An overview of the DATA Scheme

A scheme for sharing Australian Government data

The Data Availability and Transparency Act 2022 establishes a new, best practice scheme for sharing Australian Government data – the DATA Scheme. The DATA Scheme is underpinned by strong safeguards and consistent, efficient processes. It is focused on increasing the availability and use of Australian Government data by helping deliver government services that are simple, effective and respectful, inform better government policies and programs, and support world-leading research and development.

The National Data Commissioner is the regulator of the DATA Scheme and provides advice and guidance about its operation. The National Data Commissioner also delivers education and support for best practice data handling and sharing.

The National Data Advisory Council provides advice on data sharing to the Commissioner on issues such as ethics, balancing data availability with privacy protections, trust and transparency, technical best practice, and industry and international developments.

What data can be shared?

Australian Government data encompasses all data lawfully collected, created or held by a Commonwealth body, or on its behalf. Data can include a wide range of topics, from data dealing with the weather, personal and business data, through to freight and traffic movements, and agricultural yields.

For national security and other reasons, some entities are excluded from the scheme and some types of data cannot be shared. Excluded entities include intelligence and law enforcement entities such as the Australian Federal Police and the Australian Security and Intelligence Organisation. Some data held by Home Affairs and AUSTRAC cannot be shared.

Participants

There are three types of participants in the scheme.

Data custodians are Commonwealth Government bodies who control public sector data. Data custodians do not opt-in to the DATA Scheme – they are automatically participants.

Accredited users are Commonwealth, state and territory government bodies, and Australian universities who are accredited to obtain and use Australian Government data. Entities must apply to become accredited as a data user.

Accredited data service providers are Commonwealth, state and territory government bodies, and Australian universities. They provide complex data integration, de-identification and secure data access services to support data sharing. Entities must apply to become accredited as a data service providers.

Some Australian Government entities are excluded from participating. Foreign entities are unable to access data under the DATA Scheme.

How does the scheme operate?

Under the DATA Scheme accredited users can request Australian Government data from a data custodian. An accredited data service provider can be used to provide data services to support the data sharing project. For example, the New South Wales Department of Health can request data from the Commonwealth Department of Social Services and the Australian Bureau of Statistics may provide secure data access services to support the sharing.

An accredited data service provider must be used if the project involves complex data integration.

Authorisation and override

The DAT Act overcomes barriers to data sharing through an authorisation to override Commonwealth, state or territory laws when appropriate safeguards are in place.

The DAT Act does not override the Privacy Act 1988 and the sharing, collection and use of data under the scheme must be consistent with the Privacy Act.

Data Scheme safeguards

Data sharing purposes

Australian Government data can only be shared if it is for one of the three permitted purposes: government service delivery, informing government policies and programs, and research and development.

Government service delivery includes the provision of information (such as advice that the individual is eligible to receive a benefit), the provision of a service (such as assistance to a person to help restore their property after a flood), determining an eligibility for payment, or paying a payment.

Data cannot be shared for national security or enforcement related purposes.

Accreditation

Accreditation serves as a gateway into the DATA Scheme, and ensures users are capable of handling public sector data and minimising risk of unauthorised access or use.

To become an accredited user, Commonwealth, state and territory government bodies must be assessed against criteria by the Minister. Where necessary, the Minister can impose conditions on accreditation. The Commissioner is responsible for assessing accreditation of Australian universities.

The Commissioner is responsible for assessing accreditation of data service providers. Where necessary, the Commissioner can impose conditions on accreditation.

Data requests

Data custodians have no duty to share data, but must respond to all data sharing requests they receive from accredited users within a reasonable time frame. If refusing a request, data custodians must provide reasons to accredited users.

Data custodians must maintain a record of data sharing requests received and reasons for agreement or refusal to share, as these will need to be notified to the Commissioner to assist in preparing the annual report.

Data sharing principles

The data sharing principles are the risk management framework that sits at the core of the scheme to support data custodians to decide if it is safe to share data. The principles cover the data sharing project, people, setting, data and output. The principles must be applied in such a way that, when viewed as a whole the risks of the sharing, collection and use of data are appropriately mitigated.

Further guidance about the application of the data sharing principles will be provided in a code of practice. The Code will be a legislative instrument.

Privacy protections

The DATA Scheme works with the Privacy Act to protect personal information.

The DAT Act contains general privacy protections that minimise the sharing of personal information, prohibit the re-identification of data that has been de-identified, and prohibit the storage or access of personal information outside Australia. Express consent is always required to share bio-metric data.

The DAT Act also contains purpose specific privacy protections, depending on the data sharing purpose of the project.

Further guidance about privacy protections will be provided in a code of practice. The Code will be a legislative instrument.

Data sharing agreements

Participants must enter into a data sharing agreement which sets out the details of the data sharing project. A data sharing agreement must describe how the participants will give effect to the data sharing principles and how the project serves the public interest.

Details from data sharing agreements will be recorded on a register, kept and maintained by the Commissioner. Data must not be shared until the data sharing agreement has been registered.

Transparency and reporting

The Commissioner must keep public registers of accredited users, accredited data service providers, and data sharing agreements. The Commissioner must also prepare and give to the Minister, for presentation to Parliament, an annual report on the operation of the DATA Scheme each financial year. The annual report must include:

  • details of any legislative instruments made that financial year
  • the scope of data sharing activities and regulatory actions which have occurred, including reasons for agreeing to or refusing data sharing requests, and
  • staffing and financial resources made available to the Commissioner and how they were used.

Regulatory compliance

The Commissioner regulates the DATA Scheme to ensure data sharing is safe, including by providing guidance and tools to make data sharing fit-for-purpose. In performing these duties, the Commissioner is able to:

  • exercise monitoring and investigation powers
  • seek injunctions and issue infringement notices
  • issue binding directions to deal with emergencies or high risk situations
  • refer matters to the Commonwealth Director of Public Prosecutions where a criminal offence may have been committed, and
  • seek a civil penalty order from a court.

The Commissioner will work with the Australian Information Commissioner to protect personal information under the DATA Scheme, with a ‘no wrong door’ approach taken to complaints. Where a complaint is about how personal information has been handled in the DATA Scheme it may be transferred to the Australian Information Commissioner.

Data Discovery and Dataplace

To make it easier for users to find data, the Office of the National Data Commissioner is working with Australian Government agencies to develop their data inventories, and creating a searchable Australian Government Data Catalogue.

We are also developing Dataplace – a digital platform for scheme participants and others to manage data requests and support administration of the DATA Scheme.

News Resources Legislation

This article has 0 comments