Submission: Data Availability and Transparency Bill 2020 and the Data Availability and Transparency (Consequential Amendments) Bill 2020

The Hub has made a submission to the Senate Finance and Public Administration Legislation Committee Inquiry regarding the Data Availability and Transparency Bill 2020 and the Data Availability and Transparency (Consequential Amendments) Bill 2020. 

This is a joint submission by the Allens Hub for Technology, Law and Innovation, the Australian Society for Computers & Laws and the UNSW Institute for Cyber Security

A pdf copy of the submission is here  and an online copy is here.  Further information and background to the submission can be found here

This submission is not intended as a comprehensive response to all the issues raised by the Bill, but rather focuses on topics on which our research can shed light. It thus focuses on the following issues:

• Objects of Bill. A reference to accountability should be inserted into the Bill’s Objects. This would strengthen the functionality of existing safeguards and ensure accountability plays a central interpretive role. In addition, the Objects clause should note that consent remains the primary basis for sharing personal information.

• Private Sector Research and Research Ethics. Private sector organisations seeking to use data for research should be required to prove a rigorous ethics process.

• New Data Attributes. Interaction with the review of the Privacy Act 1988 definition of “personal information” should be managed. • International Data Sharing. Accreditation of foreign entities should be subject to proof that the relevant foreign country has a comparable privacy law framework.

• Transparency. Transparency measures should be put in place with respect to the operation of Clause 15(4). Further, there should be ongoing transparency about flaws in the data protections applied in clause 16(7).

• Interaction with Other Legislation. Details of interaction with other legislation should be published, ideally within the Bill. Consistent terminology across legislation should be a long term goal.

• Handling of Data After Project Completion. Requirements on termination of a project or suspension of an accredited entity, such as data deletion, should be specified.

• Accountability. Transparency and accountability should be enhanced through additional language in privacy policies and a requirement for data scheme entities to raise complaints. Data subjects should also be encouraged to make complaints.

• Consent. The threshold for circumstances when it is unreasonable or impracticable to seek consent should be incorporated as part of the ethics function governed by the National Data Advisory Council.

• Data Sharing Controls and Environment. There should be minimum standards for security and data protection practices, including training.

• Guidelines to Address Data Procurement. The scope of guidelines be amended to cover data procurement and pre-processing as well as the operation of clause 15(4)