Wednesday, September 11, 2019

It Seems The Government Might Have Detached Itself From Its Citizens On What Can Reasonably Be Done With Their Personal Data.

This appeared last week:

Consent removed from Australia's proposed data-sharing legislation

The National Data Commissioner won't be able to prevent data from being shared, rather they are tasked with capabilities to 'encourage' data custodians and accredited users to 'safely and respectfully share personal information'.
By Asha Barbaschow | September 3, 2019 -- 02:06 GMT (12:06 AEST) | Topic: Security
The Australian government has released a discussion paper on Australia's Data Sharing and Release Legislative Reforms, tweaking what it proposed last year by removing a fundamental element of privacy -- consent.
The paper [PDF] proposes the Data Sharing and Release legislation not require consent for the sharing of personal information.
"Instead, we are placing the responsibility on Data Custodians and Accredited Users to safely and respectfully share personal information where reasonably required for a legitimate objective," it says.
The paper says that following feedback, the government has "nuanced" its position on consent.

"While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research, and programs can outweigh the benefits of consent, provided privacy is protected," it says. "The Office of the National Data Commissioner will encourage the use of consent where appropriate when applying the Data Sharing Principles, although the legislation will not require it in all circumstances."
According to the government, requiring consent for all data sharing will lead to biased data that delivers the wrong outcomes.
"The Data Sharing and Release legislation is about improving government policy and research by helping government and researchers use a better evidence base. If we required consent, then data would only be shared where consent was given," the paper says.
"This will skew the data which is shared, leaving it unfit for many important purposes in the public benefit; it also runs the risk of leading to flawed policy and research which impacts negatively on society."
This decision to not include consent comes despite the paper saying that many involved in the process supported efforts to progress the public conversation around consent.
The Data Sharing and Release framework has been touted by the government as setting a new direction for how public sector data in Australia is used and reused.
Vastly more here:
There is also coverage here:

Breach notification rules for new government data scheme, but no consent for sharing

Data sharing legislation likely to hit parliament in mid-2020
Rohan Pearce (Computerworld) 03 September, 2019 10:06
New legislation that will enable data collected by public sector agencies to be more easily shared is expected to be accompanied by new rules for data breach notifications, a discussion paper released today by the government said.
The government in May 2018 said it would introduce a new data sharing and release framework as part of a package of reforms sparked by the Productivity Commission’s report on the availability and use of data.
Development of the proposed framework is inspired partly by the UK ‘Five Safes’ principles.
The Office of the National Data Commissioner (ONDC), which was established last year by the government, today released a consultation paper on the development of data sharing and release legislation. The paper states that the ONDC is still considering the kind of data breach scheme that is needed for the new framework.

In February 2018, the Notifiable Data Breaches (NDB) scheme, which is overseen by the Office of the Australian Information Commissioner (OAIC) and covers a range of personal information about individuals, came into effect.
“The Data Sharing and Release legislation requires a different kind of notification scheme for the vast range of data falling outside the Privacy Act 1988 notifications scheme,” the ONDC consultation paper states.
“For example, we are considering options to ensure appropriate protection and notification of breaches involving sensitive data that is not personal information, such as data that is of a legally privileged, commercial-in-confidence, security classified, or environmental nature,” the paper states. “We will continue to engage on what the breach notification scheme may look like in the coming months.”
More here:
Here is the direct link to the discussion paper:
Here is what the Minister says he is up to.

Ministerial Forward.

Whether it is claiming a Medicare rebate, having a passport checked before an overseas trip, lodging a tax return or simply looking at the weather forecast, every day millions of Australians rely on services delivered by the Australian Government.
Australians expect government services to be seamless, easy and fast—just like their normal experience of shopping and banking. This fuels the need for the government to keep pace with the private sector—and aspire to be a market leader—when it comes to delivering services for Australian people and businesses.

The Morrison Government is committed to making it easier and faster for Australians to access the services they need by ensuring people and businesses are at the very heart of service design and delivery.

As the Minister responsible for the National Disability Insurance Scheme and Government Services, I have been talking with people right across Australia about how even the smallest improvement to government services can have a big impact on people’s lives. Improvements such as fewer questions on an aged care form, making it easier to report income online, or even a single, clear point of access—such as an app on your phone—can all have an immediate and lasting positive impact.

We can and will do more for improving people’s experience when dealing with government—and data plays an important role in achieving this goal. The government already holds significant amounts of public data collected as part of our everyday work delivering services to Australians. Government, in many respects, is the custodian of Australia’s data and this data is already being used to inform policy development and the delivery of services—yet much more can be done with this truly national asset.

Through better use and sharing of public data across government, Australians will no longer have to tell us the same basic information over and over again, and we will be able to create a connected and seamless user experience for those accessing government services. Additionally, Australia’s research sector will be able to use public data to improve the development of solutions to public problems and to test which programs are delivering as intended—and which ones are not.

The sharing of public data has incredible potential at both the national level and at the individual level, but it must be done prudently and safely. Maintaining trust with the Australian community is fundamental to realising the full potential of this national asset. That is why the Government will ensure any public data sharing arrangements are underpinned by enhanced safeguards, privacy and security protections. The Australian Government is developing new public sector data sharing and release legislation that will enshrine these protections, along with a clear, consistent and transparent approach to the sharing of public data. It is crucial we get the legislation right—which is why feedback on our approach is so important.
This Discussion Paper acknowledges the feedback and perspectives we have heard so far during the extensive engagement undertaken with privacy experts, researchers, legal experts, businesses and all levels of government over the past 12 months.
I would like to thank all who have worked with us to identify concerns and opportunities, and for providing valuable advice and insights into how public sector data can help solve problems of national and individual significance.
We will continue to engage with you and the broader community as we work our way through the development of the new legislation and how we deliver not just better services, but also a better experience for Australian people and businesses. I encourage you to read the Discussion Paper and generously contribute your time, ideas and feedback so we can ensure we make the most of this important national asset to benefit all Australians.
The Hon Stuart Robert MP
Minister for the National Disability Insurance Scheme
Minister for Government Services
----- End Forward.
Three paragraphs from the full report pretty much summarise the outstanding concerns
p6
Competing views on the benefits and risks of the legislation
There were divergent views on the balance of benefits and risks of sharing and release of public sector data. For example, while understanding the importance of privacy, the research community highlighted the enormous benefits that come from providing them with controlled access to rich and detailed public sector data: developing life-saving research, testing the outcomes of public policy programs and government policies and improving the accuracy of data. On the other hand, privacy stakeholders point to the risks of eroding individuals’ privacy, the importance of protecting the personal information government collects compulsorily, and the expectation that government be accountable and transparent in its data use.
p7
Competing views on consent
There were robust discussions and debate in roundtables about consent. Views ranged widely and often expanded into debates about the role of consent in general (beyond just data sharing) and international developments. The benefits of consent were highlighted: giving individuals control of data and how it is used, as well as greater visibility and transparency. Many participants noted the inherent complexities of consent: what constitutes consent, when does the wider societal benefit outweigh the individual’s right to consent, and whether it is reasonable to place the burden on individuals to read long privacy policies or if the government should regulate to a higher privacy standard.
Particular to our system, many warned that a consent model could create biases in data and result in the allocation of government services to where citizens who had consented rather than to citizens in greatest need. Many supported efforts to progress the public conversation around consent, especially with the rise of different international approaches. In the context of the Data Sharing and Release legislation, we heard that it was important we be clear on how consent is understood and integrated into our scheme to ensure the public is not taken by surprise. Some discussed other schemes that did not use a consent model but were accepted by the public, such as the health research consent waiver in the Privacy Act 1988, and the role of ethics processes in those schemes, including the National Health and Medical Research Council (see Section 4.6 for a longer discussion of consent).
p19
We also acknowledge many datasets should never be released as open data. As more information is released publicly it increases the risks around re-identification of sensitive information by combining multiple datasets. As the risks are heightened, we need to be careful of new releases of data over time. Sharing under the Data Sharing and Release legislation provides a way to use data without losing control, while providing appropriate oversight (see Section 1.2) so the benefits continue to be realised.
---- End Extracts.

For a pretty excited view on how all this might affect the #myhealthrecord you can go here:

https://independentaustralia.net/life/life-display/-the-data-sharing-and-release-act-is-coming-for-your-data,11761
The full discussion paper is well worth a read. To me we have yet to get the balance right here and it is hard not to think some of the positions have been wrought through furious University lobbying without adequate consideration of privacy and consent. It is pretty clear the Government is aware all this may provoke a #myhealthrecord style backlash and is hoping to proceed slowly and carefully to avoid such problems.
What do others think about all this?
David.

3 comments:

  1. Some interesting background and insights into the changing face of statistics, data and the state. The decline in ”experts” in favour of populism a warning across many sectors.
    https://www.theguardian.com/politics/2017/jan/19/crisis-of-statistics-big-data-democracy

    ReplyDelete
  2. Bernard Robertson-DunnSeptember 12, 2019 9:21 AM

    ABC Utopia, last night.

    UIN - a Universal Identification Number - definitely not an ID Card

    "This whole thing is turning into a top-down government controlled data
    grabbing exercise" (20'25")

    https://iview.abc.net.au/show/utopia

    I wonder how many parliamentarians (Reps and Senate) have a MyHR and have uploaded a shared health summary.

    ReplyDelete
  3. This Tender makes a mockery of the ADHA ----- A tender has been issued for the build and maintenance of a National Data Storage and Analytics Solution (NDSAS) that will hold up to 70 terabytes of data from the primary health sector for analysis, including data gathered for the recently launched general practice quality improvement program (PIP QI).

    The federal government has approved $10 million for the new system, with the procurement and trial being handled on behalf of the 31 primary health networks (PHNs) and the federal Department of Health by the Western Australian Primary Health Alliance (WAPHA), which operates the three WA PHNs.

    ReplyDelete