Commonwealth of Australia Bills Commonwealth of Australia Bills[Index] [Search] [Download] [Related Items] [Help]
This is a Bill, not an Act. For current law, see the Acts databases.
2019-2020
The Parliament of the
Commonwealth of Australia
HOUSE OF REPRESENTATIVES
Presented and read a first time
Data Availability and Transparency Bill
2020
No. , 2020
(Prime Minister)
A Bill for an Act to authorise the sharing of public
sector data, and for related purposes
No. , 2020
Data Availability and Transparency Bill 2020
i
Contents
Chapter 1--Preliminary
1
Part 1.1--Introduction
1
1
Short title ........................................................................................... 1
2
Commencement ................................................................................. 2
3
Objects ............................................................................................... 2
4
Simplified outline of this Act ............................................................ 2
5
Act binds the Crown .......................................................................... 3
6
Extension to external Territories ....................................................... 4
7
Extraterritorial operation ................................................................... 4
8
Application of this Act ...................................................................... 4
Part 1.2--Definitions
6
9
Definitions ......................................................................................... 6
10
Data definitions ............................................................................... 11
11
Entity definitions ............................................................................. 11
Chapter 2--Authorisations to share data
14
12
Simplified outline of this Chapter .................................................... 14
13
Authorisations to share data............................................................. 15
14
Sharing must be authorised .............................................................. 16
15
Data sharing purposes ...................................................................... 18
16
Data sharing principles .................................................................... 19
17
When sharing is excluded from the data sharing scheme ................ 21
18
Data sharing agreement ................................................................... 24
19
Mandatory terms of data sharing agreement .................................... 24
20
Compliance with mandatory terms of data sharing agreement ........ 27
21
Exit from data sharing scheme of shared or released output ............ 27
22
Other authorisations for data custodians not limited........................ 29
23
Authorisation to share overrides other prohibitions ......................... 29
24
No duty to share but reasons required for not sharing ..................... 29
Chapter 3--Responsibilities of data scheme entities
30
Part 3.1--Introduction
30
25
Simplified outline of this Chapter .................................................... 30
Part 3.2--General responsibilities
31
26
Comply with rules and data codes ................................................... 31
27
Have regard to guidelines ................................................................ 31
ii
Data Availability and Transparency Bill 2020
No. , 2020
28
Privacy coverage ............................................................................. 31
29
Engage ADSP for prescribed data services...................................... 32
30
Comply with conditions of accreditation ......................................... 32
31
Report events and changes in circumstances affecting
accreditation to Commissioner ........................................................ 32
32
Not provide false or misleading information ................................... 33
33
Notify Commissioner in relation to data sharing agreements .......... 33
34
Assist Commissioner as required in preparation of annual
report ............................................................................................... 34
Part 3.3--Data breach responsibilities
35
35
Definition of
data breach
................................................................ 35
36
Take steps to mitigate data breach ................................................... 35
37
Interaction with Part IIIC of the
Privacy Act 1988
(notification of eligible data breaches) ............................................ 36
38
Notify Commissioner of non-personal data breach ......................... 37
Chapter 4--National Data Commissioner and
National Data Advisory Council
39
Part 4.1--Introduction
39
39
Simplified outline of this Chapter .................................................... 39
40
Commissioner to have regard to objects of Act ............................... 39
Part 4.2--National Data Commissioner
40
Division 1--Establishment, functions and powers
40
41
National Data Commissioner ........................................................... 40
42
Functions ......................................................................................... 40
43
Advice related functions .................................................................. 40
44
Guidance related functions .............................................................. 41
45
Regulatory functions ....................................................................... 41
46
Application of finance law .............................................................. 41
47
Staff ................................................................................................. 41
48
Contractors ...................................................................................... 42
49
Consultants ...................................................................................... 42
50
Delegation by Commissioner .......................................................... 42
51
Independence of Commissioner ...................................................... 43
52
Commissioner not to be sued ........................................................... 43
Division 2--Terms and conditions etc.
44
53
Appointment .................................................................................... 44
54
General terms and conditions of appointment ................................. 44
55
Other paid work ............................................................................... 44
No. , 2020
Data Availability and Transparency Bill 2020
iii
56
Remuneration .................................................................................. 44
57
Leave of absence ............................................................................. 45
58
Resignation ...................................................................................... 45
59
Termination of appointment ............................................................ 45
60
Acting appointments ........................................................................ 46
Part 4.3--National Data Advisory Council
47
61
Establishment and function of Council ............................................ 47
62
Membership of Council ................................................................... 47
63
Appointment of members ................................................................ 48
64
Term of appointment ....................................................................... 48
65
Remuneration and allowances ......................................................... 48
66
Leave of absence ............................................................................. 48
67
Disclosure of interests to Minister or Commissioner ....................... 49
68
Disclosure of interests to Council .................................................... 49
69
Resignation of members .................................................................. 49
70
Termination of appointment of members ........................................ 49
71
Other terms and conditions of members .......................................... 50
72
Procedures ....................................................................................... 50
Chapter 5--Regulation and enforcement
51
Part 5.1--Introduction
51
73
Simplified outline of this Chapter .................................................... 51
Part 5.2--Accreditation framework
53
Division 1--Accreditation
53
74
Accreditation ................................................................................... 53
75
Notice of accreditation decision ...................................................... 54
76
Application for accreditation ........................................................... 55
77
Criteria for accreditation .................................................................. 56
Division 2--Conditions of accreditation
57
78
Conditions of accreditation .............................................................. 57
79
Notice before decision about conditions .......................................... 58
80
Notice of conditions ........................................................................ 58
Division 3--Suspension and cancellation of accreditation
60
81
Suspension or cancellation of accreditation ..................................... 60
82
Notice before decision about suspension or cancellation ................. 61
83
Notice of suspension or cancellation ............................................... 63
Division 4--Transfer of accreditation
64
84
Transfer of accreditation .................................................................. 64
iv
Data Availability and Transparency Bill 2020
No. , 2020
85
Notice of transfer decision ............................................................... 64
Division 5--Rules and further information
66
86
Rules relating to the accreditation framework ................................. 66
87
Further information or evidence ...................................................... 66
Part 5.3--Complaints
67
Division 1--Complaints
67
88
Making complaints .......................................................................... 67
89
Respondents..................................................................................... 67
90
Communicating with complainant ................................................... 68
91
Dealing with complaints .................................................................. 68
92
Grounds for not dealing with complaints......................................... 69
93
Admissibility of things said or done in conciliation ........................ 70
Division 2--Representative complaints
71
94
Conditions for making a representative complaint .......................... 71
95
Commissioner may determine that a complaint is not to
continue as a representative complaint ............................................ 71
96
Additional rules applying to the determination of
representative complaints ................................................................ 72
97
Amendment of representative complaints ....................................... 72
98
Class member for representative complaint not entitled to
lodge individual complaint .............................................................. 73
Part 5.4--Assessments and investigations
74
99
Assessments..................................................................................... 74
100
Notices of assessment ...................................................................... 74
101
Investigations................................................................................... 74
102
Determination on completion of investigation................................. 75
103
Notices relating to investigation ...................................................... 76
Part 5.5--Regulatory powers and enforcement
77
104
Power to require information and documents .................................. 77
105
Legal professional privilege ............................................................ 78
106
Limits on power to require information and documents .................. 78
107
Transfer of matters to appropriate authority .................................... 79
108
Authorisation for Commissioner to disclose and receive
information ...................................................................................... 80
109
Monitoring powers .......................................................................... 81
110
Investigation powers ........................................................................ 82
111
Recommendations ........................................................................... 83
112
Directions ........................................................................................ 84
No. , 2020
Data Availability and Transparency Bill 2020
v
113
Civil penalty provisions ................................................................... 84
114
Infringement notices ........................................................................ 85
115
Enforceable undertakings ................................................................ 86
116
Injunctions ....................................................................................... 87
Chapter 6--Other matters
88
Part 6.1--Introduction
88
117
Simplified outline of this Chapter .................................................... 88
Part 6.2--Review of decisions
89
118
Reviewable decisions ...................................................................... 89
119
Applications for reconsideration of decisions made by
delegates of the Commissioner ........................................................ 89
120
Reconsideration by the Commissioner ............................................ 90
121
Deadline for reconsideration............................................................ 90
122
Review by the Administrative Appeals Tribunal ............................. 91
Part 6.3--Treatment of certain entities
92
123
Treatment of Commonwealth bodies, State bodies and
Territory bodies ............................................................................... 92
124
Treatment of partnerships and unincorporated associations ............ 93
125
Treatment of trusts ........................................................................... 94
Part 6.4--Data sharing scheme instruments
96
126
Data codes ....................................................................................... 96
127
Guidelines ........................................................................................ 96
128
Register of ADSPs ........................................................................... 97
129
Register of accredited users ............................................................. 97
130
Register of data sharing agreements ................................................ 98
131
Recognition of external dispute resolution schemes ........................ 99
132
Approved forms ............................................................................... 99
133
Rules .............................................................................................. 100
134
Regulations .................................................................................... 100
Part 6.5--Other matters
101
135
Disclosure of scheme data in relation to
information-gathering powers ....................................................... 101
136
Geographical jurisdiction of civil penalty provisions and
offences ......................................................................................... 101
137
Authorised officers ........................................................................ 104
138
Annual report ................................................................................. 106
139
Charging of fees by Commissioner ............................................... 107
vi
Data Availability and Transparency Bill 2020
No. , 2020
140
Charging of fees by data scheme entities ....................................... 108
141
Commonwealth not liable to pay a fee .......................................... 108
142
Periodic reviews of operation of Act ............................................. 108
No. , 2020
Data Availability and Transparency Bill 2020
1
A Bill for an Act to authorise the sharing of public
1
sector data, and for related purposes
2
The Parliament of Australia enacts:
3
Chapter 1--Preliminary
4
Part 1.1--Introduction
5
6
1 Short title
7
This Act is the
Data Availability and Transparency Act 2020
.
8
Chapter 1
Preliminary
Part 1.1
Introduction
Section 2
2
Data Availability and Transparency Bill 2020
No. , 2020
2 Commencement
1
(1) Each provision of this Act specified in column 1 of the table
2
commences, or is taken to have commenced, in accordance with
3
column 2 of the table. Any other statement in column 2 has effect
4
according to its terms.
5
6
Commencement information
Column 1
Column 2
Column 3
Provisions
Commencement
Date/Details
1. The whole of
this Act
The day after this Act receives the Royal
Assent.
Note:
This table relates only to the provisions of this Act as originally
7
enacted. It will not be amended to deal with any later amendments of
8
this Act.
9
(2) Any information in column 3 of the table is not part of this Act.
10
Information may be inserted in this column, or information in it
11
may be edited, in any published version of this Act.
12
3 Objects
13
The objects of this Act are to:
14
(a) serve the public interest by promoting better availability of
15
public sector data; and
16
(b) enable consistent safeguards for sharing public sector data;
17
and
18
(c) enhance integrity and transparency in sharing public sector
19
data; and
20
(d) build confidence in the use of public sector data; and
21
(e) establish institutional arrangements for sharing public sector
22
data.
23
4 Simplified outline of this Act
24
Data custodians of public sector data may share their data with
25
accredited users in accordance with the controls established by this
26
Preliminary
Chapter 1
Introduction
Part 1.1
Section 5
No. , 2020
Data Availability and Transparency Bill 2020
3
Act. Data custodians may share data with accredited users directly,
1
or indirectly through an ADSP (short for accredited data service
2
provider).
3
Public sector data is defined as data lawfully created, collected or
4
held by or on behalf of Commonwealth bodies. A Commonwealth
5
body that controls such data and has the right to deal with it is the
6
data custodian of the data and, so, authorised to share it in a
7
controlled way.
8
There are corresponding authorisations for accredited entities to
9
collect and use shared data.
10
The National Data Commissioner is the regulator for the data
11
sharing scheme and also has the function of advocating for the
12
sharing and release of public sector data more generally. The
13
Commissioner is assisted by APS employees in the Department
14
and by the advice of the National Data Advisory Council.
15
Entities must be accredited by the Commissioner in order to have
16
public sector data shared with or through them.
17
Data scheme entities (i.e. data custodians and accredited entities)
18
have responsibilities under the Act. Data scheme entities may
19
complain to the Commissioner about breaches of the Act by other
20
data scheme entities. The Commissioner also has powers to require
21
information and to assess, monitor and investigate data scheme
22
entities. A range of enforcement options are available to the
23
Commissioner.
24
5 Act binds the Crown
25
(1) This Act binds the Crown in each of its capacities.
26
(2) However, this Act does not make the Crown liable to be prosecuted
27
for an offence.
28
(3) To avoid doubt, subsection (2) does not prevent the Crown from
29
being liable to pay a pecuniary penalty under a civil penalty order
30
Chapter 1
Preliminary
Part 1.1
Introduction
Section 6
4
Data Availability and Transparency Bill 2020
No. , 2020
under Part 4 of the Regulatory Powers Act, as that Part applies in
1
relation to the civil penalty provisions of this Act.
2
6 Extension to external Territories
3
This Act and the Regulatory Powers Act as it applies in relation to
4
this Act extend to every external Territory.
5
7 Extraterritorial operation
6
(1) This Act, and the Regulatory Powers Act as it applies in relation to
7
this Act, extend to acts, omissions, matters and things outside
8
Australia.
9
Note:
Geographical jurisdiction for civil penalty provisions and offences is
10
dealt with in section 136.
11
(2) This Act, and the Regulatory Powers Act as it applies in relation to
12
this Act, have effect subject to:
13
(a) the obligations of Australia under international law, including
14
obligations under any international agreement binding on
15
Australia; and
16
(b) any law of the Commonwealth giving effect to such an
17
agreement.
18
8 Application of this Act
19
This Act applies in relation to sharing of data in any of the
20
following circumstances:
21
(a) accredited entities with or through which the data is shared
22
are Commonwealth bodies or Territory bodies;
23
(b) the data is shared for a data sharing purpose set out in
24
paragraph 15(1)(a) or (b) and the government concerned is or
25
includes the Commonwealth;
26
(c) the accredited user with which the data is shared is a
27
constitutional corporation and the sharing is for the data
28
sharing purpose set out in paragraph 15(1)(c) (research and
29
development);
30
Preliminary
Chapter 1
Introduction
Part 1.1
Section 8
No. , 2020
Data Availability and Transparency Bill 2020
5
(d) the accredited user with which the data is shared is a foreign
1
person and the sharing is done in accordance with an
2
international agreement binding on Australia;
3
(e) the data is shared with or through accredited entities by
4
means of electronic communication;
5
(f) the sharing is done to enable analysis for statistical purposes;
6
(g) the data shared is statistical information.
7
Chapter 1
Preliminary
Part 1.2
Definitions
Section 9
6
Data Availability and Transparency Bill 2020
No. , 2020
Part 1.2--Definitions
1
2
9 Definitions
3
In this Act:
4
accredited entity
: see subsection 11(4).
5
accredited user
: see subsection 11(4).
6
ADSP
: see subsection 11(4).
7
ADSP-enhanced data
: see subsection 10(3).
8
adverse or qualified security assessment
means an adverse
9
security assessment, or a qualified security assessment, within the
10
meaning of Part IV of the
Australian Security Intelligence
11
Organisation Act 1979
.
