Productivity Commission Part Two: A new framework for data sharing and release

Share on twitter
Share on linkedin
Share on facebook

In our earlier article, The Productivity Commission’s proposed comprehensive consumer right to data, we looked at the new consumer right to data proposed in the Productivity Commission (the Commission) recent report on data availability and release. Today, we look at the second plank of the reform proposed by the Commission: The proposed scalable risk framework for data sharing and release.


By Dr. Drew Donnelly, Compliance Quarter. 

Identified deficiencies in the current regulatory framework

Currently, data release is governed by privacy legislation (both at the federal and state levels), as well as a more than 500 secrecy provisions contained in vast array of subject-matter specific legislation. An example of such a secrecy provision is in section 135A of the National Health Act 1953 which prohibits the sharing of any information about individuals gathered under that Act, unless authorised by the Minister.

In the case of privacy legislation, the Privacy Act 1988 (Commonwealth) governs the collection, use and disclosure of personal information in Australia. It applies to all federal government bodies as well as many private businesses and not-for-profits. Among other things, this Act creates an obligation for data holders to deal with data in accordance with privacy principles set out in the Act. These principles identify, for example, the importance of ensuring personal information is collected fairly and lawfully and ensuring that reasonable steps are taken to delete or de-identify personal information when no longer needed.

The Commission argues that, taken together, existing privacy legislation and secrecy provisions have created a culture which is overly-restrictive when it comes to sharing and releasing data. It is not necessarily the letter of the law itself, but the fear of non-compliance which leads bodies to restrict access to data.

The proposed new focus (data sharing)

The Commission argues for statutory reform which would be more enabling of data sharing and release and would no longer treat those activities as necessarily risky. Part of this new approach is captured in the comprehensive consumer right that we discussed in our previous article, but it also includes a new “scalable, risk-based institutional framework to allow integration and sharing or release of Australia’s data” (p169).

In this framework, any risk of data release or misuse would be managed with reference to the nature of the actual data being held or released. For example, access to higher risk, identifying data would be restricted to a group of ‘trusted users’ only. Whereas low-risk data would be widely available and accessible.

The mechanics of the new framework

In order to facilitate this new framework, the proposed statutory reform would include:

  • The establishment of a new federal position known as a ‘National Data Custodian’. The Office of the National Data Custodian would be responsible for providing national guidance on the release of data and would accredit subordinate bodies would be responsible for data release.
  • The creation of a class of Accredited Release Authorities (ARA). This is the name given to those subordinate bodies approved by the National Data Custodian. In general, they are likely to be state and territorial public bodies and would not only provide access datasets, but also facilitate their linking and sharing.
  • The National Data Custodian would lead a process for certain datasets to be identified as ‘National Interest Datasets’. These would be datasets of high value and significant national importance. The National Data Custodian would ensure that the designated ARA makes them widely available.

To see the Productivity Commission’s full report go to

And for further advice on the current rules relating to privacy and data protection feel free to contact us here at Compliance Quarter.

More to explorer

notes on board

How to Manage Multiple Compliance Deadlines: A Case Study

Compliance managers in the energy sector are constantly juggling a large work load with competing deadlines. Managing time effectively is a core skill for compliance managers. In this article, we will present a hypothetical case study of a compliance manager in an energy retailer who has to juggle multiple compliance tasks and deadlines, and how they can use some strategies and tools to manage their workload and prioritise effectively. We will also share some insights and tips from Compliance Quarter,

laptop on table top

How to Avoid Compliance Risks by Effective Communication: A Case Study

Compliance managers in the energy sector face many challenges in ensuring that their businesses comply with the regulatory framework. One of the most common and frustrating situations is when their advice is ignored or overridden by senior management or other stakeholders, exposing the business to potential compliance risks and penalties. In this article, we will present a hypothetical case study of a compliance manager in an energy retailer who faced this scenario and how it affected the business outcomes. We

Contemporary design of multifamily living houses. Modern luxury apartments buildings.

Modernising Electricity Regulation: The AES Framework and Embedded Networks in Western Australia

Background The existing licensing framework overseeing the sale and supply of electricity in Western Australia (WA) has struggled to adapt to the rapid expansion of emerging and atypical electricity business models in recent years. To address this, in 2019, the then Minister for Energy commissioned Energy Policy WA to assess the regulatory framework in Western Australia. In 2020, Energy Policy WA initiated consultations on a proposed regulatory framework for various categories of ‘alternative electricity services’ called the Alternative Electricity Services

Leave a Reply

Your email address will not be published. Required fields are marked *