Proposed future data sharing laws revealed

The federal government has called for comment on sweeping new laws that propose making far more public data available for sharing and release.

The Department of Prime Minister and Cabinet on Wednesday released an issues paper [pdf] that seeks input from citizens, businesses and researchers on the development of the Data Sharing and Release Bill.

The government committed to introducing legislation to underpin wider data sharing and release in its official response [pdf] to a Productivity Commission report into data availability and use.

The new laws are part of a broader push to both recognise and harness data as a key national asset that can be used for public and economic good as well as enabling the public sector to gain access to richer and far more timely information to inform decisions and policies.

The proposed new data laws are slated sit alongside a national data commissioner and national data advisory council to build public trust in the government, as well as the consumer data right.

The government wants to use the bill to “move the paradigm from one which restricts access to data to one which authorises sharing and release when appropriate data safeguards are in place”.

It points to how the sharing of data can lead to “more efficient and effective government services for citizens”, economic growth and better information policy development.

The bill will provide a “legislative approach to share, access and release data that is otherwise prohibited, when appropriate conditions and safeguards are met”, building on the 2015 public data policy statement that directed the public sector to release non-sensitive data as open by default.

This includes a “clear framework” for the public sector to decide whether to share data, while taking into account “appropriate conditions and risk management for their particular circumstances”.

Data collected and held by both Commonwealth entities and companies will fall under the bill, though national security and law enforcement data will be exempt.

The bill will also proposes to “impose robust and consistent accreditation requirements” for those accessing the data.

"Entities which have strong experience in data sharing and release could be accredited as Accredited Data Authorities to aid others in sharing or releasing data to trusted users," the issues paper said.

The bill proposes to provide “an alternative authority to share and release data” that is restricted by existing legislation.

“The DS&R Bill will not by default compel all data to be shared but rather will support data custodians to make informed decisions and manage risk consistently to enable appropriate sharing and release,” the issues paper states.

“There are more than 500 existing data secrecy and confidentiality provisions across more than 175 different pieces of Australian Government legislation.

“The vast majority of these provisions prevent sharing of data, except in specific limited circumstances.

“The DS&R Bill will carefully consider existing secrecy provisions to balance the need to protect certain types of government data, with data sharing and release for public interest purposes.”

It is hoped the this will overcome “cultural and legislative barriers” that have inhibited data sharing and release to date, much of which is “not personal or sensitive”.

Agencies will, however, be required to meet a “purpose test” and have internationally recognised ‘Five-Safes framework’ safeguards to be in place.

Current data sharing arrangements between agencies are largely governed by MoUs .

“The DS&R Bill will require data sharing arrangements between agencies and users to be detailed in data sharing agreements to ensure data is shared under conditions identified through the Five-Safes framework,” the paper states.

The legislation will also set out the powers of the national data commissioner, who will work with the Office of the Australian Information Commissioner.

The commissioner will be tasked with “report[ing] on the state of the data system and be able to audit parts of the system to make sure data is being managed appropriately and that the rules that keep data safe are met”.

The consultation period will close on August 1.