The National Data Commissioner's Speech at the Australian Government Solicitor Technology Forum 2025

Main mobile navigation open
Back to all news

The National Data Commissioner's Speech at the Australian Government Solicitor Technology Forum 2025

26 June 2025

On 11 June, the National Data Commissioner, Gayle Milnes, spoke at the 2025 Australian Government Solicitor (AGS) Technology Forum. 

Read the Commissioner's speech

Welcome the opportunity to talk with you today. Thank you to the AGS for hosting this event. 

I’ll focus my comments on the Government’s data and digital agenda and in particular supporting the APS to be a best-in-class user of data and unlocking the value of public data. 

Promoting better availability of public sector data

I’ll start by taking you back to 2017 and the Productivity Commission’s review into improving data availability and use. The review found Australia was not making the most of its valuable public data. As a result, widespread community and productivity benefits were being missed. It recommended a reformed and modernised regulatory framework to support safe and widespread sharing of Australian Government data for public benefit by enabling necessary permissions and shifting attitudes to ‘treating data as an asset’.

​The Australian Government responded to the review in 2018, committing to reform through new data-sharing laws and creation of the National Data Commissioner. ​This new framework was intended to overcome three key barriers to data sharing:​

  • legal restrictions that prevented Australian Government agencies providing others with access to data, even when the sharing would have been both reasonable and safe
  • lack of clarity as to who Australian Government agencies could trust to share data with, and ​
  • uncertainty about best practices and appropriate safeguards for sharing data safely.​

Fast forward to March 2022 when after a lot of hard work, the Data Availability and Transparency Act 2022 was passed by the Parliament. It came into effect in April 2022.

To promote better availability of public sector data – the first object of the Act – the legislation establishes a data sharing scheme, the DATA Scheme as we call it. The Scheme addresses the three key barriers by authorising Australian Government agencies to share data, establishing a robust accreditation framework so that only those who can safely handle public data are able to participate in the data sharing scheme, and defining best practices for sharing data safely. The data sharing scheme is overseen by an independent regulator to support transparency and trust.

Facilitating data sharing

Now let’s fast forward again to 2025 and reflect on how the legislation has operated over its first 3 years – the establishment phase.

The ONDC has built the Scheme and the digital platform (the Australian Government Data Catalogue and Dataplace) to support its operation. Organisations can onboard to Dataplace to:

  • discover data held by Australian Government agencies
  • request data held by Australian Government agencies, both under the DATA Scheme and general requests
  • develop a data sharing agreement, both a DATA Scheme data sharing agreement and a general agreement, and
  • monitor and report on your organisation’s data sharing activities – what data your entity is sharing, with whom and for what purpose – and meet reporting obligations under the DATA Scheme.

The platform guides Scheme participants and others to apply safe and consistent data sharing practices, streamlining sharing and helping them comply with the Act.

Dataplace and the Catalogue have wider application beyond the DATA Scheme. Eligible Scheme entities and other organisations can use Dataplace as their one stop shop for accessing data held by Australian Government agencies. 

Organisations can also opt to use Dataplace to improve their own enterprise data governance. Dataplace has been designed to operate as a standalone platform for agencies that do not have their own systems, or one that can be integrated with existing systems, providing a consistent front-door for data users.

We have established a rigorous accreditation framework and through that, a trusted data sharing community. There are now 35 accredited entities – 17 Australian Government agencies, 10 state and territory governments and 8 Australian universities. 

Accreditation is one of the data sharing scheme’s key safeguards so let me tell you more about it.

Only accredited entities can participate in the Scheme. Accredited data users can collect and use Australian Government data. Accredited data service providers can de-identify and integrate data and provide secure access to data. Accreditation ensures users and data service providers are capable of handling Australian Government data and minimising risk of unauthorised access or use. 

The Minister and the Commissioner are the authorities for accrediting users and data service providers and can impose conditions on accreditation if required. To be accredited as a data users, eligible entities (Australian, state and territory government agencies as well as Australian universities) must meet the following criteria: 

  • the entity has appropriate data management and governance policies and practices and an appropriately qualified individual in a position that has responsibility for data management and data governance for the entity
  • the entities are able to minimise the risk of unauthorised access, sharing or loss of data, and
  • the entity has the necessary skills and capability to ensure the privacy, protection and appropriate use of data, including the ability to manage risks in relation to those matters. 

