The Data Availability and Transparency Act 2022 (DATA) Scheme was developed using a ‘privacy-by-design’ approach, which means that data privacy and security was considered at every stage of the development of the legislation.
In line with feedback during our consultation period, organisations are not be able to use the DATA Scheme to request data for:
- an enforcement-related purpose, such as law enforcement investigations, or
- a purpose that relates to, or prejudices, national security.
If a data custodian, who must be a federal government agency, decides to share data that includes personal information, the data custodian must seek consent from those the personal information is about unless it is unreasonable or impracticable to do so.
The ‘unreasonable or impracticable’ language is drawn from the Privacy Act 1988 – it is about objectively considering what is reasonable and viable given the circumstances of the project.
If the data custodian decides to seek consent, the standard of consent is the same as applies under the Privacy Act 1988.
The DATA Scheme operates alongside existing requirements for the collection, storage, integration and management of data, including the:
- Privacy Act 1988, including the notifiable data breaches scheme for personal information and the Australian Government Agencies Privacy Code 2017 issued by the Information Commissioner
- Freedom of Information Act 1982
- Archives Act 1983 and National Archives of Australia information management standard, and
- Protective Security Policy Framework requirements relating to the release of classified information.
The DATA Scheme supports co-operation between the National Data Commissioner and privacy regulators.
We commissioned 3 independent Privacy Impact Assessments (PIAs) during the design and development of the DATA Scheme.
Copies of the 3 PIAs are available in the Resources section of our website:
- 2019 Privacy Impact Assessment
- 2020 Privacy Impact Assessment, which was published with the exposure draft of the DAT Bill
- 2021 Privacy Impact Assessment, which relates to the Bill as introduced into the Parliament.
The PIAs were essential to our ‘privacy-by-design’ philosophy as they allowed for a balanced public conversation on the DATA Scheme’s approach to privacy and security.