New laws slated to be in effect in 2019, will give consumers new rights to use their digital data, and data holders permission to be proactive about data possibilities.
The Data Sharing and Release Act (DSR) designed as part of a new data management framework, by the Productivity Commission (PC) and proposed in the PC’s recent report examining Australia’s use of data, will create a new lens through which to view data; as a valuable asset being created and utilised, not merely a risk or an overhead.
Drawing on the full range of Commonwealth powers to regulate digital data the new Act will establish the Comprehensive Right of consumers to access their data from government and private data holders alike, for the purposes of improving the services that are offered to them by alternative providers.
Protections applying to personal information under the Privacy Act 1988 (Cth) remain intact, but the recommended reforms to laws in place, will also take Australia beyond the stage of viewing data availability solely through a privacy lens.
Legislative reform proposed by the PC would need to be enacted in two phases occurring at the same time:
1. The DSR Act itself that authorises, in a single statute, the sharing and release of data for the purposes of the Act and removes existing Commonwealth and State restrictions on integrating, linking and research uses of datasets by Accredited Release Authorities (ARAs)
2. Further legislative amendment, as identified by the National Data Custodian, to address residual restrictions on the use of specific datasets that were not able to be effected by the DSR Act itself or need removal as part of the consideration of National Interest Datasets.
The new Act will also aim, where possible, to override secrecy provisions that prevent original custodians with other public sector data custodians.
Highlighted below are a number of recommendations within the Productivity Commission’s recent report relating to the introduction of new legislation.
Policy Intent of Proposed New Digital Data laws
A new Data Sharing and Release Act (DSR) should be passed, drawing on the full range of Commonwealth powers to regulate digital data, in order to authorise better sharing and release of data
Data Sharing and Release Act should establish a risk- based approach to data sharing and release and accompanying institutional frameworks. (rec 8.2))
All non-sensitive data held by government agencies and specified bodies
should be explicitly presumed to be made public
(rec 8.2) Data custodians and would be authorised to
provide sensitive data to trusted users in a secure environment (rec 8.2)
The DSR Act would, where possible, override secrecy provisions that prevent original custodians actively providing access to data to other public sector data custodians and ARAs (rec 8.3)
The DSR Act should have national reach — to create a simplified and transparent one-stop location for a national framework for data volunteered, declared or acquired for inclusion under the DSR Act. (rec 8.6)
The DSR Act should apply Commonwealth privacy legislation to datasets managed by Accredited Release Authorities where feasible (rec 8.6)