Allowed Access to Project Output

There are several key terms used across the three types of access discussed in this guidance note. They are described as follows.

Output (also referred to as ‘project output’)

Output of a DATA Scheme project includes:   

• any copy of the data collected by an accredited user from a data custodian or ADSP-enhanced data collected from an ADSP 
• any data that is the result, or product, of the accredited user’s use of the data, including data incidentally created when working towards the project’s final output.  

Types of output may include de-identified aggregate data represented in a table or data visualisation product, a copy of a data set or a unit record data file. 

Final output of a project is the agreed final output of the project as specified in the data sharing agreement. Final output is the product resulting from the accredited user’s use of the data during the sharing, collection and use process of the output which is used to inform the project.

Access and release

Access occurs where an accredited entity provides another entity with access to, or releases, the project output, for example, through open access. There are several ways that access may be provided. 

Access may be provided directly to an entity. For example, providing an entity with access through a system controlled by the accredited user (such as a secure environment). Another example is where the accredited user delivers the project output to another entity for use on their own systems (for example, a spreadsheet attached to an email). 

Access also includes providing open access to the project output by publishing or making it publicly available. For example, publication on a website where the project output can be accessed by anyone, or publication in a professional journal where it is accessed by its subscribers. This type of access is also referred to as ‘open access’ or ‘release’. 

Access may also occur within a Scheme entity where the project output is provided to individuals within the entity for purposes that are not covered by a specified project.1 This could occur when an individual is not authorised to work on the specified project, or where the output is used for a different project by another area within the Scheme entity’s organisation. Alternatively, another individual may request the data directly from the data custodian under a new data sharing agreement. Which pathways to use will need to be determined on a case-by-case basis taking into consideration factors such as timing, access method, efficiency, etc.

Exit

Outputs of a project always remain in the Scheme unless they are released to or accessed by an entity that is not party to the project’s data sharing agreement. This includes an individual within the entity who is not authorised to work on the specified project (a ‘third party’). The copy of the project output provided to a third party then exits the DATA Scheme at the time it is accessed or released. 

For instance, if an accredited user provides access to a project output by:

• sharing a spreadsheet stored on a USB stick, the output exits when the UBS stick is collected by the third party
• publishing the output in an open form on a website, the data exits when it is published.

When data is shared under the Scheme, the Scheme sets requirements about how output is collected and used. Outputs are no longer regulated by the DATA Scheme once they have exited the Scheme. This means the Scheme no longer controls how an exited copy of project output is used or distributed.2

If a project relied on the authorisation provided by the Act to share, collect and use data, any applicable legislative requirements outside of the Scheme that originally governed the shared data will need to be re-examined. Re-examination is necessary to determine whether those legislative requirements prevent the project output from exiting the Scheme or place restrictions on with whom and how the output can be shared outside of the Scheme. 

An accredited user must continue to use its copy of the project output only as permitted by the project’s data sharing agreement. A copy of the project output held by the accredited user and transferred from one system to another (for example, a secure environment controlled by an ADSP to their own systems) is not considered an exit from the DATA Scheme as it does not involve access by a third party. However, if the accredited user obtains a copy of the exited output which has been released or accessed (for example, it is now downloadable open data on a website), then the accredited user may use that copy in the same way as any other entity that accesses the exited copy (i.e. without the regulation of the DATA Scheme). 

Before project outputs are to exit the DATA Scheme, a data custodian may impose conditions in respect of the exit through the project’s data sharing agreement. For example, a data custodian may require a user to enter into a separate agreement with an entity gaining access to output that limits the way the other entity can use the output.

Any uses of project outputs, including access, must be authorised by a data sharing agreement. For access to be authorised by a data sharing agreement, the agreement must specify the circumstances in which access can be provided. These circumstances include any conditions on access that must be met before it can be provided. As the Act does not prescribe how circumstances must be specified in a data sharing agreement, the primary consideration is that parties to the agreement must meet the circumstances that are clearly described. This allows the data custodians and users to agree on the level of detail that is appropriate, having regard to the nature of the project and any risks related to it.

This type of access is the primary pathway for project output to exit the DATA Scheme (see ‘exit’ under the key terms above). It allows data from the Scheme to be accessed by third parties as long as three conditions — which seek to ensure that the access is safe — are met.

Conditions that must be met and specified in the data sharing agreement

Condition 1: The access does not contravene a law of the Commonwealth, a State or a Territory.

This requirement can be met in two main ways:

• Where there were no legal restrictions to the data custodian(s) or other Scheme entities sharing the source data outside the DATA Scheme. For example, a data set, which does not include personal or other sensitive information, is not prohibited by law from being shared or publicly released. 
  • This requirement would not be met in a circumstance where, for example, a public interest certificate had been issued to authorise the data custodian to share certain data but with a condition that receiving entities not on-share the data.
• Where the legal authorisation provided by the DATA Scheme was required for the data custodian to share the original source data, but the output generated by the accredited user is ‘safe’ for exit from the Scheme (i.e. the protections of the Scheme are not required in relation to that output).
  • This would be common where the use of the data by the accredited user (along with any data services performed by an ADSP if one is involved) results in a project output that can be accessed or released without contravening another law, and hence, the protections of the DATA Scheme are not required. For example, the accredited user’s use of the source data has resulted in the output being modified or treated in a way that it no longer replicates the source data, such as being represented in the form of aggregate data.

A data custodian may wish to impose conditions on access through the project’s data sharing agreement. These conditions apply to the accredited user but may also impact third parties. For example, a condition in a data sharing agreement could require a user to enter into an agreement or obtain an undertaking from a third party that the third party will only use the accessed project output in specified ways. While adherence by the accredited user to complying with such a provision in the DATA Scheme data sharing agreement will be enforceable by the National Data Commissioner, the agreement or undertaking with a third party would not be enforceable under the Scheme. However, recourse may be available outside of the Scheme.

Condition 2: The data custodian is satisfied the access, or release will be done in accordance with the data sharing agreement.

This condition complements condition 1 and reflects that a data custodian of source data is best placed to identify risks around providing access to project output to third parties. Data custodians should ensure requirements to address those risks are clearly articulated in data sharing agreements, and assess whether a particular instance of access is consistent with the data sharing agreement. 

There are several ways a data custodian may satisfy themselves of this condition. A data custodian may, for example:

• require the project output to be submitted back to them to ensure the output is as agreed – see below for ‘Submitting output to the data custodian of the source data for confirmation purposes – s20A’
• require that the project output is vetted by an ADSP that is providing data services as part of the project, or
• confirm that the project output meets certain conditions as set out in a data sharing agreement in some other manner.

Condition 3: If the project output proposed for exit contains personal information, consent must be obtained from the individual to whom to the data relates.

If the project output proposed for access includes personal information about an individual, access or release can only occur if the particular individual has consented to the access or release. This condition applies even if consent would not have been required for the custodian to share the data outside of the DATA Scheme. 

The party responsible for obtaining consent and how that party is to obtain consent is to be agreed between the parties to a data sharing agreement. There is no formal requirement to outline the consent process in the data sharing agreement, however parties can include such detail in a data sharing agreement if they wish to do so. For more information on seeking consent, please see Collection of consent under the DATA Scheme | Office of the National Data Commissioner.

For the purposes of the DATA Scheme, personal information has the same meaning as the Privacy Act 1988. That definition covers information or an opinion about an identified individual, or an individual who is reasonably identifiable, irrespective of whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. For more information about personal information please visit the Office of the Australian Information Commissioner website.

The requirements for consent in these circumstances are set out in the Data Availability and Transparency Code 2022 (see section 18). This condition can be disregarded if there is no personal information in the output proposed for access/release (i.e. data is de-identified and aggregated and there is no risk of disclosing the identity of any individual).

Example: An Australian University prepares insights for publication in a medical journal

An Australian university (the accredited user) enters a data sharing agreement with a Commonwealth Government department (the data custodian) to access and use health data. The data sharing project is for the purpose of research and development and includes the preparation of output for inclusion in a journal article which will be published (by a publisher not associated with the university) in a professional journal accessed by subscribers.

The accredited user: 

1. Establishes and registers a data sharing agreement with the data custodian which enables this type of access. 
2. Collects data from the data custodian.
3. Prepares aggregate data in the form of a table (the project output), which does not include personal information.
4. Provides the table to the data custodian to confirm output is as agreed.
5. Receives confirmation from the data custodian that the output is as agreed.
6. Provides access to the output by providing a copy of the journal article containing the output to the publisher who then publishes the article. 

In this scenario, the output contained in the journal article has exited and is no longer regulated by the Scheme when it is collected by the publisher. The copy of the output (in the table) retained by the accredited user remains in the Scheme.

The DATA Scheme permits a data sharing agreement for a project to allow an accredited user to provide access to project output to the individual or organisation to whom the data relates for validation or correction. Such checking is not mandatory for every project but can be included in a data sharing agreement where the parties wish to do so. This type of access may be particularly relevant in delivering data sharing projects that are for the purpose of delivering government services.

Conditions that must be met and specified in the data sharing agreement

Condition 1: An accredited user can provide project output for validation and correction purposes only to the following entities or person:

• an entity which carries on a business, or is a not-for-profit entity, to whom the output relates
• an individual to whom the output relates, or a responsible person for such an individual within the meaning of the Privacy Act 1988 (for example, a parent of the individual). 

If there is doubt as to whom the data relates (e.g. if there are multiple individuals with the same name and it is unclear who the data is about), this type of access should not be provided until the accredited user is certain the information is being sent to the correct individual or organisation.

Condition 2: The data custodian is satisfied the access, or release will be done in accordance with the data sharing agreement.

The data sharing agreement must authorise this type of access if such access is anticipated. To support satisfying this condition, the data sharing agreement may also require the accredited user to submit the project output to the data custodian before access is provided to the organisation or individuals. Alternatively, the data custodian may require the project output to be vetted by an ADSP that may be providing data services as part of the project.

There is no requirement to obtain consent from an individual/organisation to whom the information relates before disclosing the information to that individual/organisation.

Regulation of the data once accessed

The copy of the project output provided to the individual or entity for correction or validation exits the Scheme at the time it is collected by the individual or entity. The protections of the Scheme are no longer required to apply to the exited copy because it is held by the individual or entity to which it relates.

The copy of the output retained by the accredited user continues to be regulated by the Scheme, which means it cannot be used for a purpose not permitted by the data sharing agreement.

Example: A Territory government body uses output to pre-fill application forms for organisations

A Territory government body (the accredited user) enters a data sharing agreement with a data custodian to use data about businesses located in that territory. The data sharing project is for the purpose of service delivery and the accredited user intends to pre-fill application forms with data about businesses it collects from the data custodian. The pre-filled forms are to be sent to the businesses the data is about for validation or correction. 

The accredited user: 

1. Establishes and registers a data sharing agreement with the data custodian that allows this type of access 
2. Collects a copy of the source data from the data custodian.
3. Uses the data to pre-fill application forms.
4. Sends the application form to each relevant business for validation or correction. 
5. Collects the corrected or validated forms provided by the businesses.
6. Assesses the applications for only those businesses that returned their form. 

In this scenario, a copy of the output exits the DATA Scheme when it is provided to each business, with each business receiving a subset of the data (that relates to their particular business). The copy of the validated or updated forms collected by the accredited user remains outside of, and not regulated by, the Scheme. The copy of the source data collected from the data custodian remains and continues to be regulated by the DATA Scheme.

The DATA Scheme permits a data sharing agreement to include a provision to allow accredited users and ADSPs to provide the data custodian of source data with access to specified project output for the purpose of the data custodian ensuring the output is as agreed. Such checking is not mandatory for every project but can be included in a data sharing agreement where the parties wish to do so.

Providing the data custodian with access to the output is referred to in the DATA Scheme as ‘submitting’ the data to the data custodian. Where data is submitted to the data custodian, the submission is taken to be for the data sharing purpose(s)of the project.

Where the project output is submitted to the data custodian, it remains under the DATA Scheme and the data custodian’s collection and use of the output is regulated by the Scheme. There is no exit with this access provision (see figure 1 above). If the data custodian wishes to engage a third-party specialist to undertake this function on their behalf, it is possible for the data custodian to engage an agent. More information about third party participation in DATA Scheme projects is forthcoming.

There is no time limit for a data custodian to confirm that the output is as agreed, but it is recommended that a data custodian provides their confirmation in a timely manner.

Conditions that must be met and specified in the data sharing agreement

Condition 1: A data sharing agreement that includes this access provision must limit the purpose for which the data custodian may use submitted data to the purpose of ensuring the project output or ADSP-enhanced data is as agreed.

This access provision provides the data custodian with a limited authorisation to collect and use the submitted data for the purpose of ensuring the project output (including any ADSP-enhanced data) is as agreed. If the data custodian uses submitted data in a manner not permitted by the data sharing agreement, or without a data sharing agreement, the data custodian may contravene a penalty provision under the Act.

Example: A Commonwealth Government body publishes insights from the project

An accredited user enters into a data sharing agreement with three data custodians to access and use data about Australian communities. The accredited user plans to publish insights publicly following analysis. The source data custodians have requested that the project output be submitted for confirmation purposes prior to publication.

The accredited user:

1. Establishes and registers a data sharing agreement with the data custodians which allows this type of access.
2. Collects a copy of the source data from the data custodians.
3. Creates project output in the form of aggregate data in tables and graphs that does not include personal information.
4. Submits the tables and graphs to each of the data custodians in accordance with the data sharing agreement.
5. Receives confirmation in writing from the first and second data custodians that they are satisfied the output is as agreed. The third data custodian transfers the output back to the accredited user with a minor correction to terminology.
6. Makes the changes required by the final data custodian.
7. Releases the output by publishing the insights online.

In this scenario, the output has remained under the DATA Scheme for steps 1 to 6. The output exits the Scheme when it is published online.