The federal government has ruled out using proposed data sharing and release laws for compliance and assurance purposes after pushback from the public.
A discussion paper [pdf] on the reforms, released on Tuesday, reveals major concerns around the planned scope of the legislation were raised during consultation with stakeholders.
Consultation was held following a July 2018 issues paper on the development of the Data Sharing and Release Bill, which is expected to make more public sector data available for sharing and release.
The proposed laws intend to unlock public sector data for sharing with “trusted users for specified purposes” by overcoming “complex legislative barriers and outdated secrecy provisions”.
During more than 50 half-day roundtable discussions with stakeholders across Australia, the Department of Prime Minister and Cabinet (PMC) heard concerns around the planned scope of the laws.
“The purposes for which data should be shared under the legislation have been a critical and contentious area of discussion,” the discussion paper states.
These options were said to be “most divided in relation to compliance and commercial purposes”, which were not initially ruled out by government like law enforcement and national security purposes were.
“While compliance is seen as a legitimate function of government, we heard the importance of ethical insight, transparency and accountability and redress mechanisms to handle when things go wrong.”
As a result, the government has now altered its policy position and restricted the public sector data released under the legislation for “improving policy, program evaluation, service delivery and research and development”.
“As agreed with Minister [for Government Services Stuart] Robert, data sharing for compliance and assurance purposes will not be allowed under the data sharing and release legislation,” the discussion paper states.
“Compliance and assurance activities are better carried out under the legislation that provides the basis for compliance and assurance decisions.”
The move comes as the government continues to backlash over its ‘robodebt’ program, otherwise known as the online compliance intervention scheme.
Responsibility, safeguards and the question of consent
Another issue that formed the basis for “robust discussions and debates in roundtables” was that of consent, and whether it should be limited.
The discussion paper indicates many participants warned that introducing a consent-based model for data sharing “could create biases in data”, and ultimately restrict “services to where citizens who had consented [were located] rather than to citizens in greatest need”.
This feedback, as well as further consultation with the National Data Advisory Council, has led PMC – and the Office of the National Data Commissioner (ONDC) – to alter its position, so that consent is not always required under the legislation.
“While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research and programs can outweigh the benefits of consent, provided privacy is protected,” the discussion paper states.
The ONDC will instead place the onus on “data custodians and accredited users to safely and respectfully share personal information”, while encouraging the use of consent.
The proposed legislation will also be altered so that agencies are no longer compelled to share data, following concerns about “overriding all secrecy provisions”.
“Government agencies will be responsible for deciding whether to use the legislation, only if they are satisfied data can be shared safely,” the discussion paper states.
“The National Data Commissioner will not be able to compel or overturn decisions to share or not to share, instead focusing on ensuring that when data is shared, it is done safely.”
A list of secrecy provision that will be exempt from the legislation will also be developed, with agencies “able to make a case for maintaining secrecy provisions that should not be overridden”.
Further data breach protections for citizens could also be introduced under the legislation to cover the “vast range of data falling outside the Privacy Act 1988 notification scheme”.
This would in addition to the existing notifiable data breaches scheme, which was introduced by the Office of the Australian Information Commissioner early last year.
“We are considering options to ensure appropriate protection and notification of breaches involving sensitive data that is not personal information, such as data that is of a legally privileged, commercial-in-confidence, security classified, or environmental nature,” the discussion paper states.
Sharing for improved services
Minister Robert used the discussion paper’s launch on Thursday to talk-up how the reforms would build the foundations for improved government service delivery.
This is despite the proposed value of the legislation expected to extend well beyond service delivery to improved public administration more broadly, transparency and research.
“Australians expect government services to be simple, seamless, and fast – just like their everyday experiences of shopping and banking,” he said announcing the discussion paper.
“These proposed reforms will establish stronger safeguards and enable government to use data more effectively and securely to deliver services in a way that meets the expectations of the Australian public.”
The declaration comes just weeks after Prime Minister Scott Morrison confronted the public sector over the need to improve the service delivery.
This now appears to be the driving factor behind the reforms, with improved access to data within the public sector, as well as the research sectors, secondary considerations.
“The sharing of public sector data has incredible potential at the individual level – reducing the friction and duplication of tasks that many Australians experience when accessing government services,” Robert said.
“It is equally beneficial at the national level, by delivering new insights that inform research and government policies on complex challenges in health, education and the economy.”
The government expects consultation on the draft legislation to begin early next year, with legislation to be introduced to parliament in mid-2020.
Submission to the discussion paper will close 15 October.