12
ancillary contravention
of a civil penalty provision means a
13
contravention that arises out of the operation of section 92 of the
14
Regulatory Powers Act.
15
ancillary offence
has the same meaning as in the
Criminal Code
.
16
APP entity
has the same meaning as in the
Privacy Act 1988
.
17
appointed member
: see paragraph 62(1)(e).
18
approved form
for a provision of this Act, the rules or a data code
19
means a form approved by the Commissioner for the purposes of
20
the provision under section 132.
21
Australia
, when used in a geographical sense, includes the external
22
Territories.
23
Australian aircraft
has the same meaning as in the
Criminal Code
.
24
Australian entity
means any of the following:
25
(a) a Commonwealth body, State body or Territory body;
26
(b) an Australian citizen or a permanent resident of Australia;
27
Preliminary
Chapter 1
Definitions
Part 1.2
Section 9
No. , 2020
Data Availability and Transparency Bill 2020
7
(c) a body corporate incorporated by or under a law of the
1
Commonwealth or a State or Territory;
2
(d) a partnership formed in Australia;
3
(e) a trust created in Australia;
4
(f) an unincorporated association that has its central
5
management or control in Australia.
6
Australian ship
has the same meaning as in the
Criminal Code
.
7
authorised officer
: see section 137.
8
breach
: a data scheme entity
breaches
this Act if the data scheme
9
entity engages in conduct that contravenes, or is inconsistent with,
10
this Act.
11
Circuit Court
means the Federal Circuit Court of Australia or, if
12
the court previously known by that name has been continued in
13
existence as the Federal Circuit and Family Court of Australia
14
(Division 2)--that court as continued in existence.
15
civil penalty provision
has the same meaning as in the Regulatory
16
Powers Act.
17
class member
, in relation to a representative complaint, means any
18
of the data scheme entities on whose behalf the complaint was
19
made, but does not include a data scheme entity that has withdrawn
20
under subsection 96(2).
21
Commissioner
means the National Data Commissioner referred to
22
in section 41.
23
Commonwealth body
means:
24
(a) a Commonwealth entity, or a Commonwealth company,
25
within the meaning of the
Public Governance, Performance
26
and Accountability Act 2013
; or
27
(b) any other person or body that is an agency within the
28
meaning of the
Freedom of Information Act 1982
.
29
constitutional corporation
means a corporation to which
30
paragraph 51(xx) of the Constitution applies.
31
Chapter 1
Preliminary
Part 1.2
Definitions
Section 9
8
Data Availability and Transparency Bill 2020
No. , 2020
Council
means the National Data Advisory Council established by
1
section 61.
2
court/tribunal order
means an order, direction or other instrument
3
made by:
4
(a) a court; or
5
(b) a judge (including a judge acting in a personal capacity) or a
6
person acting as a judge; or
7
(c) a magistrate (including a magistrate acting in a personal
8
capacity) or a person acting as a magistrate; or
9
(d) any other person or body that has the power to act judicially
10
under a law of the Commonwealth or a State or Territory; or
11
(e) a tribunal; or
12
(f) a member or an officer of a tribunal;
13
and includes an order, direction or other instrument that is of an
14
interim or interlocutory nature.
15
data
: see subsection 10(5).
16
data breach
: see section 35.
17
data code
: see subsection 126(1).
18
data custodian
: see subsection 11(2).
19
data scheme entity
: see subsection 11(1).
20
data service
means any operation performed on or in relation to
21
data, at any stage from collection or creation to destruction.
22
data sharing agreement
: see section 18.
23
data sharing purpose
: see subsection 15(1).
24
data sharing scheme
means this Act and the regulations, rules,
25
data codes and guidelines made under it.
26
Defence Department
means the Department administered by the
27
Minister administering the
Defence Act 1903
.
28
Preliminary
Chapter 1
Definitions
Part 1.2
Section 9
No. , 2020
Data Availability and Transparency Bill 2020
9
electronic communication
means a communication of information
1
in any form by means of guided electromagnetic energy, unguided
2
electromagnetic energy or both.
3
enforcement related purpose
: see subsection 15(3).
4
engage in conduct
means:
5
(a) do an act; or
6
(b) omit to do an act.
7
entity
includes the following:
8
(a) an individual;
9
(b) a body corporate;
10
(c) a Commonwealth body;
11
(d) a State body or a Territory body;
12
(e) a body politic;
13
(f) a partnership;
14
(g) an unincorporated association;
15
(h) a trust.
16
excluded entity
: see subsection 11(3).
17
Federal Court
means the Federal Court of Australia.
18
foreign entity
means an entity that is not an Australian entity.
19
guidelines
means guidelines made under section 127.
20
mandatory term
of a data sharing agreement means a term required
21
by section 19.
22
offence against this Act
includes an offence against section 6 of
23
the
Crimes Act 1914
, or Chapter 7 of the
Criminal Code
, that
24
relates to this Act.
25
Note:
Ancillary offences that relate to this Act are also offences against this
26
Act (see section 11.6 of the
Criminal Code
).
27
operational data
means:
28
(a) data about information sources or operational activities or
29
methods available to an agency mentioned in
30
paragraph 17(2)(b); or
31
Chapter 1
Preliminary
Part 1.2
Definitions
Section 9
10
Data Availability and Transparency Bill 2020
No. , 2020
(b) data about particular operations that have been, are being or
1
are proposed to be undertaken by such an agency, or about
2
proceedings relating to those operations.
3
output
: see subsection 10(4).
4
paid work
means work for financial gain or reward (whether as an
5
employee, a self-employed person or otherwise).
6
personal information
has the same meaning as in the
Privacy Act
7
1988
.
8
point
: see subsection 136(9).
9
precluded purpose
: see subsections 15(2) and (4).
10
primary contravention
of a civil penalty provision means a
11
contravention that does not arise out of the operation of section 92
12
of the Regulatory Powers Act.
13
primary offence
has the same meaning as in the
Criminal Code
.
14
public sector data
: see subsection 10(2).
15
regulatory function
means a function set out in section 45.
16
Regulatory Powers Act
means the
Regulatory Powers (Standard
17
Provisions) Act 2014
.
18
release
means provide open access (and does not include share).
19
representative complaint
means a complaint where the persons on
20
whose behalf the complaint was made include persons other than
21
the complainant, but does not include a complaint that the
22
Commissioner has determined should no longer be continued as a
23
representative complaint.
24
responsible individual
: see subsection 124(6).
25
reviewable decision
: see section 118.
26
rules
means rules made under subsection 133(1).
27
scheme data
: see subsection 10(1).
28
Preliminary
Chapter 1
Definitions
Part 1.2
Section 10
No. , 2020
Data Availability and Transparency Bill 2020
11
share
means provide controlled access (and does not include
1
release).
2
State body
means a department or authority of a State.
3
Territory body
means a department or authority of a Territory.
4
10 Data definitions
5
(1)
Scheme data
is:
6
(a) public sector data shared under subsection 13(1); or
7
(b) output of such data, other than output that has exited the data
8
sharing scheme under section 21.
9
(2)
Public sector data
is data lawfully collected, created or held by or
10
on behalf of a Commonwealth body, and includes:
11
(a) ADSP-enhanced data; and
12
(b) output of which a Commonwealth body is declared by a data
13
sharing agreement to be the data custodian.
14
(3)
ADSP-enhanced data
is data that is the result or product of data
15
services performed by an ADSP in relation to public sector data
16
shared with the ADSP by the data custodian of the data under
17
subsection 13(1).
18
(4)
Output
is data that is the result or product of the use, by an
19
accredited user, of public sector data shared with the accredited
20
user under subsection 13(1).
21
(5)
Data
is any information in a form capable of being communicated,
22
analysed or processed (whether by an individual or by computer or
23
other automated means).
24
11 Entity definitions
25
(1) The following are
data scheme entities
:
26
(a) data custodians of public sector data;
27
(b) accredited entities.
28
(2) A Commonwealth body is the
data custodian
of public sector data
29
if:
30
Chapter 1
Preliminary
Part 1.2
Definitions
Section 11
12
Data Availability and Transparency Bill 2020
No. , 2020
(a) the body controls the data; and
1
(b) the body has the right to deal with the data:
2
(i) apart from this Act; or
3
(ii) in accordance with a data sharing agreement that
4
declares or declared the body to be the data custodian of
5
the data; and
6
(c) the body is not an excluded entity.
7
Note:
Data custodians are not authorised by this Act to share data in all
8
circumstances (see subsection 13(1), and in particular
9
paragraph 13(1)(c)).
10
(3) Each of the following is an
excluded entity
:
11
(a) the Australian Commission for Law Enforcement Integrity;
12
(b) the agency known as the Australian Criminal Intelligence
13
Commission established by the
Australian Crime
14
Commission Act 2002
;
15
(c) that part of the Defence Department known as the Australian
16
Geospatial-Intelligence Organisation;
17
(d) the Australian National Audit Office;
18
(e) the Australian Secret Intelligence Service;
19
(f) the Australian Security Intelligence Organisation;
20
(g) the Australian Signals Directorate;
21
(h) that part of the Defence Department known as the Defence
22
Intelligence Organisation;
23
(i) the Inspector-General of Intelligence and Security;
24
(j) the Office of the Commonwealth Ombudsman;
25
(k) the Office of National Intelligence.
26
(4) An entity accredited under section 74 as an:
27
(a) accredited user (an
accredited user
); or
28
(b) ADSP (short for accredited data service provider) (an
29
ADSP
);
30
is an
accredited entity
.
31
Note 1:
Accredited users are able to collect and use shared data (including by
32
creating output they can share with third parties) in accordance with
33
an applicable data sharing agreement. ADSPs are expert
34
intermediaries who can assist data custodians to prepare and share
35
data appropriately.
36
Preliminary
Chapter 1
Definitions
Part 1.2
Section 11
No. , 2020
Data Availability and Transparency Bill 2020
13
Note 2:
Excluded entities cannot be accredited (see subsection 74(1)).
1
Chapter 2
Authorisations to share data
Section 12
14
Data Availability and Transparency Bill 2020
No. , 2020
Chapter 2--Authorisations to share data
1
2
3
12 Simplified outline of this Chapter
4
Data custodians of public sector data may share their data with
5
accredited users in accordance with the controls established by this
6
Chapter. Data custodians may share data with accredited users
7
directly, or indirectly through an ADSP.
8
Broadly, the controls relate to ensuring that sharing is done only
9
for appropriate purposes and consistently with data sharing
10
principles, and that it is done under a data sharing agreement and
11
with the agreement of any other data custodians of that data.
12
Sharing is excluded in certain circumstances (for example, if the
13
sharing would contravene a prescribed law or an agreement).
14
There are corresponding authorisations for accredited entities to
15
collect and use the shared data.
16
For accredited users, the authorisation to use data extends to
17
sharing output with third parties in limited circumstances and if
18
allowed by a data sharing agreement. Output may also be released
19
if allowed by a data sharing agreement and not prevented by any
20
other law. Output shared or released in such circumstances exits
21
(i.e. is no longer covered by) the data sharing scheme.
22
Data scheme entities must comply with the rules and data codes
23
and have regard to the guidelines when sharing data.
24
The authorisation for data custodians to share data overrides other
25
laws that would otherwise be contravened by the sharing, with
26
some exceptions.
27
Data custodians cannot be required to share data under the data
28
sharing scheme.
29
Authorisations to share data
Chapter 2
Section 13
No. , 2020
Data Availability and Transparency Bill 2020
15
13 Authorisations to share data
1
Sharing by or on behalf of data custodian
2
(1) A data custodian of public sector data is authorised to share the
3
data with an accredited user, either directly or through an ADSP,
4
if:
5
(a) the sharing is for a data sharing purpose and not a precluded
6
purpose (see section 15); and
7
(b) the sharing is consistent with the data sharing principles (see
8
section 16); and
9
(c) the sharing is not excluded (see section 17); and
10
(d) the sharing is in accordance with a data sharing agreement
11
(see section 18); and
12
(e) if the data custodian is not the only data custodian of the
13
data--the sharing is authorised in writing by each other data
14
custodian, or by a data custodian authorised in writing by
15
each other data custodian to act on their behalf for the
16
purposes of this section.
17
Note:
The application of this section, along with the other provisions of this
18
Act, is limited by section 8 (application of this Act).
19
(2) Sharing data through an ADSP is authorised only if the
20
requirements of subsection (1) are met in relation to both stages in
21
which sharing through an ADSP occurs. The stages are:
22
(a) the data custodian of public sector data shares the data with
23
the ADSP; and
24
(b) the ADSP shares the data, or ADSP-enhanced data that is
25
public sector data of the data custodian, with the accredited
26
user on behalf of the data custodian.
27
Collection and use by accredited entity
28
(3) An accredited entity is authorised to collect public sector data
29
shared with or through the entity under subsection 13(1), and to use
30
the data and output of the data, if:
31
(a) the collection and use is:
32
Chapter 2
Authorisations to share data
Section 14
16
Data Availability and Transparency Bill 2020
No. , 2020
(i) for the data sharing purpose for which the data was
1
shared with or through the entity and not a precluded
2
purpose (see section 15); and
3
(ii) consistent with the data sharing principles (see
4
section 16); and
5
(iii) in accordance with a data sharing agreement (see
6
section 18); and
7
(iv) not inconsistent with a condition of the entity's
8
accreditation; and
9
(b) the entity's accreditation is not suspended.
10
Note 1:
Sharing and releasing are examples of using data (see also section 21).
11
Note 2:
The application of this section, along with the other provisions of this
12
Act, is limited by section 8 (application of this Act).
13
14 Sharing must be authorised
14
Penalties for unauthorised sharing
15
(1) A person contravenes this subsection if:
16
(a) the person shares data; and
17
(b) the sharing purportedly relies on the authorisation in
18
subsection 13(1); and
19
(c) the sharing is not authorised by that subsection.
20
Note:
See also Part 6.3 (treatment of certain entities).
21
Civil penalty:
300 penalty units.
22
(2) A person commits an offence if:
23
(a) the person shares data; and
24
(b) the sharing purportedly relies on the authorisation in
25
subsection 13(1); and
26
(c) the sharing is not authorised by that subsection and the
27
person is reckless with respect to that circumstance.
28
Note 1:
See also Part 6.3 (treatment of certain entities).
29
Note 2:
Unauthorised access to or modification of data held in a computer
30
may be an offence regardless of whether subsection 13(1) is relied on
31
(see Part 10.7 of the
Criminal Code
(computer offences)).
32
Authorisations to share data
Chapter 2
Section 14
No. , 2020
Data Availability and Transparency Bill 2020
17
Penalty: Imprisonment for 2 years.
1
Penalties for unauthorised collection or use
2
(3) A person contravenes this subsection if:
3
(a) the person:
4
(i) collects data that was shared with or through the person
5
under subsection 13(1); or
6
(ii) uses such data or the output of such data; and
7
(b) the data or output is scheme data; and
8
(c) the collection or use is not authorised by subsection 13(3);
9
and
10
(d) for use--the use is:
11
(i) not a disclosure authorised by subsection 135(1)
12
(disclosure of scheme data in relation to
13
information-gathering powers); and
14
(ii) not a release of output by an accredited user in
15
accordance with the
Freedom of Information Act 1982
.
16
Note:
See also Part 6.3 (treatment of certain entities).
17
Civil penalty:
300 penalty units.
18
(4) A person commits an offence if:
19
(a) the person:
20
(i) collects data that was shared with or through the person
21
under subsection 13(1); or
22
(ii) uses such data or the output of such data; and
23
(b) the data or output is scheme data; and
24
(c) the collection or use is not authorised by subsection 13(3)
25
and the person is reckless with respect to that circumstance;
26
and
27
(d) for use--the use is:
28
(i) not a disclosure authorised by subsection 135(1)
29
(disclosure of scheme data in relation to
30
information-gathering powers); and
31
(ii) not a release of output by an accredited user in
32
accordance with the
Freedom of Information Act 1982
.
33
Chapter 2
Authorisations to share data
Section 15
18
Data Availability and Transparency Bill 2020
No. , 2020
Note:
See also Part 6.3 (treatment of certain entities).
1
Penalty: Imprisonment for 2 years.
2
(5) Subsections (3) and (4) have effect despite any other law of the
3
Commonwealth or a State or Territory, whether enacted before or
4
after the commencement of this Act.
5
(6) To avoid doubt, subsections (3) and (4) have effect regardless of
6
whether a permitted general situation, or a permitted health
7
situation, exists within the meaning of the
Privacy Act 1988
.
8
15 Data sharing purposes
9
Data sharing purposes
10
(1) The following are
data sharing purposes
:
11
(a) delivery of government services;
12
(b) informing government policy and programs;
13
(c) research and development.
14
Note:
In considering whether sharing is for a data sharing purpose, the data
15
scheme entity must comply with the rules and any data codes (see
16
section 26) and have regard to the guidelines (see section 27).
17
Precluded purposes
18
(2) The following are
precluded purposes
:
19
(a) an enforcement related purpose;
20
(b) a purpose that relates to, or prejudices, national security
21
within the meaning of the
National Security Information
22
(Criminal and Civil Proceedings) Act 2004
;
23
(c) a purpose prescribed by the rules for the purposes of this
24
paragraph.
25
(3) An
enforcement related purpose
means any of the following
26
purposes:
27
(a) detecting, investigating, prosecuting or punishing:
28
(i) an offence; or
29
(ii) a contravention of a law punishable by a pecuniary
30
penalty;
31
Authorisations to share data
Chapter 2
Section 16
No. , 2020
Data Availability and Transparency Bill 2020
19
(b) detecting, investigating or addressing acts or practices
1
detrimental to public revenue;
2
(c) detecting, investigating or remedying serious misconduct;
3
(d) conducting surveillance or monitoring, or
4
intelligence-gathering activities;
5
(e) conducting protective or custodial activities;
6
(f) enforcing a law relating to the confiscation of proceeds of
7
crime;
8
(g) preparing for, or conducting, proceedings before a court or
9
tribunal or implementing a court/tribunal order.
10
(4) A purpose is not a
precluded purpose
within the meaning of
11
paragraph (2)(a) or (b) if the purpose is both:
12
(a) a data sharing purpose; and
13
(b) a purpose that:
14
(i) is with respect to matters that relate only in a general
15
way to a purpose mentioned in paragraph (2)(a) or (b);
16
and
17
(ii) does not involve any person undertaking an activity
18
mentioned in a paragraph of subsection (3).
19
16 Data sharing principles
20
Project principle
21
(1) The project principle is that data is shared for an appropriate
22
project or program of work.
23
(2) The project principle includes (but is not limited to) the following
24
elements:
25
(a) the sharing can reasonably be expected to serve the public
26
interest;
27
(b) any applicable processes relating to ethics are observed;
28
(c) any sharing of the personal information of individuals is done
29
with the consent of the individuals, unless it is unreasonable
30
or impracticable to seek their consent;
31
(d) the data custodian considers using an ADSP to perform data
32
services in relation to the sharing.
33
Chapter 2
Authorisations to share data
Section 16
20
Data Availability and Transparency Bill 2020
No. , 2020
People principle
1
(3) The people principle is that data is made available only to
2
appropriate persons.
3
(4) The people principle includes (but is not limited to) the following
4
elements:
5
(a) the entity sharing data considers the accreditation status and
6
history of the entity collecting and using the shared data;
7
(b) data is only shared with people who have attributes,
8
qualifications, affiliations and expertise appropriate to the
9
sharing.
10
Setting principle
11
(5) The setting principle is that data is shared in an appropriately
12
controlled environment.
13
(6) The setting principle includes (but is not limited to) the following
14
elements:
15
(a) the means by which the data is shared are appropriate, having
16
regard to the type and sensitivity of the data, to control the
17
risks of unauthorised use, sharing or release;
18
(b) reasonable security standards are applied when sharing data.
19
Data principle
20
(7) The data principle is that appropriate protections are applied to the
21
data.
22
(8) The data principle includes (but is not limited to) the following
23
elements:
24
(a) only the data reasonably necessary to achieve the applicable
25
data sharing purpose is shared;
26
(b) the sharing of personal information is minimised as far as
27
possible without compromising the data sharing purpose.
28
Outputs principle
29
(9) The outputs principle is that outputs are as agreed.
30
Authorisations to share data
Chapter 2
Section 17
No. , 2020
Data Availability and Transparency Bill 2020
21
(10) The outputs principle includes (but is not limited to) the following
1
elements:
2
(a) the data custodian of the data and the accredited user
3
consider:
4
(i) the nature and intended uses of the outputs of the
5
sharing; and
6
(ii) requirements and procedures for use of the outputs;
7
(b) the outputs contain only the data reasonably necessary to
8
achieve the applicable data sharing purpose.
9
Application of data sharing principles
10
(11) A data scheme entity's sharing of data is not consistent with the
11
data sharing principles set out in this section unless the entity is
12
satisfied that each principle is applied to the sharing in such a way
13
that, when viewed as a whole, the risks associated with the sharing
14
are appropriately mitigated.
15
Note:
The data scheme entities sharing, collecting and using the data must
16
also comply with the rules and any data codes (see section 26) and
17
have regard to the guidelines (see section 27).
18
(12) A reference to sharing in this section includes a reference to
19
collection and use.
20
17 When sharing is excluded from the data sharing scheme
21
When sharing is excluded
22
(1) For the purposes of paragraph 13(1)(c), sharing is excluded if the
23
sharing is excluded under any of the following subsections.
24
Note:
If a sharing of data is excluded under this section, it is not authorised
25
by subsection 13(1).
26
National security and law enforcement etc.
27
(2) The sharing is excluded if:
28
(a) the data shared is held by, or originated with or was received
29
from, an excluded entity; or
30
(b) the data shared is operational data that is held by, or
31
originated with or was received from, any of the following:
32
Chapter 2
Authorisations to share data
Section 17
22
Data Availability and Transparency Bill 2020
No. , 2020
(i) AUSTRAC (within the meaning of the
Anti-Money
1
Laundering and Counter-Terrorism Financing Act
2
2006
);
3
(ii) the Australian Federal Police;
4
(iii) the Department administered by the Minister
5
administering the
Australian Border Force Act 2015
.
6
Contravention or infringement of rights etc.
7
(3) The sharing is excluded if:
8
(a) sharing the data contravenes or infringes:
9
(i) copyright or other intellectual property rights to which
10
the data is subject; or
11
(ii) a contract or agreement to which a data custodian of the
12
data is party; or
13
(iii) a common law duty or privilege; or
14
(iv) a privilege or immunity of a House of the Parliament, a
15
member of a House of the Parliament, or a committee
16
within the meaning of the
Parliamentary Privileges Act
17
1987
; or
18
(b) the data is commercial information and sharing it founds an
19
action by a person (other than the Commonwealth or a
20
Commonwealth body) for breach of confidence.
21
Prescribed by the regulations
22
(4) The sharing is excluded if:
23
(a) any of the following prohibits the data custodian, or any of
24
the persons whose conduct is taken under section 123 to be
25
conduct of the data custodian, from disclosing the data in the
26
circumstances in which the sharing is done:
27
(i) a provision of a law prescribed by the regulations for the
28
purposes of this subparagraph;
29
(ii) an order, direction, certificate or other instrument made
30
by an officer of the Commonwealth (including a
31
Minister) under a provision of a law prescribed by the
32
regulations for the purposes of this subparagraph; or
33
Authorisations to share data
Chapter 2
Section 17
No. , 2020
Data Availability and Transparency Bill 2020
23
(b) the data custodian of the data is prescribed by the regulations
1
as an entity that must not share data in the capacity of data
2
custodian; or
3
(c) any other circumstances prescribed by the regulations for the
4
purposes of this paragraph exist.
5
International matters
6
(5) The sharing is excluded if:
7
(a) sharing the data is inconsistent with:
8
(i) the obligations of Australia under international law,
9
including obligations under any international agreement
10
binding on Australia; or
11
(ii) any law of the Commonwealth giving effect to such an
12
agreement; or
13
(b) unless the foreign government, or agency of the foreign
14
government, has agreed to the sharing--the data was
15
collected from a foreign government, or an agency of a
16
foreign government.
17
Evidence and court/tribunal orders
18
(6) The sharing is excluded if:
19
(a) the data is being held as evidence before a court; or
20
(b) the data was obtained by a tribunal, authority or other person
21
using a power to require the answering of questions or the
22
production of documents and is being held as evidence
23
before the tribunal, authority or other person; or
24
(c) the data:
25
(i) is subject to a court/tribunal order that manages,
26
prohibits or restricts publication or other disclosure of
27
the data; or
28
(ii) relates to the existence or content of such a
29
court/tribunal order and a law of the Commonwealth
30
prohibits or restricts disclosure of that existence or
31
content.
32
Chapter 2
Authorisations to share data
Section 18
24
Data Availability and Transparency Bill 2020
No. , 2020
Accreditation suspended
1
(7) The sharing is excluded if the data is shared with or through an
2
entity whose accreditation is suspended.
3
Commissioner or member of the staff participating
4
(8) The sharing is excluded if the data custodian of the data, or an
5
accredited entity with or through which the data is shared, is the
6
Commissioner or a member of the staff mentioned in section 47.
7
18 Data sharing agreement
8
(1) An agreement is a
data sharing agreement
if:
9
(a) the agreement relates to the sharing of public sector data; and
10
(b) the parties to the agreement include a data custodian of
11
public sector data and an accredited user; and
12
(c) the agreement is entered into, on behalf of each data scheme
13
entity that is party to the agreement, by an authorised officer
14
of the data scheme entity (see section 137); and
15
(d) the agreement is:
16
(i) in an approved form (if any); or
17
(ii) if there is no approved form--in writing; and
18
(e) any requirements specified in a data code are met in relation
19
to the agreement; and
20
(f) the agreement contains the mandatory terms (see section 19).
21
Note 1:
Data scheme entities must also have regard to the guidelines (see
22
section 27) in entering a data sharing agreement.
23
Note 2:
Copies of data sharing agreements, including variations, must be
24
given to the Commissioner (see subsection 33(1)). The mandatory
25
terms of the agreement are included in a publicly available register
26
(see section 130).
27
(2) A data sharing agreement may deal with matters not mentioned in
28
this section.
29
19 Mandatory terms of data sharing agreement
30
(1) The parties to the agreement must be identified in the agreement.
31
Authorisations to share data
Chapter 2
Section 19
No. , 2020
Data Availability and Transparency Bill 2020
25
(2) The agreement must specify that the sharing is to be done under
1
this Act.
2
(3) The agreement must identify the following (the data
covered
by the
3
agreement):
4
(a) the public sector data that the data custodian is to share
5
(including any ADSP-enhanced data an ADSP is to share on
6
behalf of the data custodian);
7
(b) any agreed outputs of the shared data.
8
(4) The agreement must identify:
9
(a) the party that is the data custodian of the data covered by the
10
agreement as mentioned in paragraph (3)(a); and
11
(b) the party that is the data custodian of the data covered by the
12
agreement as mentioned in paragraph (3)(b); and
13
(c) the basis on which the party is the data custodian of the data.
14
Note:
For the purposes of this Act, only Commonwealth bodies are capable
15
of being data custodians of public sector data (see subsection 11(2)).
16
(5) The agreement must identify any law that the sharing would
17
contravene but for section 23 (authorisation to share overrides
18
other prohibitions).
19
(6) The agreement must:
20
(a) identify for which of the data sharing purposes set out in
21
subsection 15(1) the data is to be shared; and
22
(b) prohibit the accredited user from using scheme data covered
23
by the agreement for any purpose other than the data sharing
24
purpose for which it was shared.
25
(7) The agreement must specify how the data sharing principles set out
26
in section 16 are to be applied, including by:
27
(a) describing how the public interest is served by the sharing;
28
and
29
(b) specifying which party is required to take which actions.
30
(8) If the sharing is being done through an ADSP, the agreement must:
31
(a) specify any data services the ADSP is to perform in relation
32
to public sector data shared with the ADSP by the data
33
custodian; and
34
Chapter 2
Authorisations to share data
Section 19
26
Data Availability and Transparency Bill 2020
No. , 2020
(b) do all of the following:
1
(i) specify the circumstances in which the ADSP is to share
2
data covered by the agreement with the accredited user
3
on behalf of the data custodian;
4
(ii) prohibit the ADSP from sharing the data in any other
5
circumstances;
6
(iii) prohibit the ADSP from releasing the data.
7
(9) The agreement:
8
(a) may allow the accredited user to share output that is scheme
9
data covered by the agreement with either or both of the
10
following:
11
(i) the data custodian of the public sector data used to
12
create the output, for the purpose of that data custodian
13
ensuring that the output is as agreed;
14
(ii) a Commonwealth body that is the data custodian of the
15
output; and
16
(b) if it does not--must specify that sharing is not allowed for
17
the purposes of this subsection.
18
(10) The agreement:
19
(a) may allow the accredited user to share output that is scheme
20
data covered by the agreement in specified circumstances
21
that meet the requirements in subsection 21(1); or
22
(b) if it does not--must specify that no circumstances are
23
specified for the purposes of this subsection.
24
Note:
Subsections 14(3) and (4) prohibit accredited users from sharing
25
output in circumstances other than those specified for the purposes of
26
this subsection. However, they do not prohibit a disclosure authorised
27
by subsection 135(1) (disclosure of scheme data in relation to
28
information-gathering powers) (see subsection 14(7)).
29
(11) The agreement:
30
(a) may allow the accredited user to release the output in
31
specified circumstances that meet the requirement set out in
32
subsection 21(3); or
33
(b) if it does not--must specify that no circumstances are
34
specified for the purposes of this subsection.
35
Authorisations to share data
Chapter 2
Section 20
No. , 2020
Data Availability and Transparency Bill 2020
27
Note:
Subsections 14(3) and (4) prohibit accredited users from releasing
1
output in circumstances other than those specified for the purposes of
2
this subsection. However, they do not prohibit the release of output by
3
an accredited user in accordance with the
Freedom of Information Act
4
1982
(see subsection 14(8)).
5
(12) The agreement must set out the actions the parties will take for the
6
purposes of Part 3.3 (data breach responsibilities).
7
(13) The agreement must specify the circumstances in which it may be
8
varied or terminated and how a variation or termination is to be
9
done.
10
(14) The agreement must specify either or both of the following:
11
(a) its duration;
12
(b) the intervals at which the parties must review it.
13
(15) The agreement must provide for how scheme data covered by the
14
agreement is to be dealt with when the agreement ends.
15
(16) The agreement must contain any other terms prescribed by a data
16
code for the purposes of this subsection.
