The Data Availability and Transparency Act 2022 (the Act) and the Data Availability and Transparency Regulations 2022 (Regulations) bar certain entities from participating in the DATA Scheme and certain data from being shared.
This guidance provides information about when sharing of data is barred under the DATA Scheme.
When sharing is barred
Data custodians are authorised to share their data with entities that are accredited under the DATA Scheme. However, the Act does not authorise sharing of data in circumstances relating to (see section 17):
- national security and law enforcement
- contravention or infringement of certain rights, agreements, and common law duties or privileges
- where sharing is barred by Regulations
- data that is evidence in courts and tribunals
- where sharing is inconsistent with international law obligations.
Each of these situations is discussed in more detail below. In addition, a checklist is provided at the end of this guidance.
National security and law enforcement
The Act does not authorise the sharing of data held by, originated with, or was received from, an excluded entity (section 17(2)). Excluded entities include intelligence agencies and certain other entities that have oversight of the government and the Commissioner’s activities under the Act.
The sharing of operational data from AUSTRAC, the Australian Federal Police and the Department of Home Affairs is also excluded (section 17(2)(b)). Operational data is information that relates to the operations or informs the operational processes or methodologies of these agencies. The exclusion extends to information relating to current operations, as well as data relating to both past and future potential operations, where it is sufficiently clear that the data relates to or forms part of operational activities relating to the agencies’ functions and powers.
Table 1 below provides a list of excluded entities and agencies whose operational data cannot be shared under the DATA Scheme.
| Categories of excluded entities | Reason for exclusion | Excluded entities include |
|---|---|---|
| Commonwealth intelligence and law enforcement entities | To preserve existing arrangements and frameworks that authorise and regulate their activities. | Australian Criminal Intelligence Commission |
| Australian Federal Police | ||
| Australian Geospatial-Intelligence Organisation | ||
| Australian Secret Intelligence Service | ||
| Australian Security Intelligence Organisation | ||
| Inspector-General of Intelligence and Security | ||
| Office of National Intelligence | ||
| Commonwealth oversight entities | To preserve the integrity of their oversight over the government and the Commissioner’s activities under the DAT Act. | National Anti-Corruption Commission |
| Inspector of the National Anti-Corruption Commission | ||
| Australian National Audit Office | ||
| Office of the Commonwealth Ombudsman | ||
| Scheme oversight figures | To preserve the integrity of their oversight over the DATA Scheme. | the National Data Commissioner |
| any APS employee made available to the Commissioner under section 47 of the DAT Act |
| Barred under specific circumstances | Further details | Applicable entities include: |
|---|---|---|
| Barred if dataset contains operational data | Operational data includes information about information sources, operational activities or methods and particular past, current and future operations. | AUSTRAC |
| Australian Federal Police | ||
| Department of Home Affairs | ||
| Barred if excluded entity would be a data custodian if not for the operation of section 11(2)(b), which provides that an excluded entity is not a data custodian. | For example, a Scheme entity holds a public sector dataset comprising of (in part or in whole) data originating from an excluded entity. In this example, the dataset is barred from sharing because (some of) the data in the dataset originated from an excluded entity even though it is held by a Scheme entity that is not barred from sharing data. | |
*The Regulations may prescribe other entities as excluded entities.
Contravention or infringement of certain rights, agreements, and common law duties or privileges
The Act does not authorise sharing data if the sharing would contravene or infringe (section 17(3)):
- copyright or other intellectual property rights
- a contract or agreement to which the data custodian is a party (this includes a memorandum of understanding that is not legally enforceable)
- a common law duty or privilege, or
- a Parliamentary privilege or immunity.
Infringement of a common law duty or privilege (section 17(3)(a)(iii) refers), including a common law duty of confidence, does not occur if the use and disclosure of information is exclusively regulated by legislation. In these circumstances, a common law duty or privilege will likely not arise in relation to that data, and sharing is not likely to be prevented under section 17(3)(a)(iii). Put in other terms, if the collection and use of data is already permitted through an express legislative pathway, the Act will not change the status quo and introduce common law duties.
If disclosure of data collected under particular legislation is prevented under a provision of that legislation, section 23(1) of the Act will operate to override the statutory prohibition, provided the sharing, collection and use of the data is authorised under the Act.
Prescribed by Regulations
The Regulations prohibit the sharing of data in certain circumstances. This includes, for example, data collected under the Commonwealth Electoral Act 1918 and the Australian Institute of Health and Welfare while acting as data custodian within the meaning of the My Health Records Act 2012.
The Regulations allow an order, direction, certificate or other instrument to be made by an officer of the Commonwealth (including a Minister) which excludes particular data from being shared or a data custodian from sharing (section 17(4) of the Act).
Evidence and court/tribunal orders
The Act does not authorise sharing data if the data is held as evidence before a court, or obtained by a tribunal, authority or other person with the power to compel documents but does not exclude other copies of that data held by the data custodian.
