The idea of consent works its way back into Australia's data-sharing Bill
The federal government is hoping to "modernise" and "streamline" its use of the data it holds as well as set guidelines on how it shares that data between agencies and with the private and research sectors.
An exposure draft of the Data Availability and Transparency Bill 2020 was published this week, with Minister for Government Services Stuart Robert delivering the message that the data reforms presented in the draft Bill are an opportunity to establish a new framework that is able to proactively assist in designing better services and policies.
See also: Consuming government services like Netflix: Minister Robert's pipedream for Australia
"The reforms encourage our academics and the research community to innovate and find new insights from public sector data without having to go through stifling and vague bureaucratic processes when working with data custodians," the draft Bill's consultation paper [PDF] says.
The government initially announced its intentions to introduce the Data Availability and Transparency Act (DATA) in May 2018 when it stood up the Office of the National Data Commissioner (NDC) to draft the legislation in response to the 2016 Productivity Commission Data Availability and Use report.
The government in 2018 also pledged AU$65 million to "reform" the Australian data system, with the National Data Advisory Council then being established the following year to provide advice to the NDC on ethical data use, community expectations, technical best practice, and industry and international developments.
The new Bill, in a nutshell, creates a scheme of controlled access to public sector data.
"When data is shared, access is granted to users in a controlled manner, for example, under memoranda of understanding or through contracts. Currently, sharing is done in an ad hoc manner, with users potentially having to establish their credentials every time they interact with the system," the paper continues.
"Sharing is subject to legislative protections and the individual agencies' interpretations of them. Often interpretations are not revisited as technology evolves and community expectations around reasonable use and reuse of data change.
"This sharing space is ripe for reform. Modernising the safeguards and regulating the sharing space can enable Australians to benefit from better services, policies, programs, and research."
The Bill aims to: Promote better availability of public sector data, enable consistent safeguards for sharing public sector data, enhance integrity and transparency in sharing public sector data, build confidence in the use of public sector data, and establish institutional arrangements for sharing public sector data.
According to the paper, the Bill would provide an alternative pathway to share data where it is currently prevented by secrecy provisions or where it simplifies existing pathways.
"The Bill will authorise sharing of public sector data by data custodians with an accredited user, only for the permitted data sharing purposes and only if effective safeguards are in place," the paper adds.
Under the proposed legislation, data would only be shared for three purposes: Government services delivery, informing government policy and programs, and research and development.
The Bill does not authorise sharing for precluded purposes, including law enforcement or national security purposes. It also excludes the sharing of operational data and evidence before courts, tribunals, and certain agencies with oversight or integrity functions.
It also stipulates that the five data sharing principles would need to be applied for each data sharing project. The data sharing principles are based on the Five Safes Framework that already guides several agencies on how to safely share data; that is, data is shared only for appropriate projects, only with appropriate people, and in an appropriately controlled environment. In addition, only the appropriate data is shared and outputs need to be as agreed and appropriate for future use.
In a discussion paper in September 2019, the federal government tweaked what it proposed the year prior by removing a fundamental element of privacy -- consent.
It proposed that the Data Sharing and Release legislation not require consent for the sharing of personal information.
"Instead, we are placing the responsibility on data custodians and accredited users to safely and respectfully share personal information where reasonably required for a legitimate objective," the discussion paper said.
The government's position on consent has since become more nuanced, with the paper saying that any sharing of personal information is to be done with the consent of the individuals, unless it is unreasonable or impracticable to seek their consent.
"For projects where data scheme entities do not seek consent, other safeguards outlined by the data sharing principles can be dialled up to protect privacy," it added.
The NDC is empowered under the Bill to provide advice, guidance, regulatory, and advocacy functions in order to oversee the scheme.
"The Commissioner will promote better sharing and release of public sector data by driving cultural change and supporting capability building among data scheme entities," the paper continues.
The Commissioner would also accredit entities to "build trust in the system, and standardise and streamline existing processes".
"Now more than ever, it is clear that we need to get better at using the information we already collect, instead of asking the same questions again and again," Robert said.
"For too long, there has been a lack of a consistent and clear framework for making good use of data. We need to make sure the information the government collects and holds can be accessed in a safe and timely way to respond to the needs of Australians."
Submissions on the exposure draft close 6 November 2020.
RELATED COVERAGE
- COVID-19 stalls Australia's Data Availability and Transparency Act
- Consent removed from Australia's proposed data-sharing legislation
- Canberra has an interim plan on how best to share data
- After robo-debt smackdown, Robert claims Canberra's digital transformation pushes on
- Data privacy and data security are not the same