You are here: Cyber Law » Australian Cyber Law Map » Data



  • At present, the regulation of public sector data in Australia (i.e. access to and usage of Australian Government data) is subject to significant reform, as set out in the proposed Data Availability and Transparency Act scheme.
  • For the regulation of data in the private sector, see Consumer Data Right under Consumer Rights.


Data Availability and Transparency Bill 2020 (Cth)

  • The Data Availability and Transparency Bill 2020 authorises and regulates controlled access to and sharing of Australian Government data through a principles-based scheme accompanied by regulations, rules and data codes. Here, 'sharing' means providing controlled access to data, as opposed to open release to public.
  • Key personnel in the scheme:
    • 'National Data Commissioner' is an independent regulator responsible for overseeing the scheme and issuing non-legislative guidelines and data codes.
    • 'Data custodians' are Commonwealth bodies that control public sector data.
    • 'Accredited users' are entities accredited by the Commissioner to access public sector data once certain security, privacy, infrastructure and governance requirements are satisfied.
    • 'Accredited data service providers (ADSPs) are entities accredited by the Commissioner to perform data services such as data integration.
  • ‘Public sector data’ is defined as data lawfully created, collected or held by or on behalf of Commonwealth bodies or data custodians. These data custodians may share such data to ‘accredited users’ either directly or indirectly through an ADSP. Accredited users do not necessarily need to be Commonwealth bodies. An accredited user can be any entity that satisfies the accreditation criteria and that has applied and has been approved by the National Data Commissioner.
  • There are several criteria for accreditation of both accredited users and ADSPs, such as the ability to: manage data accountably and responsibly; apply the data sharing principles; minimise risk of unauthorised access, sharing or loss of data; commit to continuous improvement to ensure privacy and security of the data and comply with obligations under the scheme.
  • The scheme will control the sharing of data in three ways: sharing only for a 'permitted data sharing purpose', sharing only in accordance with the 5 prescribed data sharing principles; and via formalised data sharing agreements.
  • Section 23 of the Bill provides data custodians with limited statutory authority to override other laws which would otherwise prevent sharing, collection, and use of public sector data that are authorised by the scheme. The relationship between the Bill and the Privacy Act 1988 (Cth) - especially Australian Privacy Principle 6: Use or disclosure of personal information - is the subject of ongoing debate.

Regulatory & Policy Framework

Relevant Organisations

Inquiries & Consultations

Industry Materials

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine