On 3 September 2019, the Office of the National Data Commissioner (ONDC) released the Data Sharing and Release Legislative Reforms Discussion Paper (Discussion Paper), which proposes reforms for data use in the public sector. The Discussion Paper presents insights gained from a previous consultation regarding an issues paper released on 4 July 2018. The ONDC is now conducting a further series of roundtables and engagements over September and October 2019.
In July 2018, the ONDC was established as a part of the Department of the Prime Minister and Cabinet to improve data sharing across Australia's public sector. The proposed Data Sharing and Release Legislation (Legislation) would allow government agencies to share data for specific purposes and with safeguards in place. The scheme aims to begin with Commonwealth government agencies, and eventually enable participation from other levels of government.
The Discussion Paper proposes that facilitating public sector data sharing will give greater accuracy to government policy or programs, prevent individuals from providing the same information to different agencies, and enhance research and development by sharing the public sector data with researchers. The Discussion Paper proposes that the Legislation would be supplemented with rules made by the Minister (for Government Services) or the National Data Commissioner, which would provide the criteria to be an Accredited User or an Accredited Data Service Provider.
It is proposed that data sharing be subject to five "Data Sharing Principles":
- The data sharing is for an appropriate project or program of work;
- The data is only available to authorised users;
- The environment in which the data is shared minimises the risk of unauthorised use or disclosure; Appropriate protections are applied to the data; and
- Outputs are appropriate for further sharing or release.
Data sharing will require a Data Sharing Agreement, which will be listed in a public register of Data Sharing Agreements maintained and published by the National Data Commissioner. The register will list what data is being shared, why the data is being shared and how it is being shared, including who is able to access the shared data. The Notifiable Data Breaches Scheme under the Privacy Act 1988 (Cth) (Privacy Act) will continue to apply to Legislation.
The Discussion Paper also proposes that consent not be required for data sharing. Instead, the responsibility to protect personal information remains with government agencies or "Data Custodians". Such disclosure would be "authorised by law" and therefore an authorised disclosure under the Privacy Act. There is also a risk that public sector data would be accessed by companies to pursue their commercial interests. The Discussion Paper indicates that there will be a public interest test when sharing with private entities so to not restrict sharing for research and development purposes.
The ONDC will continue taking submissions as part of the public consultation until 15 October 2019. To make 2 a submission, see here. For further information, see the discussion paper here.