17
20 Compliance with mandatory terms of data sharing agreement
18
A data scheme entity must comply with the mandatory terms of a
19
data sharing agreement to which it is party.
20
Civil penalty:
300 penalty units.
21
21 Exit from data sharing scheme of shared or released output
22
Sharing output for validation etc.
23
(1) For the purposes of subsection 19(9), a data sharing agreement
24
may allow the accredited user to share output in circumstances
25
specified in the agreement, if the circumstances meet the following
26
requirements:
27
(a) before the output is shared, the data custodian of the data
28
used to create the output is satisfied that the sharing will be
29
done in accordance with subsection 13(3);
30
(b) the output is shared:
31
Chapter 2
Authorisations to share data
Section 21
28
Data Availability and Transparency Bill 2020
No. , 2020
(i) with an entity that carries on a business to which the
1
output relates, for the purpose of validating or
2
correcting the output; or
3
(ii) with an individual to whom the output relates, or a
4
responsible person (within the meaning of the
Privacy
5
Act 1988
) for such an individual, for the purpose of
6
validating or correcting the output; or
7
(iii) in circumstances prescribed by the rules.
8
Exit of shared output
9
(2) Output shared by an accredited user in accordance with
10
subsection 13(3) exits the data sharing scheme:
11
(a) if shared for the purpose of validating or correcting the
12
output--at the time the output is validated or corrected by the
13
entity with which it is shared; or
14
(b) if shared in circumstances prescribed by the rules--at the
15
time specified by the rules.
16
Note 1:
If a data sharing agreement specifies circumstances that meet the
17
requirements in subsection (1), sharing of output by the accredited
18
user is an authorised use of the output as long as the sharing is done in
19
the specified circumstances and in accordance with subsection 13(3).
20
Note 2:
Once data exits the data sharing scheme, it ceases to be scheme data
21
(see paragraph 10(1)(b)).
22
Releasing output
23
(3) For the purposes of subsection 19(10), a data sharing agreement
24
may allow the accredited user to release output in circumstances
25
specified in the agreement, if releasing the output in those
26
circumstances does not contravene a law of the Commonwealth or
27
a State or Territory.
28
Exit of released output
29
(4) Output released by an accredited user in accordance with
30
subsection 13(3) exits the data sharing scheme at the time it is
31
released.
32
Note 1:
If a data sharing agreement specifies circumstances that meet the
33
requirement in subsection (3), release of output by the accredited user
34
Authorisations to share data
Chapter 2
Section 22
No. , 2020
Data Availability and Transparency Bill 2020
29
is an authorised use of the output as long as the release is done in the
1
specified circumstances and in accordance with subsection 13(3).
2
Note 2:
Once data exits the data sharing scheme, it ceases to be scheme data
3
(see paragraph 10(1)(b)).
4
(5) Output released by an accredited user under the
Freedom of
5
Information Act 1982
exits the data sharing scheme at the time
6
access to the output is granted under that Act.
7
22 Other authorisations for data custodians not limited
8
The authorisation in subsection 13(1) for a data custodian to share
9
particular data does not limit any other law of the Commonwealth
10
or a State or Territory that authorises the data custodian to share
11
the data.
12
23 Authorisation to share overrides other prohibitions
13
(1) The authorisation in subsection 13(1) has effect despite anything in
14
another law of the Commonwealth, or a law of a State or Territory,
15
that restricts or prohibits disclosure of information.
16
Note:
Subsection 13(1) does not authorise a sharing of data excluded by
17
section 17 (including a sharing prohibited by a provision of a law
18
prescribed by the regulations).
19
(2) The authorisation in subsection 13(3) has effect despite anything in
20
another law of the Commonwealth, or a law of a State or Territory,
21
that restricts or prohibits collection or use of information.
22
(3) Subsections (1) and (2) apply in relation to a law enacted before or
23
after the commencement of this Act.
24
24 No duty to share but reasons required for not sharing
25
(1) This Chapter does not require, or authorise any person to require, a
26
data custodian to share public sector data. However, data
27
custodians should consider reasonable requests for sharing.
28
(2) A data custodian of public sector data must give an accredited user
29
reasons if the data custodian refuses a request by the accredited
30
user to share data.
31
Chapter 3
Responsibilities of data scheme entities
Part 3.1
Introduction
Section 25
30
Data Availability and Transparency Bill 2020
No. , 2020
Chapter 3--Responsibilities of data scheme
1
entities
2
Part 3.1--Introduction
3
4
25 Simplified outline of this Chapter
5
The responsibilities imposed on data scheme entities are mainly set
6
out in this Chapter, although some important responsibilities are set
7
out elsewhere (see especially sections 14 and 20 in Chapter 2).
8
Civil penalties apply in some cases if responsibilities in this
9
Chapter are not met. In any case, the responsibilities may be
10
enforced by use of the Commissioner's other regulatory powers
11
under Part 5.5.
12
Responsibilities of data scheme entities
Chapter 3
General responsibilities
Part 3.2
Section 26
No. , 2020
Data Availability and Transparency Bill 2020
31
Part 3.2--General responsibilities
1
2
26 Comply with rules and data codes
3
A data scheme entity must comply with:
4
(a) the rules; and
5
(b) data codes.
6
27 Have regard to guidelines
7
Data scheme entities must have regard to the guidelines when
8
engaging in conduct for the purposes of this Act.
9
28 Privacy coverage
10
(1) A data scheme entity that is not an APP entity must not engage in
11
an act or practice with respect to personal information for the
12
purposes of this Act unless:
13
(a) the
Privacy Act 1988
applies in relation to the act or practice
14
as if the entity were an organisation within the meaning of
15
that Act; or
16
(b) a law of a State or Territory that provides for all of the
17
following applies in relation to the act or practice:
18
(i) protection of personal information comparable to that
19
provided by the Australian Privacy Principles;
20
(ii) monitoring of compliance with the law;
21
(iii) a means for an individual to seek recourse if the
22
individual's personal information is dealt with in a way
23
contrary to the law.
24
(2) An act or practice engaged in by an accredited entity that is an
25
organisation referred to in paragraphs 7B(2)(a) and (b) of the
26
Privacy Act 1988
is not, despite subsection 7B(2) of that Act,
27
exempt
for the purposes of paragraph 7(1)(ee) of that Act if the act
28
or practice is engaged in with respect to personal information for
29
the purposes of this Act.
30
Chapter 3
Responsibilities of data scheme entities
Part 3.2
General responsibilities
Section 29
32
Data Availability and Transparency Bill 2020
No. , 2020
Note:
Paragraphs 7B(2)(a) and (b) of the
Privacy Act 1988
refer to an
1
organisation that would be a small business operator if it were not a
2
contracted service provider for a Commonwealth contract (within the
3
meaning of the
Privacy Act 1988
).
4
(3) Except as provided by subsection (2) and Part 3.3, nothing in this
5
Act affects the operation of the
Privacy Act 1988
in relation to a
6
data scheme entity that is an APP entity.
7
Note:
Part 3.3 (data breach responsibilities) deals with the relationship
8
between this Act and the requirements of Part IIIC of the
Privacy Act
9
1988
(notification of eligible data breaches).
10
29 Engage ADSP for prescribed data services
11
The data custodian of public sector data that is to be shared under
12
subsection 13(1) must ensure that, if data services prescribed by
13
the rules for the purposes of this section are performed on or in
14
relation to the data, they are performed on behalf of the data
15
custodian by an ADSP.
16
30 Comply with conditions of accreditation
17
An accredited entity must comply with the conditions of the
18
entity's accreditation.
19
Civil penalty:
300 penalty units.
20
31 Report events and changes in circumstances affecting
21
accreditation to Commissioner
22
(1) An accredited entity must notify the Commissioner of any event, or
23
change in circumstance, that affects the entity's accreditation.
24
(2) Subsection (1) does not apply in relation to an event or change in
25
circumstances prescribed by the rules for the purposes of this
26
subsection.
27
Responsibilities of data scheme entities
Chapter 3
General responsibilities
Part 3.2
Section 32
No. , 2020
Data Availability and Transparency Bill 2020
33
32 Not provide false or misleading information
1
(1) A data scheme entity must not, in giving information or a
2
document in compliance or purported compliance with this Act, the
3
rules or a data code, give the Commissioner:
4
(a) information or a document that is false or misleading; or
5
(b) information that omits any matter or thing without which the
6
information is false or misleading.
7
Note:
A data scheme entity that contravenes this subsection might also
8
commit an offence under Division 136 or 137 of the
Criminal Code
.
9
Civil penalty:
300 penalty units.
10
(2) A data scheme entity must not, in giving information or a
11
document for the purposes of entering into or giving effect to a
12
data sharing agreement, give another data scheme entity:
13
(a) information or a document that is false or misleading; or
14
(b) information that omits any matter or thing without which the
15
information is false or misleading.
16
Civil penalty:
300 penalty units.
17
33 Notify Commissioner in relation to data sharing agreements
18
(1) A data custodian that is party to a data sharing agreement must
19
give the Commissioner, in an approved form (if any):
20
(a) an electronic copy of the agreement; and
21
(b) if the agreement is varied--an electronic copy of the
22
variation, or the agreement as varied;
23
no later than 30 days after the day the agreement or variation is
24
made.
25
Note:
The Commissioner must maintain a publicly available register
26
containing the names of parties to each data sharing agreement and the
27
mandatory terms included in the agreement (see section 130).
28
(2) A data custodian that was party to a terminated data sharing
29
agreement must give the Commissioner written notice of the
30
termination of the agreement, no later than 30 days after the
31
termination takes effect.
32
Chapter 3
Responsibilities of data scheme entities
Part 3.2
General responsibilities
Section 34
34
Data Availability and Transparency Bill 2020
No. , 2020
34 Assist Commissioner as required in preparation of annual report
1
(1) A data scheme entity must give the Commissioner any information
2
and assistance the Commissioner reasonably requires in relation to
3
the preparation of the annual report mentioned in section 138.
4
(2) Without limiting subsection (1), a data scheme entity must give the
5
Commissioner information about the matters mentioned in
6
subparagraphs 138(2)(d)(i) and (ii).
7
Note:
Subparagraphs 138(2)(d)(i) and (ii) relate to numbers of requests for
8
data sharing, reasons for agreeing to or refusing requests and numbers
9
of data sharing agreements made.
10
Responsibilities of data scheme entities
Chapter 3
Data breach responsibilities
Part 3.3
Section 35
No. , 2020
Data Availability and Transparency Bill 2020
35
Part 3.3--Data breach responsibilities
1
2
35 Definition of
data breach
3
If:
4
(a) a data scheme entity holds scheme data; and
5
(b) any of the following apply:
6
(i) there is unauthorised access to, or unauthorised sharing
7
or unauthorised release of, the data;
8
(ii) the data is lost in circumstances where there is likely to
9
be unauthorised access to, or unauthorised sharing or
10
unauthorised release of, the data;
11
(iii) an event prescribed by a data code occurs in relation to
12
the data;
13
the access, sharing, release, loss or event is a
data breach
of the
14
data scheme entity.
15
36 Take steps to mitigate data breach
16
(1) If a data scheme entity reasonably suspects or becomes aware that
17
a data breach of the entity has occurred, the entity must take
18
reasonable steps to prevent or reduce any harm resulting from the
19
breach to entities, groups of entities and things to which the data
20
involved in the breach relates.
21
(2) If:
22
(a) a data custodian reasonably suspects or becomes aware that a
23
data breach of an accredited entity has occurred; and
24
(b) the data breach involves scheme data that the data custodian
25
shared with or through the entity, or that is the output of such
26
data;
27
the data custodian must take reasonable steps to prevent or reduce
28
any harm resulting from the breach to entities, groups of entities
29
and things to which the data involved in the breach relates.
30
Chapter 3
Responsibilities of data scheme entities
Part 3.3
Data breach responsibilities
Section 37
36
Data Availability and Transparency Bill 2020
No. , 2020
37 Interaction with Part IIIC of the
Privacy Act 1988
(notification of
1
eligible data breaches)
2
Scope
3
(1) This section applies if:
4
(a) a data custodian of public sector data that is personal
5
information about one or more individuals has shared the
6
personal information with or through an accredited entity
7
under subsection 13(1); and
8
(b) the accredited entity holds the personal information.
9
Deemed holding of personal information by data custodian
10
(2) Part IIIC of the
Privacy Act 1988
(notification of eligible data
11
breaches) has effect as if:
12
(a) the personal information were held by the data custodian; and
13
(b) the data custodian were required under section 15 of that Act
14
not to do an act, or engage in a practice, that breaches
15
Australian Privacy Principle 11.1 in relation to the personal
16
information.
17
Note:
This has the effect that the data custodian has responsibilities under
18
Part IIIC of the
Privacy Act 1988
(notification of eligible data
19
breaches) in relation to the personal information held by the accredited
20
entity.
21
(3) If the accredited entity reasonably suspects or becomes aware that
22
a data breach of the entity has occurred (within the meaning of
23
section 35), the entity must, as soon as practicable, notify the data
24
custodian of the data breach.
25
Note:
This is intended to help the data custodian meet its responsibilities
26
under Part IIIC of the
Privacy Act 1988
, as that Part applies because of
27
subsection (2) of this section.
28
(4) Subsections (2) and (3) do not apply if:
29
(a) the accredited entity is an APP entity that is required under
30
section 15 of the
Privacy Act 1988
not to do an act, or engage
31
in a practice, that breaches Australian Privacy Principle 11.1
32
in relation to the personal information; and
33
Responsibilities of data scheme entities
Chapter 3
Data breach responsibilities
Part 3.3
Section 38
No. , 2020
Data Availability and Transparency Bill 2020
37
(b) the data sharing agreement under which the personal
1
information was shared with the entity provides that
2
subsections (2) and (3) are not to apply in relation to the
3
personal information.
4
Note:
This has the effect that only the entity with which the personal
5
information was shared, and not the data custodian, has
6
responsibilities under Part IIIC of the
Privacy Act 1988
(notification
7
of eligible data breaches) in relation to the personal information held
8
by the entity.
9
Give Commissioner a copy of statement about eligible data breach
10
(5) If a data scheme entity is required under section 26WK of the
11
Privacy Act 1988
to give the Information Commissioner a
12
statement that complies with subsection 26WK(3) of that Act, the
13
entity must give a copy of the statement to the National Data
14
Commissioner as soon as practicable.
15
Meaning of hold
16
(6) A reference in this section to an entity holding personal
17
information is a reference to the entity holding the information
18
within the meaning of the
Privacy Act 1988
.
19
38 Notify Commissioner of non-personal data breach
20
(1) A data scheme entity must notify the Commissioner, in an
21
approved form (if any) and in accordance with any requirements
22
prescribed by a data code, if:
23
(a) the entity reasonably suspects or becomes aware that a data
24
breach of the entity has occurred; and
25
(b) data involved in the breach is not personal information about
26
one or more individuals.
27
Note:
Breaches involving personal information are dealt with under
28
Part IIIC of the
Privacy Act 1988
(see section 37).
