Draft Cth Bill For New Data Sharing Framework Released For Public Comment
Friday 23 October 2020 @ 3.38 p.m. | Legal Research
On 14 September 2020, the Federal Government publicly released the exposure draft of the Data Availability and Transparency Bill 2020 (Cth) (‘the draft Bill’), seeking submissions on the draft Bill, the draft explanatory materials, and the discussion paper. Submissions will close on 6 November 2020. The draft Bill intends to establish a framework for authorising the sharing of public sector data for certain purposes. The key provisions are outlined below.
The draft Bill proposes to establish an accreditation framework through which the National Data Commissioner (‘the Commissioner’) can assess whether entities can enter into the scheme. The specific criteria for accreditation will be established through ministerial rules. Importantly, the scheme is proposed to operate such that that accreditation does not guarantee data-sharing for a particular project. Instead, accreditation is a preliminary assessment of a potential recipient and their capacity to protect data. An accredited entity must request data from a data custodian for a specific project. The custodian is then obliged to conduct an independent risk assessment of sharing the data with the accredited entity. The Commissioner’s powers of accreditation will include the power to revoke or amend accreditation, and the power to seek security advice regarding the applicant.
Data Sharing Purposes
The draft Bill proposes to authorise data sharing for the following purposes:
Delivery of government services: The draft Explanatory Memorandum states that data sharing for this purpose could be used for the improvement of simplified or automated systems like pre-filled forms and reminders to submit or verify details.
Informing policy and programs: Sharing data for this purpose would support the discovery of trends and risks to inform public policymaking.
Research and development: Data sharing for this purpose will enable academics, scientists, and innovators in the public and private sectors to access public sector data to gain insights that could enhance Australia’s socio-economic wellbeing.
Notably, the draft Bill expressly precludes data sharing for national security or enforcement-related purposes which includes counter-terrorism, espionage prevention, policing, and law enforcement. The draft Bill also enables the Minister to provide other precluded purposes of data sharing. The Minister’s power to modify provisions relating to data sharing purposes will be proscriptive, and cannot widen the scope of the three main purposes.
Furthermore, certain data is exempt from the framework. For instance, data capable of infringing intellectual property rights or international agreements, or where intelligence agencies are involved will be exempt. Similarly, operational data and evidence courts, tribunals and certain agencies will be exempt in order to preserve their core functions of confidentiality and independence. Data such as My Health Records and COVIDSafe app data will also be exempt on the grounds of public policy and privacy.
Data Sharing Principles for Risk Management
The draft Bill proposes another safeguard for safe data-sharing through the establishment of a set of data-sharing principles for risk identification, analysis and management. The draft Explanatory Memorandum describes the principles as follows:
Project Principle: data is shared for an appropriate project or program of work, including consideration of the public interest, and ethics, while maintaining strong privacy safeguards.
People Principle: data is made available only to appropriate persons, who have the right training and skills.
Setting Principle: data is shared in an appropriately controlled environment, which is safe and secure.
Data Principle: appropriate protections are applied to the data, including applying the data minimisation principle so only the required data is shared.
Outputs Principle: outputs are as agreed, and appropriate for future use
Section 16 of the draft Bill states that a data scheme entity’s sharing of data is not consistent with these principles unless the entity is satisfied that each principle is applied to the sharing such that, when viewed as a whole, the risks associated with the sharing are appropriately mitigated. The draft Bill requires that both the data custodian and the accredited entity are satisfied that the data-sharing is consistent with these principles in order for the data-sharing to proceed.
Data Sharing Agreements
The draft Bill also establishes requirements for data sharing agreements, including a set of minimum mandatory terms. The purpose of data sharing agreements is to ensure consistency and clarity of the parties’ obligations. Furthermore, the agreements will be made publicly accessible in a register by the Commissioner. The draft Explanatory Memorandum states that this will “provide insight into what data is being shared, with whom and for what benefit, and how safeguards are being applied.” Furthermore, the Commissioner will have powers of enforcement for compliance with parties’ obligations under their data sharing agreement. Failure to comply with mandatory terms of a data sharing agreement will attract a civil penalty of 300 penalty units.
National Data Commissioner
In addition to the powers already outlined, the draft Bill intends to empower the Commissioner with advice, guidance, regulation, and advocacy functions. More broadly, the Commissioner must advocate for the sharing and release of public sector data. The draft Bill also proposes the establishment of a National Data Advisory Council which will provide assistance, advice and expertise to the Commissioner.
Review of Operation
The draft Explanatory Memorandum states that the draft Bill has been intentionally drafted with a principles-based approach in order to “remain relevant and adaptable to evolving technology and public expectations.” If the draft Bill is passed, the Commissioner will publish an annual report on its operation, and the draft Bill will be reviewed three years after its commencement and every ten years after that.
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.
[Draft] Data Availability and Transparency Bill [CTH] draft Bill and draft Explanatory Material, available from TimeBase's LawOne Service