm Data is accessed, used and maintained. This also extends to including mechanisms for corrections to Farm Data. Providers will be required to ensure that any other entities accessing Farm Data are engaged on terms which do not contravene the Code. This effectively passes down the requirements under the Code to the provider’s supply chains.
  4. PortabilityThe portability principle aims to give farmers control over the movement of their Farm Data. This includes allowing access to Farm Data (in useable formats) and deleting Farm Data as required. Providers will also need to involve the farmer where the provider changes its legal jurisdiction, ownership or corporate structure.
  5. SecurityThis principle requires providers to take reasonable and prudent steps to keep Farm Data protected and secure. Providers seeking to comply will need to implement and maintain data management protocols and/or policies which specifically address the protection and recovery of Farm Data.
  6. ComplianceThe last principle of compliance allows providers to still comply with the Code where they have contrary legal obligations. A provider will still be compliant with the Code if it deals with Farm Data as required under legislation, including as required under the Privacy Act. However, where legally permissible, providers will need to inform the farmer of the dealing.

Adopting the Code

Service providers seeking to comply with the Code must implement appropriate internal mechanisms to manage compliance. This includes:

  • Reviewing any terms or conditions or standard contracts used with farmers to ensure the clauses are consistent with the Code;
  • Establishing appropriate data use and management policies;
  • Implementing and maintaining good data management practices, including data retention and organisation of data within internal databases; and
  • Obtaining certification for certain products or services. While certification does not apply to a provider as a whole, it could serve to highlight the provider’s overall commitment to the Code.

HWL Ebsworth’s IP/IT team has extensive experience in advising businesses regarding data protection, privacy and commercialisation of intellectual property. If you need assistance with data, privacy or intellectual property, please contact us for further information on how we can assist you.

This article was written by Luke Dale, Partner, Nikki Macor Heath, Special Counsel, and Kayla Costa, Solicitor. 

Nikki Macor Heath

Special Counsel | Adelaide

Subscribe to HWL Ebsworth Publications and Events

HWL Ebsworth regularly publishes articles and newsletters to keep our clients up to date on the latest legal developments and what this means for your business.

To receive these updates via email, please complete the subscription form and indicate which areas of law you would like to receive information on.

Contact us