Data sharing purposes

The Data Availability and Transparency Act 2022 (the Act) authorises Australian Government bodies to share public sector data with accredited users. To be supported by the Act, the sharing, collection and use of data must be part of a data sharing project that satisfies each of the following:

• the project is for a data sharing purpose provided in the Act
• the project can reasonably be expected to serve the public interest
• the purpose of the project is not a precluded purpose.¹

Under the DATA Scheme, data may only be shared for one or more of the following three purposes:

• delivery of government services
• informing government policy and programs
• research and development.

Delivery of government services

Delivery of government services refers to the provision of any of the following services by, or on behalf of, the Commonwealth, or a State or Territory.

• Providing information – for instance, providing advice to an individual about their eligibility to receive a benefit, or a reminder that some action is required by an individual.
• Providing a service that is not a service relating to a payment, entitlement or benefit –  these include services that are administrative or facilitative in nature, provided to the public to help individuals interact with government systems or access public infrastructure. Examples of such services include issuance or renewal of a driver’s licence, registration of a business name, receiving emergency alerts (e.g. bushfire warnings), and accessing public libraries and other public infrastructure.
• Determining eligibility for a payment, entitlement or benefit – including a benefit payable under legislation or under a grant program.
• Paying a payment, entitlement or benefit.

Data shared for the purpose of government service delivery will often include personal information. In general, the consent of the individual is required before personal information can be shared. However, the Act provides for limited exceptions where personal information may be shared without consent, for example, when the data is used to deliver a service directly to the individual.² For more information on collection of consent requirements when sharing data for different purposes, please see Collection of consent under the DATA Scheme and sections 21 and 23 of the Data Availability and Transparency Code 2022.

Informing government policy and programs

The purpose of informing government policy and programs enables accredited users to request access to Commonwealth Government data to support evidence-based decision making across the stages of the policy and program development and implementation processes, including problem emergence, agenda setting, consideration of policy options, implementation and evaluation.

Commonwealth, state, and territory governments are also bound by legislation (for example the Public Governance, Performance and Accountability Act 2013) or whole-of-government policies and frameworks to monitor and report on the performance of the policies and programs they administer. Access to relevant and accurate data assets for evaluation could be essential to meet these obligations, support the delivery of government priorities, and facilitate the efficient administration of public funds.

Non-Scheme entities (entities not accredited to participate in the DATA Scheme) may contribute to projects that inform government policy and programs. Guidance on how non-accredited entities can be involved is available in the resource Third party participation in the DATA Scheme.

Some projects for this data sharing purpose, particularly where multiple data sources are used, may involve data integration. These projects will generally require some form of data linkage using personal information. Personal information may be shared under certain circumstances including where the sharing is with an ADSP that performs de-identification services, and the ADSP then provides the accredited user with data that does not involve personal information.³ For further information on the ADSP services, see separate guidance on Data services provided by accredited data service providers under the DATA Scheme.

Research and development

Research and development refers to the set of activities involving the investigation, experimentation, and analysis aimed at discovering new knowledge. Data shared for this purpose can be applied to existing knowledge to solve specific problems, and translate research findings into practical applications through the design, testing, and refinement of new or improved products, processes or systems.

Consistent with sharing for the purpose of informing government policies and programs, some projects that have a research and development purpose, particularly those that use multiple data sources, may involve data integration. These projects will often require some form of data linkage using personal information. Again, personal information may be shared under certain circumstances including where the sharing is with an ADSP which then provides the accredited user with de-identified data, so personal information is no longer included.⁴ For more information on circumstances where sharing of personal information is permitted, please see Collection of consent under the DATA Scheme.

All data sharing projects under the DATA Scheme regardless of their purpose must satisfy the five data sharing principles.⁵ One of those principles—the project principle—requires that projects can reasonably be expected to serve the public interest.⁶ The public interest generally relates to considerations that might have a widespread community benefit – it is not enough that the accredited user has a personal interest, or that there is public curiosity about an issue. Examples of matters in the public interest include, but are not limited to:

• promoting the proper administration of government
• medical research or statistical analysis relevant to public health or safety, and research or analysis that supports better economic outcomes.

The Data Availability and Transparency Code 2022 (the Code) sets out a range of matters relevant to the project principle and when a project can be reasonably expected to serve the public interest:⁷

• delivery of government services – for projects where delivery of government services is the only data sharing purpose.⁸
• activities relevant to public health or safety – for projects where the data sharing purposes includes informing government policy and programs, or research and development, and where the data custodian is sharing the data in the course of medical research within the meaning of section 95 of the Privacy Act 1988.⁹
• other projects including the purposes of informing government policy and programs or research and development – where the entity concludes that the arguments for the project serving the public interest outweigh the arguments against the project doing so, applying a range of considerations set out in section 5 of the Code.¹⁰

A project cannot reasonably be expected to serve the public interest if its only foreseeable benefits are:

• advantages that primarily benefit another country or its citizens, or
• commercial gains for entities that are not Australian.¹¹

A data sharing project must not be for a purpose that is precluded by the Act. Each of the following is a precluded purpose:

• an enforcement related purpose
• a purpose that relates to, or prejudices, national security
• a purpose prescribed by the rules.¹²

Enforcement purposes

The Act outlines specific enforcement related purposes for which data sharing is not permitted under the DATA Scheme.¹³

Enforcement related activity includes detecting, investigating, or responding to:

• offences or breaches of laws punishable by criminal or civil penalties, and
• acts or practices that harm public revenue (e.g. fraudulent benefit claims).

Examples of enforcement related purposes include the use of data for the verification of payments previously made to an individual as part of a government service, the recovery of overpayments, identifying individuals for compliance activities, or for the exercise of investigation powers.¹⁴

Enforcement and government service delivery can involve similar activities and the distinction depends on the specific circumstances of the proposed data sharing activity. Where data relates to a payment, a key distinction between service delivery and enforcement might be whether the activity occurs before or after the payment or service is provided. For example, using data about an individual to determine eligibility for a payment before the payment is made is not an enforcement related activity. However, using data to verify eligibility after a payment is made will likely constitute enforcement activity, particularly if that verification results in the recovery of overpayments and any enforcement action.

While there are a number of law enforcement and security agencies that are excluded entities for the purposes of the DAT Act, an entity that has a regulatory or enforcement function is not necessarily excluded from using data under the DATA Scheme. Such an accredited entity may collect and use data if the project is for one or more of the three permitted purposes. For example, a government regulator may request, collect and use data as an accredited user under the DATA Scheme for the purposes of informing policy that underpins the design of a compliance program, but does not use the data for a compliance assessment or enforcement project.

National security purposes

A national security related purpose includes any matters relating to Australia’s defence, security, international relations or law enforcement interests within the meaning of ‘national security’ in the National Security Information (Criminal and Civil Proceedings) Act 2004. Sharing of data that could prejudice national security includes, for example, sharing data on Australia’s counter terrorism or international intelligence gathering activities.

This exclusion ensures that the sharing of highly sensitive data, or data involving law enforcement or national security purposes, continues to be handled under dedicated legislative frameworks.

Projects that only relate to precluded purposes in a general way

A data sharing project that deals with enforcement or national security related issues in a general way is not necessarily precluded. For example, a project to research trends in criminal behaviour in relation to Australian Government programs, where the research does not relate to any individuals or organisations, would not be for a precluded purpose.

Similarly, the characteristics of a data set and the purpose for which it may be shared are independent. For example, assuming privacy protections and other requirements of the Act are satisfied, data assets which contain records of unit-level data about breaches or non-compliance with a government scheme may be shared to support academic research or to inform government policies and programs.

Purposes prescribed by the rules

The Minister may prescribe further precluded purposes in rules made under section 133 of the Act. At the time of preparing this guidance note, no precluded purposes have been prescribed.

A project may have multiple data sharing purposes. For instance, the primary purpose of a project may be to inform the development of a new government program, but this may rely on insights from research that needs to be undertaken first. In this example, the project has two purposes — informing government policy and programs, and research and development.

Incidental purposes

A project may have an incidental purpose or purposes. An incidental purpose is a purpose that results as a by-product or subordinate accompaniment to the creation of the agreed final output for one or more of the three permitted purposes. The scope of such incidental purposes must be agreed by the parties in the data sharing agreement and must not be for precluded purposes.

An incidental purpose may be the production of technical or methodological information arising from a project. For example, a researcher may use a novel approach to analysing data that they may wish to discuss in a report or a journal. In this example, the discussion of the approach to analysis is incidental to the purpose of the data sharing. Similarly, the use of the data in the project may generate new metadata or updates to existing data definitions and classifications. Although these types of incidental purpose are unlikely to include the data itself, the incidental purpose could include descriptive information on the findings.

Future data sharing under the DATA Scheme

The DATA Scheme can also be used to develop a data asset intended for future sharing. This applies when an accredited user, who is a Commonwealth body, is appointed as the data custodian for the project's output.

The specific future projects that might use the data asset may not yet be identified at the time the data asset is developed. However, a project that prepares data for future use is considered to be for the permitted data sharing purposes associated with those future projects, once they are known.

¹Section 15 of the Act.

²Paragraph 16B(1)(a) of the Act.

³Section 16B of the Act.

⁴Section 16B of the Act.

⁵Paragraph 13(1)(e) of the Act. Also see section 16 of the Act and part 2 of the Code for information on the data sharing principles.

⁶Paragraph 16(2)(a) of the Act.

⁷Section 6 of the Code.

⁸Subsection 6(2) of the Code.

⁹Subsection 6(3) of the Code.

¹⁰Subsection 6(4) of the Code.

¹¹Subsection 6(6) of the Code.

¹²Subsection 15(2) of the Act.

¹³Subsection 15(3) of the Act.

¹⁴Subsection 15(3) of the Act.