​Commonwealth data sharing legislation up for discussion

The Australian government has outlined its approach to a new Data Sharing and Release Bill, which aims to balance sharing data held by government with risk management.
Written by Asha Barbaschow, Contributor

Proposed process for sharing data under the Data Sharing and Release Bill

The federal government is hoping to reform the Australian data system, in May announcing it would be investing AU$65 million on initiatives such as the country's new Consumer Data Right (CDR), which will allow individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it.

In order to implement the changes, it needs to overhaul its legislation, with the government this week labelling its existing public service data use arrangements as complex and hindering the use of data.

In the New Australian Government Data Sharing and Release Legislation Issues Paper for Consultation, the government attributes such barriers to a greater sharing of data within the public service to a "dense web of legislative requirements which lack consistency; a culture of risk aversion, leading to overly cautious legislative interpretation and approval process complexity; and a lack of a whole-of-government approach".

The paper [PDF] has been published for consultation, with the aim of developing new Data Sharing and Release (DS&R) legislation to "realise the value of public sector data and modernise the Australian government data system".

Greater access to data will help governments and industry to make more informed and evidence-based decisions when formulating policy," a statement from Minister Assisting the Prime Minister for Digital Transformation Michael Keenan said on Thursday.

The overall aim of the DS&R Bill, the government explains, is to safeguard data sharing and release in a consistent and appropriate way; enhance the integrity of the data system; build trust in use of public data; establish institutional arrangements; and promote better sharing of public sector data.

The DS&R Bill will be applied to Commonwealth entities and Commonwealth companies, and will include most data collected by these entities. It will encompass all data collected by these government bodies for any purposes, including government administration, service delivery, and research. Data collected from individuals, businesses, and other entities, and data generated internally by Australian government bodies is in scope, too.

There will be exceptions for national security and law enforcement data, while existing contractual obligations, including around purchased datasets, will continue to apply.

The Bill will sit alongside the Privacy Act 1988 and the Privacy Amendment (Notifiable Data Breaches) Act 2017 .

See also: Australia's Notifiable Data Breaches scheme is now in effect

It is expected the DS&R Bill will create accredited bodies within the data system, each with different roles, skills, and expertise: Data custodians, Accredited Data Authorities, and trusted users which could include employees or contractors of government entities and companies. It could also be open to external users.

"The DS&R Bill will build in accountability for these actors within the system, to ensure all take responsibility for the way data is managed and shared," the paper adds.

The data-related movements come in response to the Productivity Commission's Data Availability and Use Inquiry, and form part the government's response to the inquiry that was delivered in May.

There are over 500 existing data secrecy and confidentiality provisions across more than 175 different pieces of Australian government legislation, with the majority of the provisions preventing sharing of data, except in specific limited circumstances.

The Productivity Commission noted that "while some may remain valid, they are rarely reviewed or modified. Many would no longer be fit for purpose".

In addition to delivering the CDR and the DS&R legislation, the federal government announced in response to the Productivity Commission it would be appointing a National Data Commissioner to implement and oversee the data-related initiatives.

The DS&R Bill will also dictate the role of the National Data Commissioner.

The government is receiving feedback until August 1, 2018, after which time it will develop the DS&R Bill.


Australia to invest AU$65m on 'reforming' its data system

The Australian government's response to the Productivity Commission Data Availability and Use Inquiry has also revealed that it will be standing up a National Data Commissioner to oversee the sharing of data.

Australia to force 'big four' to open banking data by July 2019

All major banks will need to make data available on credit and debit card, deposit, and transaction accounts by July 1, 2019, after the federal government accepted the recommendations made by a Review into Open Banking.

Privacy Foundation: Trusting government with open data a 'recipe for pain'

The Australian Privacy Foundation wants the government to develop security controls around sharing open data and provide the agency charged with investigating data misuse with 'adequate' resources.

Australian 'big four' to align their data-sharing ducks ahead of Open Banking

A review has requested that Australia's largest banks be ready to hand over customer data at request from the day an Open Banking regime becomes legislated.

Australia's open data approach lands in a security and privacy minefield (TechRepublic)

Australia is charging headlong into a privacy disaster as government open data initiatives come online without considering how to properly implement privacy safeguards and data anonymity.

Editorial standards