If a court or tribunal makes an order that restricts or prohibits disclosure of data, the Act excludes sharing of that data. In this instance, sharing of any copies of the relevant data held by the data custodian would also be excluded (section 17(6)).
International matters
The Act does not authorise the sharing of data that is inconsistent with Australia’s obligations under international law (including international agreements) or is inconsistent with Commonwealth legislation that gives effect to such international agreements (section 17(5)).
Sharing data collected from a foreign government is excluded unless the relevant government agrees.
Seeking your own legal advice on matters covered by this guidance
This guidance note is not legal advice. You should seek your own legal advice if you would like further clarification on the matters raised in this guidance.
Barred data sharing
The following table provides a checklist to assist DATA Scheme entities to identify whether data is barred from sharing under the Data Availability and Transparency Act 2022 (the Act).
| Is the data held by, did it originate with or was it received from an ‘excluded entity’ under the Act? Section 17(2)(a) | A number of entities are ‘excluded entities’. These include: - National Data Commissioner and any APS employee made available to the National Data Commissioner - National Anti-Corruption Commission - Inspector of the National Anti-Corruption Commission - agency known as the Australian Criminal Intelligence Commission established by the Australian Crime Commission Act 2002 - Australian Federal Police - that part of the Defence Department known as the Australian Geospatial-Intelligence Organisation - Australian National Audit Office - Australian Secret Intelligence Service - Australian Security Intelligence Organisation - Australian Signals Directorate - that part of the Defence Department known as the Defence Intelligence Organisation - Inspector-General of Intelligence and Security - Office of the Commonwealth Ombudsman - Office of National Intelligence. |
| Is the data information that relates to the operations, or informs the operational processes or methodologies, of the three specified agencies? Section 17(2)(b) | The Act bars sharing data if it is operational data that is held by, originated with or received from any of the following entities: - AUSTRAC - Australian Federal Police - Department administered by the Minister administering the Australian Border Force Act 2015), which is currently the Department of Home Affairs. |
| Would sharing the data contravene or infringe upon rights? Section 17(3) | The Act bars sharing data if the sharing would contravene or infringe: - copyright or other intellectual property rights - contract or agreement to which the data custodian is a party (this includes a memorandum of understanding that is not legally enforceable) - common law duty or privilege, or - Parliamentary privilege or immunity. The Act bars sharing data that is commercial if it would support legal action for breach of confidence. |
| Is the data to be shared precluded by the Regulations? Section 17(4)(a) | The Data Availability and Transparency Regulations 2022 sets out further circumstances in which sharing is barred. These include data collected for the purposes of: - Commonwealth Electoral Act 1918, or the Referendum (Machinery Provisions) Act 1984 - Director of Public Prosecutions Act 1983 - data held by the Director of Professional Services Review for the purposes of Part VAA (the Professional Services Review Scheme) of the Health Insurance Act 1973 - data that is health information (within the meaning of the Privacy Act 1988) about a person, including a deceased person which is also data in relation to the Australian Border Force Act 2015, and created at a time when the person was a detainee under the Migration Act 1958 - data that is COVID app data within the meaning of the Privacy Act 1988 - data in relation to the Royal Commission Act 1902 which has not been made publicly available. The Act bars sharing data if any of the prescribed provisions of Acts and legislative instruments identified by the Regulations prohibit disclosing the data. The Act bars sharing data if an order, direction, certificate or other instrument made under a provision of a law prescribed by the Regulations prohibits disclosing the data as follows: - subsections 7(1), 13(1), 14(2) and (3) of the Foreign Proceedings (Excess of Jurisdiction) Act 1984 - subsections 26(2) and (3) of the National Security Information (Criminal and Civil Proceedings) Act 2004. |
| Is the data held by, did it originate with or was it received from an ‘excluded entity’ under the Regulations? Section 17(4)(b) | The Regulations bar sharing data of entities acting in a capacity under the My Health Records Act 2012. These include: - System Operator - Data Custodian within the meaning of the My Health Records Act 2012 - Chief Executive Medicare - any other entity that is a participant in the My Health Records system. |
| Would sharing the data be inconsistent with Australia’s international obligations? Section 17(5) | The Act bars sharing data that is inconsistent with Australia’s obligations under international law (including international agreements), or with Commonwealth legislation that gives domestic effect to such international agreements. Sharing data collected from a foreign government or agency is barred unless the relevant government or agency agrees. |
| Is the data to be shared currently considered to be held as evidence before a court, or obtained by court/tribunal/authority powers or subject to court/tribunal orders? Section 17(6) | The Act bars sharing data held as evidence before a court, or obtained by a tribunal, authority or other person with the power to require answering of questions or compel production of documents. If a court or tribunal orders restrictions or prohibits disclosure of data, the Act also bars sharing that data. |
Guidance note 2023:6
Last updated: 17 July 2024