29
(2) The entity must notify the Commissioner of the breach:
30
(a) as soon as practicable, if the breach is one that a reasonable
31
person would conclude would be likely to result in serious
32
Chapter 3
Responsibilities of data scheme entities
Part 3.3
Data breach responsibilities
Section 38
38
Data Availability and Transparency Bill 2020
No. , 2020
harm to an entity, a group of entities or a thing to which the
1
data relates (see subsection (3)); and
2
(b) otherwise:
3
(i) in accordance with any time frame applicable under a
4
data code; or
5
(ii) if subparagraph (i) does not apply--as soon as
6
practicable after the end of the financial year in which
7
the breach occurred.
8
(3) In determining for the purposes of paragraph (2)(a) whether a
9
reasonable person would conclude that the breach would, or would
10
not, be likely to result in serious harm to an entity, a group of
11
entities or a thing to which the data involved in the breach relates,
12
have regard to the following:
13
(a) the kind or kinds of data;
14
(b) the sensitivity of the data;
15
(c) whether the data is protected by one or more security
16
measures and, if so, the nature of those measures;
17
(d) the persons, or the kinds of persons, who have obtained, or
18
who could obtain, the data;
19
(e) the nature of the harm;
20
(f) any other relevant matters.
21
National Data Commissioner and National Data Advisory Council
Chapter 4
Introduction
Part 4.1
Section 39
No. , 2020
Data Availability and Transparency Bill 2020
39
Chapter 4--National Data Commissioner and
1
National Data Advisory Council
2
Part 4.1--Introduction
3
4
39 Simplified outline of this Chapter
5
There is to be a National Data Commissioner.
6
The Commissioner is the regulator for the data sharing scheme,
7
and provides advice and guidance about it. The Commissioner also
8
has the function of advocating for the sharing and release of public
9
sector data more generally.
10
The Commissioner is assisted in the performance of these
11
functions by APS employees in the Department who are made
12
available by the Secretary. The Commissioner may also engage
13
contractors and consultants.
14
The Commissioner is also assisted by the advice of the National
15
Data Advisory Council.
16
40 Commissioner to have regard to objects of Act
17
In performing functions, the Commissioner must have regard to the
18
objects of this Act (see section 3).
19
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.2
National Data Commissioner
Division 1
Establishment, functions and powers
Section 41
40
Data Availability and Transparency Bill 2020
No. , 2020
Part 4.2--National Data Commissioner
1
Division 1--Establishment, functions and powers
2
41 National Data Commissioner
3
There is to be a National Data Commissioner.
4
42 Functions
5
(1) The Commissioner has the following functions:
6
(a) the advice related functions set out in section 43;
7
(b) the guidance related functions set out in section 44;
8
(c) the regulatory functions set out in section 45;
9
(d) an advocacy function of promoting understanding and
10
acceptance of:
11
(i) the benefits of, and best practice in, sharing and
12
releasing public sector data; and
13
(ii) safe data handling practices;
14
(e) any other functions conferred on the Commissioner by this
15
Act or the rules or by any other law of the Commonwealth;
16
(f) to do anything incidental or conducive to the performance of
17
any of the above functions.
18
(2) Without limiting how the Commissioner may perform the
19
advocacy function conferred by paragraph (1)(d), the
20
Commissioner may do so by undertaking, developing or supporting
21
educational programs.
22
43 Advice related functions
23
For the purposes of paragraph 42(1)(a), the Commissioner's advice
24
related functions are to do the following, on request by the Minister
25
or on the Commissioner's own initiative:
26
(a) advise on matters relating to the operation of this Act,
27
including Commonwealth laws and changes to
28
Commonwealth laws relating to this Act;
29
National Data Commissioner and National Data Advisory Council
Chapter 4
National Data Commissioner
Part 4.2
Establishment, functions and powers
Division 1
Section 44
No. , 2020
Data Availability and Transparency Bill 2020
41
(b) inform the Minister about actions to be taken by data scheme
1
entities in order to comply with this Act;
2
(c) report and make recommendations to the Minister in relation
3
to this Act, or the need for or desirability of legislative or
4
administration action in relation to this Act.
5
44 Guidance related functions
6
For the purposes of paragraph 42(1)(b), the Commissioner's
7
guidance related functions are to make:
8
(a) data codes under section 126; and
9
(b) guidelines under section 127.
10
45 Regulatory functions
11
For the purposes of paragraph 42(1)(c), the Commissioner's
12
regulatory functions are to regulate and enforce the data sharing
13
scheme by performing the functions and exercising the powers
14
conferred by Chapter 5 (regulation and enforcement), and the
15
Regulatory Powers Act as it applies in relation to this Act.
16
Note:
The Commissioner and members of staff mentioned in section 47
17
cannot participate in sharing under this Act (see subsection 17(8)).
18
46 Application of finance law
19
For the purposes of the finance law (within the meaning of the
20
Public Governance, Performance and Accountability Act 2013
),
21
the Commissioner is an official of the Department.
22
47 Staff
23
(1) The Secretary of the Department must:
24
(a) make available to the Commissioner APS employees in the
25
Department who, in the Commissioner's opinion, have the
26
skills, qualifications or experience necessary to assist the
27
Commissioner to perform the Commissioner's functions and
28
exercise the Commissioner's powers; and
29
(b) do so to the extent the Commissioner reasonably requires.
30
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.2
National Data Commissioner
Division 1
Establishment, functions and powers
Section 48
42
Data Availability and Transparency Bill 2020
No. , 2020
(2) An APS employee made available to assist the Commissioner is
1
subject to the directions of the Commissioner in relation to that
2
assistance. The APS employee remains subject to the directions of
3
the Secretary in relation to other matters.
4
48 Contractors
5
The Commissioner may, on behalf of the Commonwealth, engage
6
persons under a written agreement to assist the Commissioner to
7
perform or exercise the functions or powers of the Commissioner.
8
49 Consultants
9
The Commissioner may, on behalf of the Commonwealth, engage
10
consultants to advise in relation to the performance of the
11
Commissioner's functions.
12
50 Delegation by Commissioner
13
(1) The Commissioner may, in writing, delegate to a member of the
14
staff mentioned in section 47 any or all of the Commissioner's
15
functions or powers under:
16
(a) this Act; or
17
(b) the rules; or
18
(c) the Regulatory Powers Act as it applies in relation to this
19
Act.
20
Note:
Sections 34AA to 34A of the
Acts Interpretation Act 1901
contain
21
provisions relating to delegations.
22
(2) Despite subsection (1), the Commissioner must not delegate:
23
(a) functions or powers under the following provisions:
24
(i) section 112 (directions);
25
(ii) section 126 (data codes);
26
(iii) section 127 (guidelines); or
27
(b) a regulatory function, or a power in relation to a regulatory
28
function, to the extent that the function would be performed,
29
or the power exercised, in relation to the Department or any
30
other agency administered by the Minister.
31
National Data Commissioner and National Data Advisory Council
Chapter 4
National Data Commissioner
Part 4.2
Establishment, functions and powers
Division 1
Section 51
No. , 2020
Data Availability and Transparency Bill 2020
43
(3) In performing functions or exercising powers under the delegation,
1
the delegate must comply with any written directions of the
2
Commissioner.
3
(4) If the Commissioner delegates functions or powers under this
4
section, the Commissioner must make publicly available
5
information about the persons or class of persons to whom the
6
functions or powers are delegated.
7
51 Independence of Commissioner
8
Subject to this Act and other laws of the Commonwealth, the
9
Commissioner has discretion in the performance or exercise of the
10
Commissioner's functions or powers and is not subject to direction
11
by any person in relation to the performance or exercise of those
12
functions or powers.
13
Note:
The Minister may direct the Commissioner to suspend or cancel the
14
accreditation of certain entities (see subsection 81(2)).
15
52 Commissioner not to be sued
16
The Commissioner, and any person acting under the direction or
17
authority of the Commissioner, is not liable to an action, suit or
18
proceeding in relation to an act done or omitted to be done in good
19
faith in the performance or purported performance, or exercise or
20
purported exercise, of a function or power conferred by this Act,
21
the rules or a data code.
22
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.2
National Data Commissioner
Division 2
Terms and conditions etc.
Section 53
44
Data Availability and Transparency Bill 2020
No. , 2020
Division 2--Terms and conditions etc.
1
53 Appointment
2
(1) The Commissioner is to be appointed by the Governor-General by
3
written instrument.
4
Note:
The Commissioner may be reappointed: see section 33AA of the
Acts
5
Interpretation Act 1901
.
6
(2) A person may be appointed as the Commissioner only if the person
7
has appropriate qualifications, skills or experience to perform the
8
functions of the position.
9
54 General terms and conditions of appointment
10
(1) The Commissioner holds office for the period specified in the
11
instrument of appointment. The period must not exceed 5 years.
12
(2) The Commissioner holds office on a full-time basis.
13
(3) The Commissioner holds office on the terms and conditions (if
14
any), in relation to matters not covered by this Act, that are
15
determined by the Governor-General.
16
55 Other paid work
17
The Commissioner must not engage in paid work outside the duties
18
of the office without the Minister's approval.
19
56 Remuneration
20
(1) The Commissioner is to be paid the remuneration that is
21
determined by the Remuneration Tribunal. If no determination of
22
that remuneration by the Tribunal is in operation, the
23
Commissioner is to be paid the remuneration that is prescribed by
24
the rules.
25
(2) The Commissioner is to be paid the allowances that are prescribed
26
by the rules.
27
National Data Commissioner and National Data Advisory Council
Chapter 4
National Data Commissioner
Part 4.2
Terms and conditions etc.
Division 2
Section 57
No. , 2020
Data Availability and Transparency Bill 2020
45
(3) This section has effect subject to the
Remuneration Tribunal Act
1
1973
.
2
57 Leave of absence
3
(1) The Commissioner has the recreation leave entitlements that are
4
determined by the Remuneration Tribunal.
5
(2) The Minister may grant the Commissioner leave of absence, other
6
than recreation leave, on the terms and conditions as to
7
remuneration or otherwise that the Minister determines.
8
58 Resignation
9
(1) The Commissioner may resign the Commissioner's appointment
10
by giving the Governor-General a written resignation.
11
(2) The resignation takes effect on the day it is received by the
12
Governor-General or, if a later day is specified in the resignation,
13
on that later day.
14
59 Termination of appointment
15
The Governor-General may terminate the appointment of the
16
Commissioner:
17
(a) for misbehaviour; or
18
(b) if the Commissioner is unable to perform the duties of the
19
office because of physical or mental incapacity; or
20
(c) if the Commissioner:
21
(i) becomes bankrupt; or
22
(ii) applies to take the benefit of any law for the relief of
23
bankrupt or insolvent debtors; or
24
(iii) compounds with the Commissioner's creditors; or
25
(iv) makes an assignment of the Commissioner's
26
remuneration for the benefit of the Commissioner's
27
creditors; or
28
(d) is absent, except on leave of absence, for 14 consecutive days
29
or for 28 days in any 12 months; or
30
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.2
National Data Commissioner
Division 2
Terms and conditions etc.
Section 60
46
Data Availability and Transparency Bill 2020
No. , 2020
(e) fails, without reasonable excuse, to comply with section 29
1
of the
Public Governance, Performance and Accountability
2
Act 2013
(which deals with the duty to disclose interests) or
3
rules made for the purposes of that section; or
4
(f) engages, except with the Minister's approval, in paid work
5
outside the duties of the office (see section 55).
6
60 Acting appointments
7
(1) The Minister may, by written instrument, appoint a person to act as
8
the Commissioner:
9
(a) during a vacancy in the office of the Commissioner (whether
10
or not an appointment has previously been made to the
11
office); or
12
(b) during any period, or during all periods, when the
13
Commissioner:
14
(i) is absent from duty or from Australia; or
15
(ii) is, for any reason, unable to perform the duties of the
16
office.
17
Note:
For rules that apply to acting appointments, see sections 33AB and
18
33A of the
Acts Interpretation Act 1901
.
19
(2) A person must not be appointed to act as the Commissioner unless
20
the person has appropriate qualifications, skills or experience, as
21
mentioned in subsection 53(2), to be appointed as the
22
Commissioner.
23
National Data Commissioner and National Data Advisory Council
Chapter 4
National Data Advisory Council
Part 4.3
Section 61
No. , 2020
Data Availability and Transparency Bill 2020
47
Part 4.3--National Data Advisory Council
1
2
61 Establishment and function of Council
3
The National Data Advisory Council is established by this section,
4
and has the function of advising the Commissioner on the
5
following matters relating to sharing and use of public sector data:
6
(a) ethics;
7
(b) balancing data availability with privacy protection;
8
(c) trust and transparency;
9
(d) technical best practice;
10
(e) industry and international developments;
11
(f) any other matters.
12
62 Membership of Council
13
Membership
14
(1) The Council consists of the following members:
15
(a) the Commissioner;
16
(b) the Australian Statistician;
17
(c) the Information Commissioner;
18
(d) the Chief Scientist;
19
(e) at least 5, and no more than 8, other members appointed by
20
the Commissioner (the
appointed members
).
21
Chair
22
(2) The Commissioner may:
23
(a) designate himself or herself as the Chair of the Council; or
24
(b) by written instrument, designate an appointed member to be
25
the Chair for the period specified in the instrument.
26
(3) At any time when a Chair is not designated under subsection (2),
27
the Council may, by written instrument, designate a Chair itself
28
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.3
National Data Advisory Council
Section 63
48
Data Availability and Transparency Bill 2020
No. , 2020
from among the appointed members for the period specified in the
1
instrument.
2
(4) A Chair may be designated or appointed for a maximum period of
3
3 years, but may be designated again or appointed again.
4
63 Appointment of members
5
(1) The appointed members are to be appointed by the Commissioner
6
by written instrument, on a part-time basis.
7
(2) The Commissioner must ensure that appointed members are
8
persons with qualifications, skills or experience that will help the
9
Council perform its function.
10
64 Term of appointment
11
An appointed member holds office for the period specified in the
12
instrument of appointment. The period must not exceed 3 years.
13
65 Remuneration and allowances
14
(1) An appointed member is to be paid the remuneration that is
15
determined by the Remuneration Tribunal. If no determination of
16
that remuneration by the Tribunal is in operation, the member is to
17
be paid the remuneration that is prescribed by the rules.
18
(2) An appointed member is to be paid the allowances as are
19
prescribed by the rules.
20
(3) This section has effect subject to the
Remuneration Tribunal Act
21
1973.
22
66 Leave of absence
23
The Commissioner may grant leave of absence to an appointed
24
member on the terms and conditions that the Commissioner
25
determines.
26
National Data Commissioner and National Data Advisory Council
Chapter 4
National Data Advisory Council
Part 4.3
Section 67
No. , 2020
Data Availability and Transparency Bill 2020
49
67 Disclosure of interests to Minister or Commissioner
1
(1) The Commissioner must give written notice to the Minister of all
2
interests, pecuniary or otherwise, that the Commissioner has or
3
acquires and that conflict or could conflict with the proper
4
performance of the Commissioner's role as a member of the
5
Council.
6
(2) A member of the Council other than the Commissioner must give
7
written notice to the Commissioner of all interests, pecuniary or
8
otherwise, that the member has or acquires and that conflict or
9
could conflict with the proper performance of the member's office
10
as a member of the Council.
11
68 Disclosure of interests to Council
12
(1) A member of the Council who has an interest, pecuniary or
13
otherwise, in a matter being considered or about to be considered
14
by the Council must disclose the nature of the interest to a meeting
15
of the Council.
16
(2) The disclosure must be made as soon as possible after the relevant
17
facts have come to the member's knowledge.
