Productivity Commission Part Two: A new framework for data sharing and release

Share on twitter
Share on linkedin
Share on facebook

In our earlier article, The Productivity Commission’s proposed comprehensive consumer right to data, we looked at the new consumer right to data proposed in the Productivity Commission (the Commission) recent report on data availability and release. Today, we look at the second plank of the reform proposed by the Commission: The proposed scalable risk framework for data sharing and release.


By Dr. Drew Donnelly, Compliance Quarter. 

Identified deficiencies in the current regulatory framework

Currently, data release is governed by privacy legislation (both at the federal and state levels), as well as a more than 500 secrecy provisions contained in vast array of subject-matter specific legislation. An example of such a secrecy provision is in section 135A of the National Health Act 1953 which prohibits the sharing of any information about individuals gathered under that Act, unless authorised by the Minister.

In the case of privacy legislation, the Privacy Act 1988 (Commonwealth) governs the collection, use and disclosure of personal information in Australia. It applies to all federal government bodies as well as many private businesses and not-for-profits. Among other things, this Act creates an obligation for data holders to deal with data in accordance with privacy principles set out in the Act. These principles identify, for example, the importance of ensuring personal information is collected fairly and lawfully and ensuring that reasonable steps are taken to delete or de-identify personal information when no longer needed.

The Commission argues that, taken together, existing privacy legislation and secrecy provisions have created a culture which is overly-restrictive when it comes to sharing and releasing data. It is not necessarily the letter of the law itself, but the fear of non-compliance which leads bodies to restrict access to data.

The proposed new focus (data sharing)

The Commission argues for statutory reform which would be more enabling of data sharing and release and would no longer treat those activities as necessarily risky. Part of this new approach is captured in the comprehensive consumer right that we discussed in our previous article, but it also includes a new “scalable, risk-based institutional framework to allow integration and sharing or release of Australia’s data” (p169).

In this framework, any risk of data release or misuse would be managed with reference to the nature of the actual data being held or released. For example, access to higher risk, identifying data would be restricted to a group of ‘trusted users’ only. Whereas low-risk data would be widely available and accessible.

The mechanics of the new framework

In order to facilitate this new framework, the proposed statutory reform would include:

  • The establishment of a new federal position known as a ‘National Data Custodian’. The Office of the National Data Custodian would be responsible for providing national guidance on the release of data and would accredit subordinate bodies would be responsible for data release.
  • The creation of a class of Accredited Release Authorities (ARA). This is the name given to those subordinate bodies approved by the National Data Custodian. In general, they are likely to be state and territorial public bodies and would not only provide access datasets, but also facilitate their linking and sharing.
  • The National Data Custodian would lead a process for certain datasets to be identified as ‘National Interest Datasets’. These would be datasets of high value and significant national importance. The National Data Custodian would ensure that the designated ARA makes them widely available.

To see the Productivity Commission’s full report go to

And for further advice on the current rules relating to privacy and data protection feel free to contact us here at Compliance Quarter.

More to explorer

Autumn leaves falling with copy space on black background

Avoiding Compliance Atrophy: The Critical Role of Assurance Reviews for Growing Energy Retailers

As energy retailers expand their customer base and operations, ensuring ongoing compliance with regulatory obligations can become increasingly challenging. A key risk is “compliance atrophy” – where initially compliant documents, processes and systems slowly deteriorate and waste away over time if not regularly monitored and reviewed. What is compliance atrophy? Compliance atrophy is typically a result of documents, processes and systems being ‘updated’ or ‘reworded’ to reflect changes in focus for the business and input from other stakeholders including marketing

person holding debit card

AER payment difficulty framework review

The Australian Energy Regulator (AER) is conducting a review of the consumer protections available under the National Energy Customer Framework (NECF) for those experiencing payment difficulties. On 14 May 2024, the AER released an issues paper for consultation. The review is driven by the commitment in Action 8 of the ‘Towards Energy Equity’ strategy in which the AER committed to considering whether improvements could be made to the NECF to ensure that consumers experiencing payment difficulties are identified early, engaged

Technicians installing photovoltaic solar panels on roof of house.

Compliance Quarter’s Submission to the AER’s Review of the Compliance Procedures and Guidelines

On 11 April 2024, Compliance Quarter put forward its submission on proposed changes to the AER Compliance Procedures and Guidelines. The AER is reviewing its Compliance procedures and guidelines, which set out the manner and form in which energy businesses in jurisdictions that have adopted the National Energy Retail Law must submit compliance information and data to the AER. We argue that there should be consideration of measures to incentivise early reporting of potential breaches. These may, for example, take the

Leave a Reply

Your email address will not be published. Required fields are marked *