TL;JR: Data Sharing and Release Issues

So. Many. Documents.

This is mostly a cut&paste job of a Too Long; Justin Read Twitter thread that I did on 30 July 2018 about the Australian Government’s Data Sharing and Release Legislation issues paper.

Thread Ahoy!

Right, friends. 1 Aug is a lot closer than I expected, so let’s take a look at the government’s proposal to release and share data a whole lot more, shall we? #tljr

This is the issues paper I’ll be going through: https://www.pmc.gov.au/resource-centre/public-data/issues-paper-data-sharing-release-legislation and here is the Productivity Commission report into Data Availability and Use: https://www.pc.gov.au/inquiries/completed/data-access/report

The “setting the scene” introduction is instructive. I have highlighted some important phrases.

Important phrases used when setting the scene.

Important phrases used when setting the scene.

Note the framing of data as a resource.

“New data sharing and release arrangements will benefit Australians by streamlining the way public data is shared and released within government and with trusted users.”

“within government and with trusted users” This is important, for reasons that will become more obvious shortly.

There’s a rehash of the 2015 Public Data Policy Statement, and a reference to the 2016 Productivity Commission inquiry into data sharing (that I linked to earlier).

The PC consulted and inquired and did a bunch of commission-y things, generating a 644 page report that none of you read (be honest).

The PC identified a “lack of trust by both data custodians and users in existing data access processes and protections”

The PC also noted that “improving trust community-wide is a key objective” in the same dot-point, but that’s missing from the issues paper for some reason.

The government claims “Better use of public sector data can help us improve government services for Australians and ensure our programs and policies are informed by evidence.”

This is a little surprising, given how much evidence is available in a wide variety of policy areas that isn’t acted upon and, in some cases, is deliberately ignored.

But sure, more evidence is all that’s standing in our way from acting on, for example, climate change, or closing down the offshore gulags for brown people.

But I digress.

The legislation proposes 3 main things:

  • A National Data Commissioner to run the whole thing
  • Legislation, that will essentially replace all the existing legislation
  • A Consumer Data Right

“The purpose of the DS&R Bill will be to streamline the process for sharing public sector data and improve data safeguards across the public service.” This sounds like a noble goal.

“The DS&R Bill will be based on key principles designed to move the paradigm from one which restricts access to data to one which authorises sharing and release when appropriate data safeguards are in place.”

This is all about a change of posture from keeping data locked up in a multitude of private data stores to one biased towards sharing “when appropriate data safeguards are in place” which is a key detail.

Look at all the benefits! So many!

Look upon my benefits, ye mighty, and despair!

Look upon my benefits, ye mighty, and despair!

“The Bill will apply to Commonwealth entities and Commonwealth companies and include most data collected by these entities, with appropriate exceptions”

Let’s skip ahead a little and see what data is to be covered.

“The new DS&R Bill will apply to all Commonwealth entities and Commonwealth companies and encompass all data collected by these government bodies for any purposes, including government administration, service delivery and research.”

Got that? Everything. The ATO. Centrelink. #MyHealthRecord. The ABS. *Everything* will be covered by this new Data Sharing and Release bill.

“Data collected from individuals, businesses and other entities, and data generated internally by Australian Government bodies is in scope”

“The Bill will provide authority for sharing and release of data where currently prohibited” This is the point you need to start getting very concerned.

They’re proposing to just override the restrictions from everywhere else. The#MyHealthRecord Act. The Census and Statistics Act. The Archives Act. This is broad, sweeping stuff.

“The DS&R Bill will carefully consider existing secrecy provisions to balance the need to protect certain types of government data,” Note the switch to ‘government data’ from ‘public data’.

“Commonwealth entities will continue to be required to uphold the highest standards of privacy and security for the data they hold.” Hangon, what?

It’s supposed to operate “alongside” existing requirements, but will also provide an alternate pathway to access data. So it’s a kind of back door, if you like.

So no, we’re not going to look at all of the “more than 500 existing data secrecy and confidentiality provisions across more than 175 different pieces of Australian Government legislation” and clean it all up.

Instead, we’re going to add a new bit of legislation that can bypass all the other ones ” when appropriate conditions and safeguards are met”.

Let’s jump back to where we were before we looked at the scope.

“[The Bill] will provide a legislative approach to share, access and release data that is otherwise prohibited, when appropriate conditions and safeguards are met.”

Apparently the data will only be shared “for particular purposes only” which seems to go against the general thrust of things here quite a lot. Here are some of the purposes:

Particular purposes for which data can be shared.

Particular purposes for which data can be shared.

Now for some more cognitive dissonance. This paper claims that “Much of the Australian Government’s data is not personal or sensitive” which makes you wonder why you’d concentrate on stuff that’s currently prohibited from release.

It also makes much of the “Five Safes” framework, which is for assessing how sensitive or private data can be safely shared.

Five Safes was developed for figuring out how to deal with quite sensitive unit level data, not a bunch of “not personal or sensitive” data, so you start to get an idea of what this Bill is all about.

This isn’t about providing greater access to unobjectionable data about government activities, like how much it spends on TV ads each quarter. No. This is about government joining together all the data it has on you. Sensitive, personal data.

It’s about providing access to this data to other government departments, and favoured researchers or private organisations, as decreed administratively by the National Data Commissioner. Not through legislation and public debate.

If the NDC decides that, say, letting Centrelink see your MHR data and linking it to the Census and ATO data is nationally important, and they’ve got some safeguards in place, sure, bypass whatever the Census and Statistics Act says. Take a peek!

That might actually be sortof okay in some circumstances if we had a loooong history of trustworthiness and competence from government agencies dealing with private and sensitive data. And a good idea that it’s not likely to change. But we don’t.

The Census and Statistics Act has specific sections on secrecy for *very good and important reasons* and this government is trying to override them.

Now I would have a lot fewer issues with this proposal if it was advocating sharing of less sensitive data first, and leaving in place the safeguards over data about individuals, sensitive data, etc.

But that would mean sharing data about government operations, not individuals. The kind of stuff that we should be able to get now under FOI but which is regularly stymied.

Things like, say, monthly statistics of Centrelink call waiting times. Hell, live updates so we could know not to call for an hour, because it’s usually quieter at 2pm.

Or daily stats on how many people have opt-ed out of #MyHealthRecord.

Or real-time data on political donations. You know, stuff that would “build trust in use of public data” and allow government to practice on safe data before they start trying to share our Census data with Centrelink.

Here’s the summary of what’s being proposed, in Handy Diagram™ form:

The data sharing backdoor in Handy Diagram™ form.

The data sharing backdoor in Handy Diagram™ form.

So do please make a comment or submission about this Data Sharing and Release proposal, by the end of 1 Aug 2018.

Here I shall end another edition of #tljr. Thank you for bothering to read any of it.

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.