The federal government has finally unveiled draft legislation outlining a new data-sharing regime for public sector information, which would involve far more data being shared across agencies and to the private sector, at times without consent of the individual.
The exposure draft of the Data Availability and Transparency Act introduces a new scheme for public sector entities to share data on individuals that is currently prevented by secrecy provisions or other non-disclosure prohibitions on sharing.
It will enable much easier and more widespread sharing of data between departments and agencies, and other accredited entities, which may include universities, think tanks or not-for-profits.
The reforms stem from a 2017 Productivity Commission report on the issue, and the Coalition has been consulting on them since 2018. The government had planned to introduce the final legislation to Parliament earlier this year but this was put on hold due to the ongoing COVID-19 pandemic.
Consultations will be held on the draft legislation until November, but the government has not committed to when the bill will be introduced to Parliament.
Government Services Minister Stuart Robert said the draft legislation is an “important milestone” and will ensure the government makes better use of the data it already holds.
“For too long, there has been a lack of consistent and clear framework for making good use of data. We need to make sure the information the government collects and holds can be accessed in a safe and timely way to respond to the needs of Australians,” Mr Robert said.
“We need to accelerate this government’s commitment to creating a seamless digital experience for the Australian public, now and into the future.”
According to the government, the new laws will allow for easier sharing of data, with adequate protections and safeguards to be put in place.
“Currently, sharing is done in an ad hoc manner, with users potentially having to establish their credentials every time they interact with the system. Sharing is subject to legislative protections and the individual agencies’ interpretations of them. Often interpretations are not revisited as technology evolves and community expectations around reasonable use and reuse of data change,” the government said.
“This sharing space is ripe for reform. Modernising the safeguards and regulating the sharing space can enable Australians to benefit from better services, policies, programs and research.”
The legislation allows for the sharing of public sector data by data custodians – agencies and departments – with accredited users, for the purpose of delivering government services, informing policy and programs and for research and development.
The draft bill expressly prohibits the sharing of data for enforcement-related purposes.
The legislation also formalises the position of the National Data Commissioner, who will be responsible for oversight of the data sharing scheme and annually reporting on it.
This commissioner will be responsible for accrediting entities looking to receive data, and its decisions will be able to be subject for merits and judicial reviews, but individuals will be powerless to challenge the decisions made by departments or agencies.
The issue of consent was central during the government’s consultations on the planned reforms. Earlier this year the government indicated that consent would not be required for the sharing of data, saying that while “consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research and programs can outweigh the benefits of consent, provided privacy is protected”.
The latest version of the bill requires consent unless it is “unreasonable or impracticable to obtain”, and that this may depend on the “amount, nature and sensitivity of the data involved, and whether individuals gave informed consent for uses including the proposed sharing at the point the data was originally collected”.
Speaking to ABC Radio, Mr Robert appeared to indicate that by using a government service, Australians were consenting to their data being used and shared.
“If an Australian wants a service by a government, they obviously have to consent to having that service delivered to them. If they don’t want a service [from] government, they don’t have to,” Mr Robert said.
The sharing of data under the new scheme will be based on four principles: that it is for an appropriate project, is made available to only the appropriate people, is done in a controlled environment and with protections in place.
The privacy protections in place are based on the existing Australian Privacy Principles and the notifiable data breach scheme, and will be up to the individual agencies and departments to uphold.
Submissions on the draft legislation are due by 6 November.