The government should heed the lessons from the controversial My Health Record launch in designing its new data sharing and release legislation, the Australian Privacy Foundation has warned.
The broad-ranging and significant laws propose to make much more government-held data available for sharing and release across other departments and agencies for the purposes of policy-making, service delivery, and helping the policy implementation.
“Improving Australia’s use of data represents a key opportunity to substantially enhance national productivity. Making data more available is an achievable reform and would liberate economy-wide productivity improvements over many years,” the government said.
The new legislation provides a means for sharing and releasing government-held data when the current avenues for this are restrictive or ineffective. It is based on the ‘five safe framework’: safe data, safe people, safe setting, safe outputs and safe project.
But some submissions on the legislation have urged caution and greater focus on privacy and the security of data, with the recent My Health Record controversy mentioned by many.
The switch to an opt-out My Health Record system was met with much public outcry and is currently the subject of a senate inquiry. Concerns have centred on the security of the sensitive medical data and the potential for it to be passed to third parties.
The government’s new, major data legislation should reflect the concerns that have surrounded My Health Record, the Australian Privacy Foundation said in its submission.
“The emphasis in the issues paper on a principles-based approach and on ‘five safes’ is commendable. It is imperative that in developing the proposed legislation the department should be mindful of problems with My Health Record,” the submission said.
“The current controversy regarding implementation of MyHR demonstrates both that there is value for officials in taking on board advice from civil society bodies as centres of expertise and that failure to actively anticipate problems increases administrative costs by eroding trust.”
A submission from a number of stakeholders, including elevenM principal Melanie Marks and Salinger Privacy director Anna Johnston, also pointed to issues surrounding the MHR rollout.
“The My Health Record system debate which has dominated the press over the last fortnight clearly demonstrates that Australians want genuine choice and control when it comes to sharing their data. The approach of overriding all existing secrecy provisions unless explicitly excluded is a simplistic and dangerous response to a complex problem,” the submission said.
The group argued for a “strictly controlled data sharing framework” that has strong oversight and choice for Australians to opt to share their data or not.
“The pursuit of greater data use and data sharing should not come at the cost of personal privacy and the freedoms that Australians enjoy today. We are concerned that the framework fails to consider the social impacts that it will enable. Significant clarification and debates is required before the framework should be accepted,” they said.
“At a fundamental level, the proposed bill fails to provide any protection for individual’s privacy. Key principles of the bill must emphasise the protection of privacy and protection of data.”
The Office of the Australian Information Commissioner said the new laws have the “potential to result in a significant change to the way the Australian government manages the data it holds on behalf of the Australian community”.
The Office of the Victorian Information Commissioner also made a submission on the matter, saying that community trust in the scheme is “crucial for its success”.
“To ensure community trust, the scheme should draw on principles developed in privacy law to balance the potentially competing interests of data subjects and data users,” OVIC said.
In another submission, a group of University of Melbourne researchers – Chris Culnane, Benjamin Rubinstein and Vanessa Teague – said there was a “significant misalignment” in the bill, with “consent” not appearing once.
“Privacy and data protection are given inadequate consideration by the proposal in its present form. That consent does not make one appearance in the proposal, while being a central tenant to privacy best practice, is indicative of significant misalignment,” the submission said.
The same group of researchers recently demonstrated the ease at which de-identified data could be re-identified, and said the focus on de-identified data in the government’s plan is troublesome.
“Where individual data is to be released publicly it should be protected by differential privacy; where individual data is to be transmitted, stored or processed on untrusted platforms, it should be encrypted,” the submission said.
Global tech giant Microsoft also made a submission and urged government to clarify and reconsider some aspects of the bill.
In particular, Microsoft said the data should be more open to private companies.
“Missing from the purpose test is use by private sector entities for research and development of new products or services, including products or services that may not, at the time of the request, have ‘clear and direct public benefits’,” Microsoft said.
“As a result the purpose test may prevent private-sector persons and entities from accessing public-sector data for lawful and appropriate purposes – an outcome that would put Australian industry and society at a disadvantage to those in the United States, the EU and other jurisdictions that impose no such ‘purpose’ restrictions on private-sector access to public-sector data,” it said.
“Removing the purpose test and relying on the five safe frameworks to ensure the data is used appropriately would also eliminate a step in the process, potentially streamlining the sharing and releasing of public sector data.”
OVIC also criticised this reliance on de-identified data.
“Relying on de-identification of personal information carries with it significant challenges and risks and is unlikely to be appropriate in a data release context,” OVIC said.
“Successfully de-identifying personal information to the point where it cannot be re-identified, particularly unit-record level data, is likely to be impossible. It is very difficult to determine the likelihood of re-identification,” it said.
Several of the submissions also criticised the short-term frame given for consulting on the important legislation.
“The work being undertaken as part of this project provides an opportunity to rationalise the current patchwork of laws dealing with how the government shares information internally and externally,” the Allens Hub for Technology, Law and Innovation said in a submission.
“However, given the tight timing, there is a risk that, instead, the government will merely add an additional patch to the existing morass of conflicting policies and inconsistent principles,” it said.