18
(3) The disclosure must be recorded in the minutes of the meeting.
19
69 Resignation of members
20
(1) An appointed member may resign as a member by giving the
21
Commissioner a written resignation.
22
(2) The resignation takes effect on the day it is received by the
23
Commissioner or, if a later day is specified in the resignation, on
24
that later day.
25
70 Termination of appointment of members
26
The Commissioner may terminate the appointment of an appointed
27
member:
28
(a) for misbehaviour; or
29
Chapter 4
National Data Commissioner and National Data Advisory Council
Part 4.3
National Data Advisory Council
Section 71
50
Data Availability and Transparency Bill 2020
No. , 2020
(b) if the member is unable to perform the duties of office
1
because of physical or mental incapacity; or
2
(c) if the member:
3
(i) becomes bankrupt; or
4
(ii) applies to take the benefit of any law for the relief of
5
bankrupt or insolvent debtors; or
6
(iii) compounds with the member's creditors; or
7
(iv) makes an assignment of the member's remuneration for
8
the benefit of the member's creditors; or
9
(d) the member is repeatedly absent, except on leave of absence;
10
or
11
(e) if the member's qualifications, skills or experience are no
12
longer relevant to the Council function or the member has
13
ceased to hold a professional role that was relevant to the
14
member's appointment.
15
71 Other terms and conditions of members
16
An appointed member holds office on the terms and conditions (if
17
any), in relation to matters not covered by this Act, that are
18
determined by the Commissioner.
19
72 Procedures
20
(1) The Council is to hold any meetings necessary for the performance
21
of its functions, and must meet at least twice every calendar year.
22
(2) Meetings of the Council may be convened by the Commissioner or
23
by the Chair.
24
(3) Except as mentioned above, the Council is to determine its own
25
procedures.
26
Regulation and enforcement
Chapter 5
Introduction
Part 5.1
Section 73
No. , 2020
Data Availability and Transparency Bill 2020
51
Chapter 5--Regulation and enforcement
1
Part 5.1--Introduction
2
3
73 Simplified outline of this Chapter
4
The Commissioner may accredit entities, impose and vary
5
conditions of accreditation, and suspend or cancel accreditation, in
6
accordance with the accreditation framework.
7
If a data scheme entity breaches this Act, another data scheme
8
entity may complain to the Commissioner. A complaint will
9
ordinarily result in an investigation by the Commissioner, which
10
may in turn lead to enforcement action being taken by the
11
Commissioner against the breaching data scheme entity.
12
The Commissioner may also conduct assessments from time to
13
time to ensure data scheme entities are operating in accordance
14
with the Act. If the Commissioner reasonably suspects a data
15
scheme entity has breached the Act, the Commissioner may
16
investigate the entity regardless of whether a complaint has been
17
made.
18
The Commissioner has power to require persons to give
19
information, and has monitoring and investigation powers in
20
relation to certain provisions of this Act. The Commissioner may
21
transfer matters to a more appropriate agency, which could include
22
the police if an offence is involved.
23
There are a range of enforcement options available to the
24
Commissioner, as follows:
25
(a)
making recommendations to a data scheme entity;
26
(b)
giving directions if satisfied a data scheme entity has
27
breached the Act or in emergency situations;
28
(c)
issuing an infringement notice, or applying to a court for
29
a pecuniary penalty order, if a data scheme entity
30
contravenes a civil penalty provision;
31
Chapter 5
Regulation and enforcement
Part 5.1
Introduction
Section 73
52
Data Availability and Transparency Bill 2020
No. , 2020
(d)
accepting an enforceable undertaking in relation to any
1
aspect of this Act;
2
(e)
applying to a court for an injunction if a data scheme
3
entity has contravened, or is contravening or proposing
4
to contravene, a civil penalty provision.
5
The provisions continue to apply in relation to former data scheme
6
entities as set out in the Chapter.
7
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Accreditation
Division 1
Section 74
No. , 2020
Data Availability and Transparency Bill 2020
53
Part 5.2--Accreditation framework
1
Division 1--Accreditation
2
74 Accreditation
3
Accreditation as an ADSP
4
(1) The Commissioner may accredit an entity as an ADSP if:
5
(a) the entity applies for accreditation as an ADSP under
6
section 76; and
7
(b) the Commissioner is satisfied the entity meets the criteria for
8
accreditation under section 77.
9
Note:
The Commissioner must give written notice of a decision under this
10
subsection (see section 75).
11
Accreditation as an accredited user--most entities
12
(2) The Commissioner may accredit an entity as an accredited user if:
13
(a) the entity applies for accreditation as an accredited user under
14
section 76; and
15
(b) the Commissioner is satisfied the entity meets the criteria for
16
accreditation under section 77.
17
Note:
The Commissioner must give written notice of a decision under this
18
subsection (see section 75).
19
Accreditation as an accredited user--certain Commonwealth
20
bodies
21
(3) The Commissioner must accredit an entity as an accredited user if:
22
(a) the entity is:
23
(i) a non-corporate Commonwealth entity (within the
24
meaning of the
Public Governance, Performance and
25
Accountability Act 2013
); or
26
(ii) a Commonwealth body prescribed by the rules for the
27
purposes of this subparagraph; and
28
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 1
Accreditation
Section 75
54
Data Availability and Transparency Bill 2020
No. , 2020
(b) the entity applies for accreditation as an accredited user under
1
section 76.
2
Note:
The Commissioner must give written notice of a decision under this
3
subsection (see section 75).
4
(4) Before making rules to prescribe a Commonwealth body for the
5
purposes of subparagraph (3)(a)(ii), the Minister must be satisfied
6
that the entity meets the criteria for accreditation in section 77.
7
No accreditation of certain entities
8
(5) Despite subsections (1) to (3), the Commissioner must not accredit
9
an excluded entity, or an entity for which a direction under
10
subsection 81(2) is in force, as an ADSP or as an accredited user.
11
Note:
The Minister may direct the Commissioner to suspend or cancel the
12
accreditation of certain entities (see subsection 81(2)).
13
General provisions relating to accreditation
14
(6) An accredited entity continues to be an accredited entity (including
15
while its accreditation is suspended) until its accreditation is
16
cancelled.
17
(7) Accreditation is granted on the basis that:
18
(a) the accreditation may be suspended or cancelled under
19
section 81; and
20
(b) conditions of accreditation may be imposed, varied or
21
removed under subsections 78(1) and (3); and
22
(c) the accreditation may be cancelled, revoked, terminated or
23
varied, and conditions of accreditation may be imposed,
24
varied or removed, by or under later legislation; and
25
(d) no compensation is payable in any of those events.
26
75 Notice of accreditation decision
27
(1) The Commissioner must give an entity written notice of a decision:
28
(a) to accredit, or refuse to accredit, the entity under
29
subsection 74(1) or (2); or
30
(b) to accredit the entity under subsection 74(3).
31
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Accreditation
Division 1
Section 76
No. , 2020
Data Availability and Transparency Bill 2020
55
(2) The Commissioner must give the notice as soon as practicable after
1
making the decision.
2
(3) If the Commissioner accredits the entity, the notice must set out the
3
following:
4
(a) whether the entity is accredited as an accredited user or
5
ADSP, or both;
6
(b) the day the accreditation comes into force;
7
(c) any conditions of accreditation imposed under section 78;
8
(d) the entity's review rights under Part 6.2 (if any).
9
Note:
A decision to impose conditions of accreditation for reasons of
10
security (within the meaning of the
Australian Security Intelligence
11
Organisation Act 1979
) is not always a reviewable decision (see
12
paragraph 118(2)(a)).
13
(4) If the Commissioner refuses to accredit the entity, the notice must
14
set out the following:
15
(a) the reason for the refusal;
16
(b) the entity's review rights under Part 6.2 (if any).
17
Note:
A decision to refuse to accredit an entity for reasons of security within
18
the meaning of the
Australian Security Intelligence Organisation Act
19
1979
is not always a reviewable decision (see paragraph 118(2)(a)).
20
76 Application for accreditation
21
(1) An entity may apply to the Commissioner for accreditation as an
22
accredited user or an ADSP, or both.
23
Note:
Excluded entities and entities for which a direction under
24
subsection 81(2) is in force cannot be accredited (see
25
subsection 74(5)).
26
(2) The application must:
27
(a) if the entity is not an individual--be made by an authorised
28
officer on behalf of the entity; and
29
(b) be in the form approved by the Commissioner (if any); and
30
(c) include the evidence prescribed by the rules to support the
31
criteria for accreditation; and
32
(d) include consent for the Commissioner to:
33
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 1
Accreditation
Section 77
56
Data Availability and Transparency Bill 2020
No. , 2020
(i) obtain information relevant to the entity's application
1
for accreditation from third parties; and
2
(ii) verify information provided by the entity with third
3
parties.
4
(3) However, an entity to which subsection 74(3) applies need not
5
provide the information set out in paragraph (2)(c) or (d).
6
Note:
Subsection 74(3) applies to certain Commonwealth bodies in certain
7
circumstances.
8
77 Criteria for accreditation
9
(1) The criteria for accreditation are the following:
10
(a) the entity is able to manage scheme data accountably and
11
responsibly;
12
(b) the entity has designated an appropriately qualified
13
individual to be responsible for overseeing the management
14
of scheme data;
15
(c) the entity is able to apply the data sharing principles set out
16
in section 16;
17
(d) the entity is able to minimise the risk of unauthorised access,
18
sharing or loss of scheme data;
19
(e) the entity is committed to continuous improvement in
20
ensuring the privacy and security of scheme data;
21
(f) the entity is able to comply with an accredited entity's
22
obligations under the data sharing scheme;
23
(g) the entity's participation in the data sharing scheme would
24
not pose concerns for reasons of security (within the meaning
25
of the
Australian Security Intelligence Organisation Act
26
1979
);
27
(h) any additional criteria prescribed under subsection (2).
28
(2) The rules may provide for additional criteria for accreditation
29
covering any other matters the Minister considers appropriate.
30
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Conditions of accreditation
Division 2
Section 78
No. , 2020
Data Availability and Transparency Bill 2020
57
Division 2--Conditions of accreditation
1
78 Conditions of accreditation
2
(1) The Commissioner may impose conditions of accreditation that
3
apply to an accredited entity if the Commissioner considers that
4
doing so is:
5
(a) appropriate for reasons of security (within the meaning of the
6
Australian Security Intelligence Organisation Act 1979
),
7
including on the basis of an adverse or qualified security
8
assessment in respect of a person; or
9
(b) otherwise reasonable and appropriate in the circumstances.
10
Note 1:
Failure to comply with a condition of accreditation is a contravention
11
of a civil penalty provision (see section 30). Such a failure may also
12
mean an accredited entity is not authorised to collect and use scheme
13
data (see subparagraph 13(3)(a)(iv)).
14
Note 2:
The Commissioner may publish the imposition of a condition of
15
accreditation on the register of ADSPs or the register of accredited
16
users (see sections 128 and 129).
17
(2) Conditions that may be imposed under subsection (1) include the
18
following conditions:
19
(a) a condition that limits the collection and use of scheme data
20
to a specified individual or specified individuals who are
21
authorised officers, statutory officeholders, employees,
22
agents or members of, or contractors to, the entity;
23
(b) a condition that limits the collection and use of scheme data
24
to authorised officers, statutory officeholders, employees,
25
agents or members of, or contractors to, the entity who work
26
within, or are associated with, a specified part of the entity;
27
(c) if the accredited entity is required to provide evidence to
28
support the criteria for accreditation under
29
subsection 76(2)--a condition that requires the entity to
30
provide updated evidence to support the criteria for
31
accreditation at specified intervals;
32
(d) if the accredited entity is an ADSP--a condition that limits
33
the kinds of data services the ADSP may provide, as
34
prescribed by the rules (if any).
35
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 2
Conditions of accreditation
Section 79
58
Data Availability and Transparency Bill 2020
No. , 2020
(3) The Commissioner may vary or remove a condition of
1
accreditation at any time if the Commissioner considers that doing
2
so is:
3
(a) appropriate for reasons of security (within the meaning of the
4
Australian Security Intelligence Organisation Act 1979
),
5
including on the basis of an adverse or qualified security
6
assessment in respect of a person; or
7
(b) otherwise appropriate in the circumstances.
8
Note
The Commissioner may publish the variation or removal of a
9
condition of accreditation on the register of ADSPs or the register of
10
accredited users (see sections 128 and 129).
11
79 Notice before decision about conditions
12
(1) The Commissioner must not impose, vary or remove a condition of
13
accreditation under section 78, other than for reasons of security,
14
unless the Commissioner has given the accredited entity a written
15
notice in accordance with subsection (2).
16
(2) The notice must:
17
(a) state the proposed condition, variation or removal; and
18
(b) request the accredited entity to give the Commissioner,
19
within the period specified in the notice, a written statement
20
relating to the proposed condition, variation or removal.
21
(3) The Commissioner must consider any written statement given to
22
the Commissioner within the period specified in the notice before
23
making a decision to impose, vary or remove a condition of
24
accreditation under section 78.
25
(4) A notice under subsection (2) is not required to include the request
26
referred to in paragraph (2)(b) if the Commissioner reasonably
27
believes that the reasons for imposing, varying or removing a
28
condition of accreditation under section 78 are serious and urgent.
29
80 Notice of conditions
30
(1) Subject to subsection (2), the Commissioner must give an
31
accredited entity written notice of a decision under section 78.
32
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Conditions of accreditation
Division 2
Section 80
No. , 2020
Data Availability and Transparency Bill 2020
59
(2) The Commissioner is not required to give an accredited entity
1
notice of a decision under subsection (1) if the Commissioner gave
2
the entity notice of the condition in a notice under
3
subsection 75(1).
4
(3) The Commissioner must give the notice as soon as practicable after
5
making the decision.
6
(4) The notice must:
7
(a) state the condition or the variation, or state that the condition
8
is removed;
9
(b) state the day on which the condition, variation or removal
10
takes effect;
11
(c) include a statement setting out the entity's review rights
12
under Part 6.2 (if any).
13
Note:
A decision to impose, vary or remove a condition of an accredited
14
entity's accreditation for reasons of security within the meaning of the
15
Australian Security Intelligence Organisation Act 1979
is not always a
16
reviewable decision (see paragraph 118(2)(a)).
17
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 3
Suspension and cancellation of accreditation
Section 81
60
Data Availability and Transparency Bill 2020
No. , 2020
Division 3--Suspension and cancellation of accreditation
1
81 Suspension or cancellation of accreditation
2
Suspension or cancellation--most entities
3
(1) The Commissioner may suspend or cancel the accreditation of an
4
entity accredited under subsection 74(1) or (2) if any of the
5
following circumstances exist:
6
(a) the Commissioner reasonably believes that the entity has
7
breached a condition of accreditation;
8
(b) the Commissioner is reasonably satisfied that the entity does
9
not meet the criteria for accreditation under section 77;
10
(c) the Commissioner reasonably believes that the entity has
11
provided false or misleading information to the
12
Commissioner;
13
(d) the Commissioner:
14
(i) for suspension--reasonably believes that the accredited
15
entity has breached the Act; or
16
(ii) for cancellation--determines under subsection 102(1)
17
that the accredited entity has breached the Act;
18
(e) the Commissioner determines it is in the national interest;
19
(f) for reasons of security (within the meaning of the
Australian
20
Security Intelligence Organisation Act 1979
), including on
21
the basis of an adverse or qualified security assessment in
22
respect of a person.
23
Note:
An accredited entity continues to be an accredited entity (including
24
while its accreditation is suspended) until its accreditation is cancelled
25
(see subsection 74(6)).
26
Suspension or cancellation--certain Commonwealth bodies
27
(2) If the Minister considers it appropriate, the Minister may, in
28
writing, direct the Commissioner to suspend or cancel the
29
accreditation of an entity accredited under subsection 74(3). The
30
direction may specify:
31
(a) the period of suspension, or that suspension is indefinite; or
32
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Suspension and cancellation of accreditation
Division 3
Section 82
No. , 2020
Data Availability and Transparency Bill 2020
61
(b) the date of cancellation.
1
(3) If the Minister directs the Commissioner under subsection (2), the
2
Commissioner must suspend or cancel the accreditation of the
3
entity in accordance with the direction.
4
(4) The direction remains in force until revoked by the Minister. The
5
Minister must notify the Commissioner and the entity if the
6
Minister revokes the direction.
7
Note:
The entity cannot be accredited again while the direction remains in
8
force (see subsection 74(5)).
9
(5) A direction given under subsection (2) is not a legislative
10
instrument.
11
Cancellation on request
12
(6) The Commissioner may cancel the accreditation of any accredited
13
entity at the request of the entity.
14
Circumstances in which cancellation does not take effect
15
(7) Unless the Commissioner otherwise determines, a decision to
16
cancel an entity's accreditation does not take effect if the entity has
17
not complied with a direction given by the Commissioner under
18
paragraph 112(1)(a) (direction for the purposes of ensuring that the
19
entity does not hold scheme data after the cancellation).
20
82 Notice before decision about suspension or cancellation
21
Notice--most entities
22
(1) The Commissioner must not suspend or cancel an accredited
23
entity's accreditation under subsection 81(1), other than for reasons
24
of security, unless the Commissioner has given the accredited
25
entity a written notice in accordance with subsection (2) of this
26
section.
27
(2) The notice must:
28
(a) state the circumstance that exists for the proposed suspension
29
or cancellation under subsection 81(1); and
30
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 3
Suspension and cancellation of accreditation
Section 82
62
Data Availability and Transparency Bill 2020
No. , 2020
(b) state:
1
(i) if suspension is proposed--the period of suspension, or
2
that the proposed suspension is indefinite; or
3
(ii) if cancellation is proposed--the date proposed for the
4
cancellation to take effect; and
5
(c) request the accredited entity to give the Commissioner,
6
within the period specified in the notice, a written statement
7
showing cause why the accreditation should not be
8
suspended or cancelled.
9
(3) The Commissioner must consider any written statement given to
10
the Commissioner within the period specified in the notice before
11
making a decision under subsection 81(1).
12
(4) A notice under subsection (2) is not required to include the request
13
referred to in paragraph (2)(c) if the Commissioner reasonably
14
believes that the reasons for making a decision under
15
subsection 81(1) are serious and urgent.
16
Notice--certain Commonwealth bodies
17
(5) The Minister must not give a direction to the Commissioner under
18
subsection 81(2), other than for reasons of security, unless the
19
Minister has given the accredited entity the subject of the direction
20
a written notice in accordance with subsection (6).
21
(6) The notice must:
22
(a) state why the Minister is considering giving a direction under
23
subsection 81(2) in relation to the entity; and
24
(b) state:
25
(i) if suspension is proposed--the period of suspension, or
26
that the proposed suspension is indefinite; or
27
(ii) if cancellation is proposed--the date proposed for the
28
cancellation to take effect; and
29
(c) request the accredited entity to give the Minister, within the
30
period specified in the notice, a written statement showing
31
cause why the Minister should not give the Commissioner
32
the direction.
33
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Suspension and cancellation of accreditation
Division 3
Section 83
No. , 2020
Data Availability and Transparency Bill 2020
63
(7) The Minister must consider any written statement given to the
1
Minister within the period specified in the notice before giving the
2
Commissioner a direction under subsection 81(2).
3
(8) A notice under subsection (6) is not required to include the request
4
referred to in paragraph (6)(c) if the Minister reasonably believes
5
that the reasons for giving the Commissioner the direction are
6
serious and urgent.
7
83 Notice of suspension or cancellation
8
(1) The Commissioner must give an accredited entity written notice of
9
a decision under subsection 81(1) or (3) to suspend or cancel the
10
entity's accreditation in accordance with subsection (3) of this
11
section.
12
(2) The Commissioner must give the notice as soon as practicable after
13
making the decision.
14
(3) The notice must state the following:
15
(a) if accreditation is suspended or cancelled under
16
subsection 81(1)--the circumstance that exists for the
17
suspension or cancellation under subsection 81(1);
18
(b) if accreditation is suspended or cancelled under
19
subsection 81(3)--that the Minister has directed the
20
Commissioner to suspend or cancel accreditation;
21
(c) if accreditation is suspended--the period of suspension or
22
that the suspension is indefinite;
23
(d) if accreditation is cancelled--the date the cancellation takes
24
effect, including the effect of subsection 81(7) if relevant;
25
(e) the entity's review rights (if any) under Part 6.2.
26
Note 1:
The effect of subsection 81(7) is that a cancellation decision does not
27
usually take effect if an accredited entity has not complied with a
28
direction given by the Commissioner under paragraph 112(1)(a)
29
(direction for the purposes of ensuring that the entity does not hold
30
scheme data after the cancellation).
31
Note 2:
A decision to suspend or cancel an accredited entity's accreditation for
32
reasons of security within the meaning of the
Australian Security
33
Intelligence Organisation Act 1979
is not always a reviewable
34
decision (see paragraph 118(2)(a)).
35
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 4
Transfer of accreditation
Section 84
64
Data Availability and Transparency Bill 2020
No. , 2020
Division 4--Transfer of accreditation
1
84 Transfer of accreditation
2
(1) This section applies if an accredited entity (the
old entity
)
changes,
3
or proposes to change, its governance structure to become a new or
4
different entity (the
new entity
).
5
Example 1: This section would apply if an accredited entity which is a partnership
6
becomes, or proposes to become, a company.
7
Example 2: This section would also apply if an accredited entity which is a
8
company becomes, or proposes to become, a new company.
9
(2) The old entity or the new entity (the
applicant
)
may apply to the
10
Commissioner to transfer the old entity's accreditation to the new
11
entity.
12
(3) The application must be in the form approved by the
13
Commissioner (if any), and must be accompanied by any
14
information required by the Commissioner.
15
(4) The Commissioner may transfer accreditation if the Commissioner
16
considers that the new entity will continue to meet:
17
(a) the criteria for accreditation under section 77; and
18
(b) any conditions of accreditation that apply to the old entity.
19
85 Notice of transfer decision
20
(1) The Commissioner must give the applicant referred to in
21
subsection 84(2) written notice of a decision to transfer or refuse to
22
transfer accreditation under subsection 84(4).
23
(2) The Commissioner must give the notice as soon as practicable after
24
making the decision.
25
(3) The notice must state:
26
(a) if the transfer is approved--the date the transfer takes effect;
27
or
28
(b) if the transfer is refused:
29
(i) why the transfer is refused; and
30
Regulation and enforcement
Chapter 5
Accreditation framework
Part 5.2
Transfer of accreditation
Division 4
Section 85
No. , 2020
Data Availability and Transparency Bill 2020
65
(ii) the applicant's review rights under Part 6.2.
1
Chapter 5
Regulation and enforcement
Part 5.2
Accreditation framework
Division 5
Rules and further information
Section 86
66
Data Availability and Transparency Bill 2020
No. , 2020
Division 5--Rules and further information
1
86 Rules relating to the accreditation framework
2
The rules may provide for procedures, requirements and any other
3
matters relating to the accreditation of entities for the purposes of
4
the data sharing scheme.
5
Note:
The rules may prescribe fees in relation to services provided under the
6
accreditation framework (see section 139).
7
87 Further information or evidence
8
(1) The Commissioner may, by notice in writing, request further
9
information or evidence from an entity for the purpose of making a
10
decision under this Part, including information or evidence
11
prescribed by the rules.
12
(2) If the Commissioner requests information or evidence under
13
subsection (1), the Commissioner need not make the decision
14
under this Part until the entity provides the information or
15
evidence.
16
Regulation and enforcement
Chapter 5
Complaints
Part 5.3
Complaints
Division 1
Section 88
No. , 2020
Data Availability and Transparency Bill 2020
67
Part 5.3--Complaints
1
Division 1--Complaints
2
88 Making complaints
3
(1) A data scheme entity may complain to the Commissioner if the
4
complainant reasonably believes that another entity breached this
5
Act while the other entity was a data scheme entity.
6
(2) An entity that ceased to be a data scheme entity no more than 12
7
months earlier may also complain to the Commissioner if the
8
complainant has the reasonable belief mentioned in subsection (1).
9
(3) A complaint must:
10
(a) specify the respondent (see section 89); and
11
(b) be made in an approved form (if any); and
12
(c) meet any requirements prescribed by a data code.
13
(4) This section has effect subject to section 94 in relation to a
14
representative complaint (see Division 2 of this Part).
15
89 Respondents
16
(1) If the complaint is about an entity that is a Commonwealth body,
17
the respondent is whichever of the following applies:
18
(a) if the Commonwealth body is a body corporate or an
19
individual--the Commonwealth body;
20
(b) if the Commonwealth body is unincorporated--the principal
21
executive of the Commonwealth body within the meaning of
22
section 37 of the
Privacy Act 1988
.
23
(2) If the complaint is about an entity that is not a Commonwealth
24
body, the respondent is the entity.
25
Note:
See sections 124 and 125 for the treatment of certain entities that are
26
not legal persons.
27
Chapter 5
Regulation and enforcement
Part 5.3
Complaints
Division 1
Complaints
Section 90
68
Data Availability and Transparency Bill 2020
No. , 2020
90 Communicating with complainant
1
(1) The Commissioner must, no later than 30 days after receiving a
2
complaint, give the complainant written notice setting out how the
3
Commissioner is dealing with, or intends to deal with, the
4
complaint.
5
(2) The Commissioner may, by written notice given to the
6
complainant, request the complainant to give the Commissioner,
7
within the period specified in the notice, further information in
8
connection with the complaint.
9
(3) If the Commissioner makes a request under subsection (2):
10
(a) the Commissioner need not take any further action in relation
11
to the complaint until the complainant complies with the
12
request; and
13
(b) if the request is made before the end of the 30 day period
14
mentioned in subsection (1)--the 30 day period mentioned in
15
that subsection is taken to start on the day the complainant
16
complies with the request.
17
(4) The Commissioner does not need to comply with subsection (1) of
18
this section if the Commissioner gives the complainant a notice
19
under subsection 92(2) (grounds for not dealing with complaints)
20
on or before the last day for complying with subsection (1).
21
91 Dealing with complaints
22
(1) If the Commissioner receives a complaint under section 88, the
23
Commissioner must:
24
(a) make any preliminary inquiries, of the complainant,
25
respondent or any other person, that the Commissioner
26
considers necessary for the purposes of determining whether
27
and how to deal with the complaint; and
28
(b) consider whether it would be appropriate to deal with the
29
complaint by conciliation and, if so, deal with it or arrange
30
for it to be dealt with in that way.
31
Note:
If satisfied that it is not appropriate to deal with the complaint by
32
conciliation, or if the complaint has been conciliated but not resolved,
33
the Commissioner must start an investigation under section 101.
34
Regulation and enforcement
Chapter 5
Complaints
Part 5.3
Complaints
Division 1
Section 92
No. , 2020
Data Availability and Transparency Bill 2020
69
(2) Paragraph (1)(b) does not apply if the Commissioner is satisfied
1
that a ground exists for not dealing with the complaint (see
2
section 92).
3
92 Grounds for not dealing with complaints
4
(1) A ground exists for not dealing with a complaint if any of the
5
following applies:
6
(a) the Commissioner is satisfied that the respondent has not
7
breached and is not breaching the Act;
8
(b) the complainant fails to satisfy the Commissioner that:
9
(i) the complainant has complained about the breach to the
10
respondent; or
11
(ii) it would not be appropriate for the complainant to do so;
12
(c) the complainant has complained about the breach to the
13
respondent before complaining to the Commissioner and the
14
Commissioner is satisfied that:
15
(i) the respondent has dealt, or is dealing, adequately with
16
the complaint; or
17
(ii) the respondent has not had an adequate opportunity to
18
deal with the complaint;
19
(d) the complaint was made more than 12 months after the
20
complainant first reasonably believed the respondent
21
breached this Act;
22
(e) the complaint is frivolous, vexatious, misconceived, lacking
23
in substance or not made in good faith;
24
(f) an investigation, or further investigation, of the breach is not
25
warranted having regard to all the circumstances;
26
(g) the complainant has not responded, within the period
27
specified by the Commissioner, to a request for information
28
in relation to the complaint;
29
(h) the breach is being dealt with, or would be more effectively
30
or appropriately dealt with, by an external dispute resolution
31
scheme recognised under section 131;
32
(i) the breach is the subject of an application under another
33
Commonwealth law, or a State or Territory law, and the
34
subject matter of the complaint has been, or is being, dealt
35
with adequately under that law;
36
Chapter 5
Regulation and enforcement
Part 5.3
Complaints
Division 1
Complaints
Section 93
70
Data Availability and Transparency Bill 2020
No. , 2020
(j) another Commonwealth law, or a State or Territory law,
1
provides a more appropriate remedy for the breach that is the
2
subject of the complaint (including where the Commissioner
3
has formed the opinion mentioned in section 107 (transfer of
4
matters to appropriate authority));
5
(k) the complainant has withdrawn the complaint.
6
(2) If the Commissioner decides at any time to cease dealing with a
7
complaint because a ground exists for not dealing with the
8
complaint, the Commissioner must give written notice of the
9
Commissioner's decision, and the reasons for it, to:
10
(a) the complainant; and
11
(b) if the Commissioner has notified the respondent of the
12
complaint--the respondent.
13
93 Admissibility of things said or done in conciliation
14
If a complaint is dealt with by conciliation, evidence of anything
15
said or done in the course of the conciliation is not admissible in
16
any legal proceedings relating to the complaint or the matters that
17
are the subject of the complaint, unless:
18
(a) the complainant and respondent otherwise agree; or
19
(b) the thing was said or done in the course of committing an
20
offence or contravening a civil penalty provision.
21
Regulation and enforcement
Chapter 5
Complaints
Part 5.3
Representative complaints
Division 2
Section 94
No. , 2020
Data Availability and Transparency Bill 2020
71
Division 2--Representative complaints
1
94 Conditions for making a representative complaint
2
(1) A representative complaint may be made under section 88 only if:
3
(a) the class members have complaints against the same entity;
4
and
5
(b) all the complaints are in respect of, or arise out of, the same,
6
similar or related circumstances; and
7
(c) all the complaints give rise to a substantial common issue of
8
law or fact.
9
(2) A representative complaint made under section 88 must:
10
(a) describe or otherwise identify the class members (it is not
11
necessary for this purpose to name them or specify how
12
many there are); and
13
(b) specify the nature of the complaints made on behalf of the
14
class members; and
15
(c) specify the nature of the relief sought; and
16
(d) specify the questions of law or fact that are common to the
17
complaints of the class members.