In addition, accredited data service providers must have the necessary policies, practices, skills and capability to perform the following data services: 

  • deidentification of data services
  • secure access data services, and
  • complex data integration services. 

Accreditation is like a trusted tick of approval, signalling to data custodians who they can trust to share data with. There are examples of Australian Government agencies making use of the accreditation status to support data sharing more broadly. This is both best practice and efficient. 

In the last 12 months, ONDC initiated two independent reviews of the accreditation framework. One was a Department of Finance internal audit Management Initiated Review. The other was a review by Cyber CX of the cyber and ICT security requirements. They found the framework provides a robust level of assurance.  

We have facilitated data sharing – 54 requests, so far resulting in 25 instances of data sharing. Notably the Scheme is enabling data sharing to create the National Disability Data Asset and, following the first release of the asset in December 2024, access to it. To make it real for you, I’ll also give you some examples of what Scheme participants would like to or are doing: 

  • A university researcher wants to access disability data to identify and implement best practices for supporting young people to successful transition from out-of-home care to adulthood.
  • A state government is interested in accessing data held by a Commonwealth agency to help them determine eligibility for state services.
  • A state government is exploring ways it can use health data to identify the best predictors of high acute health care use.

Transparency in data sharing has been enhanced through registers of accredited entities and data sharing agreements as well as reporting on the operation of the Scheme by the National Data Commissioner.

Scheme participants are being held accountable for meeting robust standards through regulation of the Scheme. With the pick up in Scheme activity, ONDC has stepped up its monitoring activities focusing on accredited entities continuing to meet the criteria, timely handling of requests, refusals of data sharing requests and compliance with data sharing agreements.

These efforts have advanced the objects of the Act. 

Statutory review of the Data Availability and Transparency Act 2022

To allow the data sharing scheme time to establish and mature, the Scheme started with a limited reach – only government agencies and universities were eligible to participate. The statutory review, 3 years after the DATA Scheme commenced is welcome and timely. It is a deliberate checkpoint to ensure the Act is operating as intended. It provides an ‘opportunity to consider expansion or refinements’ and for an independent review to ‘assess its effectiveness, and whether the Scheme should continue, continue with amendments, or be allowed to cease to have effect under the sunset clause’.

The first 3 years of the Scheme has been a tremendous learning opportunity for ONDC, Scheme participants and others. The valuable feedback and advice provided by Scheme participants, the National Data Advisory Council and others has spurred improvements in ONDC’s performance and the Scheme’s operation and provides a solid evidence base to inform the review.

There have been challenges which have limited uptake of the Scheme and its impact. We have proposed a package of amendments to the review to enable the Scheme to operate as intended and realise the vision of a step change in the use of Australian data for public benefit and to support the government’s productivity agenda:

  • Expand the types of entities eligible to participate in the Scheme, to include all Australian organisations such as government services providers, research organisations, Aboriginal and Torres Strait Islanders organisations and organisations supporting Aboriginal and Torres Strait Islander communities.
  • Permit the Act to apply to sharing broadly, including where sharing is already authorised by another Commonwealth legislative purpose and through the adoption of a whole of government platform for discovering data held by the Australian Government agencies and administering data sharing.
  • To enliven sharing for purposes of delivering better government services, the Act should permit sharing for the delivery of government services, including where a compliance issue may be incidentally detected. The Act should continue to preclude sharing for enforcement related purposes including investigation, prosecution and punishment, and where detection of non-compliance is a material purpose for sharing.
  • Address known issues by amending the Act to streamline data sharing by taking a more principles-based and outcomes-oriented approach to refining existing features.
  • Introduce Ministerial discretion to authorise sharing under the Act where it is in the national interest to do so, with appropriate checks and balances.
  • Strengthen support for a national data sharing system to enable seamless sharing of data across all levels of government and permit all jurisdictions to contribute and benefit form multilateral data sharing by developing complementary legislation and consistent approaches to data sharing practices and standards.

