It seems like only yesterday that former NSW Minister for Innovation Victor Dominello accepted an ACS invitation to speak at the IFIP World Computer Congress 2015 in South Korea. His keynote on “Data Driven Innovation” detailed his plans to use data analytics to unlock the value of NSW Government data.
Just weeks later, I witnessed the milestone passage of the NSW Data Sharing (Government Sector) Bill at NSW Parliament House, where Minister Dominello put the Premier State at the forefront of data sharing and analytics to make information a true asset in a way no Australian government had done before.
The legislation was ground-breaking for the way it embedded privacy protection and required data breaches to be reported to the NSW Privacy Commissioner and the data provider.
The Open Data and its Re-Use Agenda has evolved rapidly across the globe over the last two years, creating a myriad of opportunities and benefits despite the seemingly endless list of challenges.
The Productivity Commission’s attempt to address some of those challenges was made public last month with the release of its final report into Data Availability and Use.
The result of a year-long inquiry and consultation process, the report highlights underlying tensions around data availability and use between the various policies and regulatory schemes across the States, Territories and Commonwealth which have severely impeded data sharing by both public and private sector organisations.
It advocates fundamental changes to Australia’s legal and policy frameworks under which public and private sector data is collected, stored and used (or traded), including recommendations for:
- a Comprehensive Right for Consumers (including small/medium-sized businesses) -- to access their digital data and the ability to have it provided to a different supplier;
- a new Data Sharing and Release Act -- to authorise the better sharing and release of data;
- the appointment of a National Data Custodian and an advisory board and ethics advisor;
- the creation of National Interest Datasets; and
- clear processes and structures for data sharing between State and Commonwealth entities.
While the various State and Territory Privacy laws, including the Commonwealth Privacy Act 1988 currently provide some constraints and protections, they only relate to data which meets the varying definitions of “personal information”.
The framework proposed by the Commission goes further, seeking to cover all consumer data, including files posted online or on social media, data created from online transactions, Internet-connected activity or digital devices, data purchased or obtained from a third party that is about the consumer, and more.
While the Government is yet to formally respond, the report has prompted widespread debate around this important and complex issue.
One voice worth listening to is NSW Acting Privacy Commissioner Elizabeth Coombs, who said Australia needs to look at international trends in data protection, such as those modelled by the EU’s General Data Protection Regulation and Singapore’s Personal Data Protection Act.
“The global nature of the information economy means we must comply with international standards for data protection, privacy and security or risk being locked out of emerging opportunities,” she said.
However, Dr Coombs queried the need for a National Data Custodian to provide leadership of the new data framework.
“If they’re already saying the complexity of the current landscape creates uncertainty, which enforces inaction, then why add yet another Office to complicate things further? It proposes significant overlap with the Federal Privacy Act which, amongst other things, already allows individuals to request copies of and corrections to this data if it’s incorrect,” she said.
Australia’s Information Privacy Commissioner, Timothy Pilgrim, believes a successful data-driven economy needs a strong foundation in privacy. He told a workshop in Canberra last year, “When there is transparency in how personal information is used, it gives individuals clarity, choice and confidence that their privacy rights are being respected.”
However, the Productivity Commission says its Comprehensive Right goes further than privacy law and is meant to offer consumers a genuine two-way street to support their willingness to continue providing personal information to enable business, research and public policy.
“Consumers would no longer be just a source of data, they would rank equally with the key data collectors — businesses and governments — in being able to trade and use their data,” the report said.
Last week Data Governance Australia (DGA) proposed an alternative approach, releasing a draft code of conduct as part of a self-regulatory model for companies collecting and sharing customer data.
Designed to engender consumer trust and drive transparency by establishing recognised standards for data handling, the code will eventually be registered with the Australian Securities and Investments Commission (ASIC) after a process of consultation.
To fulfil the Government’s vision of data-driven innovation, Australians must feel confident in how their personal information is managed.
ACS CEO Andrew Johnson met with the Prime Minister’s Office last week to discuss the Productivity Commission report and explore the various challenges and issues it raises as the Government formulates its final response.