Australian unis back GDPR style data reforms

Joseph Brookes
Senior Reporter

“Deficiencies” in Commonwealth privacy laws are stopping European researchers from sharing data with Australian counterparts and may force local projects offshore, researchers have warned.

Universities are calling for an alignment with the EU’s data regulations and a better standard from the Australian government to restore the international collaborations.

In a submission to the Department of Home Affairs consultation on a National Data Security Action Plan, the University of Sydney said the introduction of Europe’s General Data Protection Regulation (GDPR) in 2018 had limited local access to research data.

The University of Sydney says Australia’s inferior privacy laws are hampering research collaboration with the EU

European researchers are not willing to share data with Australian researchers because Australian law is far less protective and contains “loopholes”, the University of Sydney’s submission says.

“Deficiencies in Commonwealth privacy legislation (e.g. no requirement for small businesses to report data breaches) prevent research data movements from GDPR-states to Australia,” it said.

In contrast, GDPR typically requires tighter oversight and for a data breach be reported to the appropriate authority within days.

In a separate submission, the university-backed not-for-profit Australian Research Data Commons (ARDC) notes the European Commission does not recognise Australia as having data protections equivalent to those provided under the GDPR.

“Over time, this will become increasingly problematic for Australian researchers as the proportion of research data they can access and the ability to collaborate with GDPR bound counterparts declines. Australian researchers may prefer to move their data and research activity onto offshore research infrastructure and into environments recognised as being compliant with the GDPR,” the ARDC said.

The University of Sydney backed an “alignment of Commonwealth legislation” to GDPR through revisions to the Privacy Act – currently under a separate review by the Attorney General’s Department – among others.

This would result in “significant uplift in international research collaborations with European partners and would remove loopholes in Commonwealth legislation”, the university said.

The submission also warns of non-alignment in state and territory law is limiting cross-jurisdiction data sharing within Australia.

“This is particularly problematic when collaborating with researchers in other states, and when attempting to link state and national datasets together, affecting many health, medical and population studies and initiatives,” the submission said.

“Variations between states’ recordkeeping legislation cause further complications as different rules apply for the long-term retention and management of research data. Overarching legislation and frameworks that aggregate data and ‘remove state borders’ should be prioritised.”

Another submission to the Home Affairs consultation from experts at the University of Queensland, backs the adoption of some aspects of GDPR, but warned a complete adoption would impose the most restrictive parts on Australian businesses and bring a significant new enforcement load to scale it up across the Australian economy.

“There are opportunities for a federal government framework which is in line with international expectations, and at the same time homogenises across states and territories,” the University of Queensland submission said.

In addition to the concerns about international and national consistency, the University of Sydney also raised concerns with the “overly complex” landscape of government data bodies and legislative framework, supply chain security, an under skilled technology workforce, and criticised the ability of government to protect and handle data.

“The inability to adequately protect valuable data assets also impacts researchers who wish to access these datasets,” the University of Sydney submission said.

“The prevalence of poor data security undermines safe data sharing practices, which leads to refusals of reasonable data sharing requests by researchers and inhibits the ability of researchers to collaborate.”

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories