Privacy and personal information

The Data Availability and Transparency Act 2022 (DATA) Scheme was developed using a ‘privacy-by-design’ approach, which means that data privacy and security was considered at every stage of the development of the legislation.

In line with feedback during our consultation period, organisations are not be able to use the DATA Scheme to request data for:

  • an enforcement-related purpose, such as law enforcement investigations, or
  • a purpose that relates to, or prejudices, national security.
Consent

If a data custodian, who must be a federal government agency, decides to share data that includes personal information, the data custodian must seek consent from those the personal information is about unless it is unreasonable or impracticable to do so.

The ‘unreasonable or impracticable’ language is drawn from the Privacy Act 1988 – it is about objectively considering what is reasonable and viable given the circumstances of the project.

If the data custodian decides to seek consent, the standard of consent is the same as applies under the Privacy Act 1988.

Privacy legislation and the DATA Scheme

The DATA Scheme operates alongside existing requirements for the collection, storage, integration and management of data, including the:

  • Privacy Act 1988, including the notifiable data breaches scheme for personal information and the Australian Government Agencies Privacy Code 2017 issued by the Information Commissioner
  • Freedom of Information Act 1982
  • Archives Act 1983 and National Archives of Australia information management standard, and
  • Protective Security Policy Framework requirements relating to the release of classified information.
Privacy regulators

The DATA Scheme supports co-operation between the National Data Commissioner and privacy regulators.

Privacy Impact Assessments

We commissioned 3 independent Privacy Impact Assessments (PIAs) during the design and development of the DATA Scheme.

Copies of the 3 PIAs are available in the Resources section of our website:

The PIAs were essential to our ‘privacy-by-design’ philosophy as they allowed for a balanced public conversation on the DATA Scheme’s approach to privacy and security.