The privacy watchdog has urged the government to reverse its plan to exempt any information sent under its new data-sharing scheme from Freedom of Information requests.
Legislation introducing a new public sector data-sharing scheme, which greatly expands the sharing of data between public sector agencies and private organisations, is currently the subject of a senate committee inquiry.
The Data Availability and Transparency Act provides a “new path” for the sharing of data which is currently blocked by secrecy provisions or other laws, and would lead to more identifiable data being shared among agencies and other organisations, including universities and think-tanks.
Accompanying legislation to the scheme amends the Freedom of Information (FOI) Act to exempt agencies from these laws in relation to specified documents, including those being shared as part of the new data regime.
This would “effectively exempt any data that government agencies share with each other through the scheme”, the Office of the Australian Information Commissioner (OAIC) said in a submission to the senate committee.
“The OAIC is concerned that the proposal is unnecessarily broad and risks misalignment with the objects of the FOI Act to provide a fundamental legal right to access to documents,” the OAIC submission said.
“The OAIC is also concerned that this proposal reduces the information access rights of individuals, impacting on their ability to seek access to their own personal information and understand how agencies are using this information.”
The government has justified this exemption as necessary to protect the privacy of individuals whose data is being shared, but the OAIC said that departments already have existing exemptions under the FOI Act to block personal information from being released.
“The OAIC recommends that consideration is given to this proposed consequential amendments to the FOI Act being removed, and that data that is shared by agencies under this scheme remains subject to the usual FOI processes and potential exemptions under the FOI Act,” the OAIC said.
The privacy watchdog also joined with a number of digital and civil rights organisations and the Australian Medical Association in calling for greater privacy safeguards around the data-sharing scheme.
The OAIC urged the government to include a requirement that the data being shared be de-identified where possible in order to minimise privacy impacts.
“The OAIC recommends that the bill include a requirement that data custodians must not share personal information where the data sharing purpose can reasonably be met by sharing de-identified information,” it said.
The OAIC raised concerns that the final version of the legislation allows for Commonwealth entities to be automatically accredited to receive data under the scheme without having to pass the tests that other organisations will be subject to.
This “significant change” was made without any consultation, the OAIC said.
“Accreditation plays an important role in ensuring that entities have appropriate processes, systems and procedures in place to support safe personal information handling practices,” it said.
“The effectiveness of an accreditation framework rests on the accreditation criteria being set at an appropriate level and accreditation standards and processes being applied consistently across the scheme.
“A light touch or inconsistent approach to accreditation risks undermining the level of assurance that the framework is designed to provide. A robust accreditation process would provide a strong trust mark for the scheme.”
The senate committee is expected to produce its final report on the data-sharing scheme by the end of the month.
Do you know more? Contact James Riley via Email.