The Commonwealth Government is planning to develop new data sharing and release laws as part of its commitment to making it easier for third parties to access Government data
Current proposals would see most data held by the Commonwealth Government be made available to members of the public for purposes that benefit the Government or public
The Department of Prime Minister & Cabinet has released an issues paper outlining its approach to sharing of Commonwealth Government data with the public. Responses to the Issues Paper are due by 1 August
The Commonwealth Government has committed to making it easier for third parties to access government data. Currently, government entities have different approaches as to whether or not they will permit access to data that they hold, which has led to confusion and inconsistency.
As part of its commitment to greater data sharing, the Government is planning to develop new data sharing and release legislation, which will establish a framework for how the Government will share data it holds with third parties in a risk appropriate way.
The Department of the Prime Minister and Cabinet has invited the public to provide feedback on the development of the new legislation and its Issues Paper released last week. Submissions are due by 1 August 2018.
The Data Sharing and Release Bill (DS&R Bill) is one of a number of data reforms (including the introduction of a consumer data right) which the Government has committed to enacting in response to the Productivity Commission’s Inquiry on Data Availability and Use. The reforms aim to release more data into the hands of individuals, researchers, and businesses to 'harness the power of data to drive innovation and opportunity for the Australian economy'.
The Issues Paper explains that greater value could be derived from data if there was a framework in place to facilitate data sharing:
Australian Government data includes information about the environment, about individuals and about businesses, and when this data is used appropriately, it can provide government with new insights into important and complex policy questions and to improve service delivery. Currently, data use is fragmented and sharing of data within government is often limited by lack of authority, cultural barriers and lack of clarity in the purposes of data use and reuse. The DS&R Bill will seek to provide an alternative authority to share, access and release data that is otherwise prohibited, when appropriate conditions and safeguards are met.
The DS&R Bill is likely to apply to data held by Commonwealth entities and certain companies controlled by the Commonwealth regardless of the purpose for which the data was collected or generated (with some exceptions). This broad scope would mean that individuals may be able to access both the underlying data as well as data which has been ‘crunched’ by Commonwealth Government entities.
Despite its aim of facilitating greater release of data, the Issues Paper suggests that it would be appropriate to exclude certain categories of data, such as data used for national security or law enforcement purposes and data subject to contractual obligations (eg, purchased datasets).
Although data held by Commonwealth Government entities is described as a ‘valuable national resource’, the Issues Paper does not propose that there be any limitation on which parties will be permitted to request access to data. Rather, the Issues Paper proposes the use of a ‘purpose test’ as well as the Five-Safes Framework to determine whether and how data may be shared.
A ‘purpose test’ could be adopted to determine whether data may be shared. For example, the Issues Paper canvasses that the following purposes would each constitute sufficient grounds for authorising data sharing under the legislation:
These proposed purposes suggest that the Government must be a beneficiary of the activities conducted pursuant to the release of data under the legislation. However, such a formulation of the purpose test could inadvertently limit the circumstances under which data may be released, and consequently, the extent to which the public could benefit under the legislation. Also, once data has been released, it is not clear from the Issues Paper how the Government entity may exercise any rights or control over the data, including the purposes for which the data may be used.
The Issues Paper raises the possibility of requiring decision makers to use the Five-Safes Framework when deciding whether data should be shared. The five
'Safes' to be considered are:
Depending on the risks associated with each 'Safe', varying degrees of control could be applied to other 'Safes'. For example, if the data can be used to identify individuals (Safe 1), then the other Safes would need to have more stringent controls applied, such as by limiting the number of people who can access the data (Safe 2) and the scope of their access (Safe 5).
The Issues Paper contemplates that the head of each Government entity will perform the role of a ‘data custodian’, and will be responsible for applying the requirements of the DS&R Bill. However, it would also be possible for data custodians to authorise ‘accredited data authorities’ (ADAs) to assist them with managing their responsibilities under the DS&R Bill and undertake activities such as data cleansing and de-identification. At this stage, it is not clear from the Issues Paper what the nature of the legal relationship between ADAs and Government entities or data recipients will be.
The DS&R Bill is also expected to establish a ‘National Data Commissioner’ to oversee the public data system. A National Data Advisory Council will assist the Commissioner in its role as well as the development of the DS&R Bill. Members of the Council will include the Australian Statistician and the Privacy Commissioner, other Government representatives, and representatives from academia, industry and privacy groups. The Council is currently being established and expressions of interest are due by 20 July 2018.
The Issues Paper also proposes a ‘trusted user’ concept, whereby recipients of data could become accredited to subsequently on-share data. These trusted users could comprise employees or contractors of Government entities and companies.
The public is being invited to provide feedback generally as well as in relation to the following five topics which are discussed in further detail in the Issues Paper:
Submissions to PM&C are due by 1 August 2018.
More information on the consultation process can be found on the PM&C website.