These amendments would enable the Scheme to support the breadth of current and prospective data sharing by Australian Government agencies. Under current settings, organisations that can make productive use of the data – and some which Australian Government agencies already share data with – are locked out. The Scheme’s safeguards would ensure that only those capable of handling the data safely can access it. 

Permitting the Act and Dataplace to apply to sharing more broadly would standardise data sharing practices. Under current settings, Australian Government data is shared using multiple, bespoke pathways, creating complexity for data custodians and data users. Standardised practices would deliver efficiencies. Sharing would be best practice, transparent (the government and the public would have a handle on what data is being shared with who and for what purpose) and with regulatory oversight ensuring best practice is followed.

The Act supports sharing data to deliver better government services. In practice though, agencies like Services Australia have not been able to use the Scheme for better service delivery. The proposed amendments would allow Services Australia to share Medicare and Centrelink data with itself to improve their services. 

Australian Government agencies and other Scheme participants have found the Act difficult to use, say in the case of the National Disability Data Asset. Users, including universities, are frustrated their requests are not being dealt with in a timely way and/or being refused. The proposed amendments would allow the safeguards and the regulator’s functions to apply in a graduated way, less one-size fits all, according to risk. They would also put more onus on Australian Government agencies to take a “yes, if with appropriate safeguards” approach and to handle requests in a timely way.

The proposed changes would enable the Minister to authorise sharing and mobilise data from across the Australian Government’s data holdings to address national priorities. 

Sharing across all levels of government remains a challenge. We have recommended steps that would further normalise data sharing between the Commonwealth, states and territories. 

In addition to these legislative changes, we recommend a sustained focus and commitment to:

  • Address cultural resistance to sharing data and sharing it in a timely way. Senior leadership is key to greater adoption of a ‘yes if, with appropriate safeguards’ approach and a public data mindset.
  • Further strengthen data capability of Australian Government agencies and other Scheme participants. While the Scheme and other initiatives have uplifted capability, a recent survey found the average maturity score was 2.02 out of 5 indicating there is still some way to go.
  • Strategic allocation of existing resources within Australian Government agencies as well as across the Commonwealth, the different levels of government and the research sector to make better use of data.

Our shared agenda

I’ll leave you with a final message and that is to keep up the close cooperation and collaboration. We have a shared agenda. We both have an important role to play in supporting and facilitating Australian Government agencies to share data they hold and to share it safely and efficiently to unlock benefits for all Australians.

The ONDC’s small but expert legal team have developed a wealth of practical experience through collaboration with other legal teams including secondments to other agencies.  We have placed two of our lawyers in AIHW for three months or more.  It was an invaluable experience for all involved. We have one of our lawyers placed with the Centre for Disease Control establishment team in the Department of Health, Disability and Ageing to help them prepare their legislation.

The Australian Government Solicitor continue to advise on the DATA Scheme framework, and second counselled the short form data sharing agreement template we published earlier this year.

Keeping up to date with legal and regulatory developments in data sharing, and understanding your client’s practices or proposed practices, ensures that you are well positioned to give your client practical advice to realise data sharing opportunities and manage associated risks, preferably in the concept or early stages of data sharing proposals, not just when drafting a data sharing agreement. ​

Be brave and support your client to explore ways of doing things beyond the ‘way it’s always been done’ – current processes and pathways may be there for good reason, but there is also a chance that the way things are always done are not the most efficient; they may not be the best contemporary practice.

Stay on top of the latest legal thinking by ensuring that you comply with your Legal Services Directions obligations to consult with relevant legal counsel in other agencies about requests for legal advice, and the development of legal advice, that has whole of government impacts.​

Keep in mind that one of the National Data Commissioner’s functions is to provide regulatory advice to Scheme participants on how the Scheme applies in specific circumstances. Advice was provided in January 2025 to the Commonwealth partners involved in the National Disability Data Asset about the use of the Act to authorise access to the asset. 

To wrap up, by staying informed, thinking creatively, and engaging early, we can help shape a data sharing culture that is not only legally sound but also forward-looking, efficient, and impactful for all Australians.