The federal government’s proposed mandatory public data sharing scheme will not require consent from citizens and its own data authority will not be able to override a department’s decision on an information release.
The reforms would “streamline and modernise” the sharing of government-held data between departments and agencies, and with the broader research community. The legislation would “empower” these departments to share the public sector data with “trusted users for specified purposes”.
The new legislation is aimed at overcoming the “complex legislative barriers and outdated secrecy provisions” that currently preventing the sharing of data to improve government services, Mr Robert said.
“These proposed reforms will establish stronger safeguards and enable government to use data more effectively and securely to deliver services in a way that meets the expectations of the Australian public,” Mr Robert said in a statement.
“Currently, there is a labyrinth of over 500 separate privacy and secrecy provisions enacted over a century hindering our ability to share data to deliver the service Australians deserve. These reforms will ensure we keep pace with international standards and best practice when it comes to government service delivery.”
The legislative changes have been in the works for more than two years, with an issues paper unveiled in mid-2018.
But in a major change, the government’s proposed public sector data scheme will not require consent from the individuals, the discussion paper revealed. After “robust discussions” over the issue at a series of roundtables, the government said it has “nuanced” its approach to the issue.
“While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research and programs can outweigh the benefits of consent, provided privacy is protected,” the discussion paper said.
“The Office of the National Data Commissioner will encourage the use of consent where appropriate when applying the Data Sharing Principles, although the legislation will not require it in all circumstances.”
Requiring consent would lead to people declining to have their information shared by the government leading to “biased data that delivers the wrong outcomes”, the paper said.
“This will skew the data which is shared, leaving it unfit for many important purposes in the public benefit; it also runs the risk of leading to flawed policy and research which impacts negatively on society,” it said.
But the removal of consent from the data sharing process has raised serious concerns among civil and digital rights groups.
“I think that tells you everything you need to know about who this legislation is designed to benefit. The government knows people won’t say yes if asked, so they’re not going to bother asking,” Electronic Frontiers Australia board-member Justin Warren told InnovationAus.com.
Elise Thomas, a researcher with the Australian Strategic Policy Institute’s International Cyber Policy Centre, said the government shouldn’t be favouring the government’s own interests over the general public’s privacy.
“Language suggesting that consent for sharing data is less important than achieving the government’s priorities is concerning. The very soft wording, such as that the National Data Commissioner will ‘encourage the use of consent where appropriate’, is likewise worrying,” Ms Thomas told InnovationAus.com.
“What’s the point of a Data Commissioner who can’t do more than ‘encourage’ asking for consent before sharing people’s data?”
The government’s own Privacy Impact Assessment of the proposed framework, conducted by Galexia in June, said the removal of consent will make it difficult to get the general public’s support for the scheme.
“It is likely to be difficult, but not impossible, to develop community trust, confidence and acceptance for the Data Sharing and Release bill. The main obstacle is that the overall approach of the bill imposes a mandatory scheme with no consent provisions,” the PIA said.
“This will need to be balanced by a significant public benefit and strong privacy protections – and the successful communication of these.”
Deborah Anton was appointed as Australia’s first National Data Commissioner in an interim capacity in August last year. The role was another recommendation from the Productivity Commissioner. The Data Commissioner will oversee the new data sharing scheme and advise departments, but will not be given the power to prevent data from being shared.
Its role will be instead to make sure the sharing is being done safely, rather than whether it should be done at all, the government said.
The introduction of the data sharing scheme will also require a new version of the government’s Mandatory Notifiable Data Breach scheme, which covers the unauthorised disclosure of personal data by government departments and Australian companies.
The discussion paper admits the clear conflict between privacy advocates and the government and researchers.
Mr Warren said that departments should get the basics right before looking towards a sharing scheme, and that the availability of data isn’t a problem at the moment.
“Agencies should get the basics right before they move on to more dangerous and complicated activities. I think the government needs to demonstrate capability within its existing responsibilities first,” he said.
“There are already mechanisms for data sharing between agencies for specific circumstances, such as how Centrelink does data matching with the ATO. Agencies should demonstrate a real need on some specific and concrete situations and demonstrate it can handle those cases before demanding open-slather on all the data held by government.
“Most of the issues experienced by people stem from agencies failing at their basic duties, not from a lack of data sharing.”
The Coalition hasn’t proved that it is able to safely and responsibly handle sensitive data, he said.
“What does the government think it can be trusted? What evidence does it have to support its position. The government’s track record is terrible,” Mr Warren said.
“We shouldn’t have to argue against government having more power. The government needs to make its case rather than to assume a level of trust and competence that simply isn’t there.”
There’s also a lack of understanding over how seemingly unimportant data can identify individuals and have serious consequences, Ms Thomas said.
“The narrowness of the suggested exemptions from the scope of the legislation, information collected or held by the National Intelligence Community and information provided under the My Health record scheme, demonstrates a lack of awareness about how sensitive many other kinds of data can be,” she said.
“This initiative has to be placed in the light of the government’s previous failed efforts to criminalise research into how effective ‘anonymisation’ of public data really is. As this push for data sharing goes forward, it is crucially important that researchers are not only allowed but encouraged to test how robust privacy protections really are.”
The government will be accepting submissions on the discussion paper until mid-October. It is expected to release draft legislation early next year and introduce it to Parliament midway through 2020.
This will be three years after the Productivity Commission first told the Coalition to do this, with Labor MP and former shadow digital economy minister Ed Husic criticising the government for this delay.
“We were promised an open data plan for 2018. Then the promise was made that a plan would be released in early 2019, which was never going to happen because, well, election,” Mr Husic said in a post on LinkedIn.
“Now we have a discussion paper being released that invites people to comment on this issue by October,” he said.
“You can presume there will be no government response this year. So fingers crossed we get an open data plan in 2020. Three years after the Productivity Commission recommended it.
“Used properly, government-acquired data can help drive better decision making across government, community and business. We need to do better on this issue.”