On 1 April 2022, the Data Availability and Transparency Act 2022 (DAT Act) came into force. The Act is an important component of the Australian Data Strategy, which aims to facilitate the effective, safe, ethical and secure use of data as a tool for businesses, individuals, the non-government and government sectors. Public consultation on the Australian Data Strategy ends on 30 June 2022.
The DAT Act will have significant implications for how Commonwealth government agencies are able to share and use data and will need to be considered alongside applicable secrecy provisions and the Privacy Act 1988 (Privacy Act).
What does the DAT Act do?
The DAT Act authorises and regulates controlled access to Australian Government data, and aims to promote better availability and use of government data, empower the government to deliver effective policies and services, and support research and development. The Act allows scheme entities to enter into data sharing agreements for a specified data sharing purpose, subject to various safeguards.
The DAT Act is intended to be over-arching legislation that will have effect notwithstanding the provisions of other legislation. If a Commonwealth agency proposes to share data under the scheme in a manner that would be inconsistent with otherwise applicable legislation, the agency will need to identify and consider those laws. Data sharing agreements must specify ‘any law that the sharing would contravene but for’ the DAT Act.
Who can share data under the scheme
Only scheme entities (data custodians and accredited entities) can participate in the scheme.
Commonwealth bodies that are data custodians are participants in the scheme, with the exception of intelligence and law enforcement agencies. State and Territory governments and public universities can also participate.
Data cannot be shared under the scheme with the following entities:
- private entities (bodies corporate);
- individuals and unincorporated bodies (such as partnerships and trusts); and
- foreign entities (such as foreign governments and companies incorporated overseas).
Purposes for which data can be shared
When an entity proposes to enter into a data sharing agreement, the agreement must specify one of the defined data sharing purposes for which data will be shared under the agreement.
The three data sharing purposes are:
- delivery of government services;
- informing government policy and programs; and
- research and development.
We anticipate that delivery of government services will be of major importance for Commonwealth agencies seeking to share data, and is defined to include:
- providing information;
- providing services, other than services relating to a payment, entitlement or benefit;
- determining eligibility for a payment, entitlement or benefit; and
- paying a payment, entitlement or benefit.
Privacy protections and other safeguards
It should be noted that the DAT Act is not intended to ‘override’ the Privacy Act, and is intended to facilitate the sharing of data consistently with the Privacy Act. However, where the requirements of the DAT Act are met to authorise the sharing of data, the authorisation would be relevant to the collection of personal information under APP 3, and to the use and disclosure of personal information under APP 6.
Privacy protections and safeguards are embedded in the scheme to ensure data is managed securely. Section 13 of the DAT Act sets out a range of formal and substantive requirements with which all data sharing agreements must comply, such as being consistent with the data sharing principles set out in the Act, among other things.
Except in limited circumstances, personal information about an individual can only be shared through a data sharing agreement with the consent of that individual. If the data includes biometric information, then it can only ever be shared with consent.
The National Data Commissioner will oversee the scheme as a regulator.
What does the DAT Act mean for Commonwealth agencies?
Commonwealth agencies will usually have a number of ways to use and share data. However, those existing avenues will often come with constraints on what the agency is able to do, particularly where the data includes personal information under the Privacy Act, or protected information under secrecy provisions in other legislation. Where constraints exist, the scheme established by the DAT Act may provide an alternative means for the sharing of that information.
This article was written by Michael Palfrey, Partner, Will Sharpe, Partner, and Neil Cuthbert, Senior Associate.