18
(3) A representative complaint may be made without the consent of
19
class members.
20
95 Commissioner may determine that a complaint is not to continue
21
as a representative complaint
22
(1) The Commissioner may, on application by the respondent or on the
23
Commissioner's own initiative, determine that a complaint should
24
no longer continue as a representative complaint.
25
(2) The Commissioner may make the determination only if satisfied
26
that it is in the interests of justice to do so for any of the following
27
reasons:
28
(a) the costs that would be incurred if the complaint were to
29
continue as a representative complaint are likely to exceed
30
Chapter 5
Regulation and enforcement
Part 5.3
Complaints
Division 2
Representative complaints
Section 96
72
Data Availability and Transparency Bill 2020
No. , 2020
the costs that would be incurred if each class member made a
1
separate complaint;
2
(b) the representative complaint will not provide an efficient and
3
effective means of dealing with the complaints of the class
4
members;
5
(c) the complaint was not brought in good faith as a
6
representative complaint;
7
(d) it is otherwise inappropriate that the complaints be pursued
8
by means of a representative complaint.
9
(3) If the Commissioner makes the determination, the complaint may
10
be continued by the complainant, or by any other class member, as
11
a complaint on the complainant's or class member's own behalf
12
against the respondent.
13
96 Additional rules applying to the determination of representative
14
complaints
15
(1) The Commissioner may, on application by a class member, replace
16
the complainant with another class member, if it appears to the
17
Commissioner that the complainant is not able adequately to
18
represent the interests of the class members.
19
(2) A class member may, by notice in writing to the Commissioner,
20
withdraw from a representative complaint:
21
(a) if the complaint was made without the consent of the
22
member--at any time; or
23
(b) otherwise--at any time before the Commissioner begins to
24
hold an inquiry into the complaint.
25
Note:
If a class member withdraws from a representative complaint that
26
relates to a matter, the former class member may make a complaint
27
under section 88 that relates to the matter.
28
(3) The Commissioner may at any stage direct that notice of any
29
matter be given to a class member or class members.
30
97 Amendment of representative complaints
31
If the Commissioner is satisfied that a complaint could be dealt
32
with as a representative complaint if the class of persons on whose
33
Regulation and enforcement
Chapter 5
Complaints
Part 5.3
Representative complaints
Division 2
Section 98
No. , 2020
Data Availability and Transparency Bill 2020
73
behalf the complaint is made is increased, reduced or otherwise
1
altered, the Commissioner may amend the complaint so that the
2
complaint can be dealt with as a representative complaint.
3
98 Class member for representative complaint not entitled to lodge
4
individual complaint
5
A person who is a class member for a representative complaint is
6
not entitled to lodge a complaint in respect of the same subject
7
matter.
8
Chapter 5
Regulation and enforcement
Part 5.4
Assessments and investigations
Section 99
74
Data Availability and Transparency Bill 2020
No. , 2020
Part 5.4--Assessments and investigations
1
2
99 Assessments
3
(1) The Commissioner may, from time to time, assess whether conduct
4
that an entity engages or engaged in while it is or was a data
5
scheme entity is consistent with the requirements of this Act.
6
(2) The Commissioner may conduct an assessment in any manner the
7
Commissioner considers appropriate.
8
(3) The Commissioner may, for the purposes of an assessment, obtain
9
information from any person, and make any inquiries, the
10
Commissioner considers appropriate.
11
Note:
The Commissioner may require a person to give information or
12
documents for the purposes of the Commissioner's functions under
13
this Part (see section 104), and may exercise powers under the
14
Regulatory Powers Act to monitor compliance with certain provisions
15
of this Act (see section 109).
16
(4) If the Commissioner invites submissions in relation to an
17
assessment, the Commissioner must have regard to any
18
submissions made in response to the invitation.
19
100 Notices of assessment
20
(1) The Commissioner must give an entity written notice before
21
starting, and on completion of, an assessment of the operations of
22
the entity.
23
(2) The notice given before starting the assessment must specify the
24
intended scope of the assessment.
25
101 Investigations
26
(1) The Commissioner must investigate conduct engaged in by an
27
entity, so far as it relates to a complaint made about the entity
28
under section 88, if:
29
Regulation and enforcement
Chapter 5
Assessments and investigations
Part 5.4
Section 102
No. , 2020
Data Availability and Transparency Bill 2020
75
(a) the Commissioner has considered under paragraph 91(1)(b)
1
whether it would be appropriate to deal with the complaint by
2
conciliation; and
3
(b) either of the following applies:
4
(i) the Commissioner is satisfied that it is not appropriate to
5
do so;
6
(ii) the complaint has been dealt with but not resolved by
7
conciliation.
8
(2) The Commissioner may investigate conduct engaged in by an
9
entity while it is or was a data scheme entity if the Commissioner
10
reasonably suspects that the entity has breached this Act.
11
(3) An investigation may be conducted while the entity is, or after it
12
has ceased to be, a data scheme entity.
13
(4) The Commissioner may cease an investigation at any time if the
14
Commissioner is satisfied that a ground exists for not dealing with
15
the complaint (if any) to which the investigation relates (see
16
section 92).
17
(5) The Commissioner may conduct an investigation in any manner
18
the Commissioner considers appropriate.
19
(6) The Commissioner may, for the purposes of an investigation,
20
obtain information from any person, and make any inquiries, the
21
Commissioner considers appropriate.
22
Note:
The Commissioner may require a person to give information or
23
documents for the purposes of an investigation (see section 104), and
24
may exercise powers under the Regulatory Powers Act to investigate
25
breaches of certain provisions of this Act (see section 110).
26
(7) If the Commissioner invites submissions in relation to an
27
investigation, the Commissioner must have regard to any
28
submissions made in response to the invitation.
29
102 Determination on completion of investigation
30
(1) If the Commissioner completes an investigation of the operations
31
of an entity under this Part, the Commissioner must make a written
32
determination setting out:
33
Chapter 5
Regulation and enforcement
Part 5.4
Assessments and investigations
Section 103
76
Data Availability and Transparency Bill 2020
No. , 2020
(a) the Commissioner's opinion as to whether the entity has
1
breached this Act, or is breaching or proposing to breach this
2
Act, and the reasons for that opinion; and
3
(b) if the Commissioner is satisfied that the entity has breached
4
this Act, or is breaching or proposing to breach this Act--an
5
indication of any action the Commissioner has decided to
6
take in relation to the entity's accreditation, or under Part 5.5
7
(regulatory powers and enforcement) of this Act or the
8
Regulatory Powers Act as it applies in relation to this Act.
9
Note:
The Commissioner must give the determination to the entity and may
10
give it to the complainant (see subsection 103(3)).
11
(2) The Commissioner may make the determination publicly available,
12
in any manner, and for any period (including indefinitely), the
13
Commissioner considers appropriate.
14
(3) The Commissioner may, in writing, vary or revoke the
15
determination.
16
(4) A determination
made under subsection (1) is not a legislative
17
instrument.
18
103 Notices relating to investigation
19
(1) The Commissioner must give an entity written notice before
20
starting an investigation of the operations of the entity.
21
(2) The notice must specify the intended scope of the investigation.
22
(3) On completion of the investigation, the Commissioner:
23
(a) must give the entity the determination made under
24
section 102 in relation to the investigation; and
25
(b) if the investigation relates to a complaint--may also give the
26
complainant that determination.
27
(4) If the Commissioner varies or revokes the determination, the
28
Commissioner must give the variation or revocation to the entities
29
that were given the determination under subsection (3).
30
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 104
No. , 2020
Data Availability and Transparency Bill 2020
77
Part 5.5--Regulatory powers and enforcement
1
2
104 Power to require information and documents
3
(1) If the Commissioner reasonably believes that a person has
4
information or a document relevant to an investigation under
5
section 101, or to any other of the Commissioner's regulatory
6
functions set out in section 45, the Commissioner may, by written
7
notice given to the person, require the person to give the
8
information, or produce the document, to the Commissioner within
9
the period specified in the notice.
10
Note:
There are limits on the information and documents that may be
11
required (see section 106).
12
(2) If:
13
(a) a person is given a notice under subsection (1); and
14
(b) the notice relates to an investigation under section 101;
15
the person must comply with the notice.
16
Civil penalty:
300 penalty units.
17
(3) A person commits an offence if:
18
(a) the person is given a notice under subsection (1); and
19
(b) the notice relates to an investigation under section 101; and
20
(c) the person fails to comply with the notice.
21
Penalty: Imprisonment for 12 months.
22
(4) If the person produces a document to the Commissioner in
23
compliance with the notice, the Commissioner:
24
(a) may take possession of, and may make copies of, or take
25
extracts from, the document; and
26
(b) may retain possession of the document for any period
27
necessary for the purposes of the investigation; and
28
(c) must, during that period, permit any person who would be
29
entitled to inspect the document if it were not in the
30
Chapter 5
Regulation and enforcement
Part 5.5
Regulatory powers and enforcement
Section 105
78
Data Availability and Transparency Bill 2020
No. , 2020
Commissioner's possession to inspect the document at any
1
reasonable time.
2
105 Legal professional privilege
3
(1) A person is not excused from complying with a notice under
4
section 104 on the ground that giving the information or producing
5
the document would disclose a communication protected against
6
disclosure by legal professional privilege.
7
(2) However:
8
(a) the information given or document produced; and
9
(b) the giving of the information or production of the document;
10
are not admissible in evidence against a person in any civil or
11
criminal proceedings.
12
(3) The fact that a person is not excused from complying with the
13
notice on the ground mentioned in subsection (1) does not
14
otherwise affect a claim of legal professional privilege that anyone
15
may make in relation to that information or document.
16
106 Limits on power to require information and documents
17
Excluded entities
18
(1) A notice under subsection 104(1) must not require a person to give
19
information or a document that is held by, or that originated with
20
or was received from, an excluded entity.
21
Public interest certificate
22
(2) A notice under subsection 104(1) must not require a person to give
23
information relating to a matter, or to give a document, specified in
24
a certificate given to the Commissioner under subsection (3) of this
25
section.
26
(3) The Attorney-General may give the Commissioner a certificate
27
stating that, in the opinion of the Attorney-General, giving
28
information in relation to a specified matter, or giving a specified
29
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 107
No. , 2020
Data Availability and Transparency Bill 2020
79
document, would be contrary to the public interest because it
1
would do any of the following:
2
(a) prejudice the security, defence or international relations of
3
Australia;
4
(b) involve the disclosure of communications between a Minister
5
of the Commonwealth and a Minister of a State or Territory,
6
being a disclosure that would prejudice relations between the
7
Commonwealth government and the government of a State or
8
Territory;
9
(c) involve the disclosure of deliberations or decisions of the
10
Cabinet or of a Committee of the Cabinet;
11
(d) involve the disclosure of deliberations or advice of the
12
Executive Council;
13
(e) prejudice the conduct of an investigation or inquiry into
14
crime or criminal activity that is currently being pursued, or
15
prejudice the fair trial of any person;
16
(f) disclose, or enable a person to ascertain, the existence or
17
identity of a confidential source of information in relation to
18
the enforcement of the criminal law;
19
(g) prejudice the effectiveness of the operational methods or
20
investigative practices or techniques of agencies responsible
21
for the enforcement of the criminal law;
22
(h) endanger the life or physical safety of any person.
23
Parliamentary privilege
24
(4) Nothing in section 104 affects the privileges and immunities of a
25
House of the Parliament, a member of a House of the Parliament or
26
a committee within the meaning of the
Parliamentary Privileges
27
Act 1987
.
28
107 Transfer of matters to appropriate authority
29
If, at any time while dealing with a matter under this Act
30
(including a complaint), the Commissioner forms the opinion that
31
the matter:
32
(a) is capable of being dealt with by an agency or body to which
33
the Commissioner is authorised to disclose information under
34
section 108; and
35
Chapter 5
Regulation and enforcement
Part 5.5
Regulatory powers and enforcement
Section 108
80
Data Availability and Transparency Bill 2020
No. , 2020
(b) could be more effectively or conveniently dealt with by that
1
agency or body;
2
the Commissioner may cease to deal with the matter and request
3
the other agency or body to deal with the matter instead.
4
Note:
The Commissioner may give the agency or body any relevant
5
information under section 108.
6
108 Authorisation for Commissioner to disclose and receive
7
information
8
Disclose
9
(1) The Commissioner may disclose, or authorise a member of the
10
staff mentioned in section 47 to disclose, information (including
11
personal information) to an agency or body covered by
12
subsection (2) if:
13
(a) the information was collected by the Commissioner or staff
14
member in the course of performing functions under this Act;
15
and
16
(b) the Commissioner is satisfied that the information will assist
17
the agency or body to perform any of its functions or exercise
18
any of its powers.
19
(2) This subsection covers the following agencies and bodies:
20
(a) the Information Commissioner;
21
(b) a State body, or a Territory body, whose functions include
22
functions that correspond to those of the Information
23
Commissioner;
24
(c) the Commonwealth Ombudsman;
25
(d) a State body, or a Territory body, whose functions include
26
functions that correspond to those of the Commonwealth
27
Ombudsman;
28
(e) the Australian Securities and Investments Commission;
29
(f) the Australian Competition and Consumer Commission;
30
(g) a regulatory authority of a foreign country whose functions
31
include functions that correspond to those of a person
32
mentioned in paragraph (a), (c), (e) or (f);
33
(h) the Australian National Audit Office;
34
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 109
No. , 2020
Data Availability and Transparency Bill 2020
81
(i) the Australian Federal Police;
1
(j) the police force, or police service, of a State or Territory;
2
(k) the Australian Commission for Law Enforcement Integrity;
3
(l) AUSTRAC (within the meaning of the
Anti-Money
4
Laundering and Counter-Terrorism Financing Act 2006
);
5
(m) the Australian Security Intelligence Organisation;
6
(n) the Inspector-General of Intelligence and Security;
7
(o) an agency or body prescribed by the rules for the purposes of
8
this paragraph.
9
Receive
10
(3) The Commissioner, or a member of the staff mentioned in
11
section 47, is authorised to receive information disclosed by an
12
agency or body covered by subsection (2) for the purposes of
13
assisting the Commissioner or staff member to perform any of their
14
functions or exercise any of their powers.
15
109 Monitoring powers
16
Monitoring powers
17
(1) The following provisions of this Act are subject to monitoring
18
under Part 2 of the Regulatory Powers Act:
19
(a) a civil penalty provision;
20
(b) subsections 14(2) and (4) (offences for unauthorised sharing,
21
collection and use) and subsection 104(3) (failure to comply
22
with notice given under subsection 104(1));
23
(c) a provision of Chapter 3 (responsibilities of data scheme
24
entities).
25
Note:
Part 2 of the Regulatory Powers Act creates a framework for
26
monitoring whether a provision is being complied with. It includes
27
powers of entry and inspection.
28
Information subject to monitoring
29
(2) Information given in compliance or purported compliance with a
30
provision of this Act is subject to monitoring under Part 2 of the
31
Regulatory Powers Act.
32
Chapter 5
Regulation and enforcement
Part 5.5
Regulatory powers and enforcement
Section 110
82
Data Availability and Transparency Bill 2020
No. , 2020
Note:
Part 2 of the Regulatory Powers Act creates a framework for
1
monitoring whether the information is correct. It includes powers of
2
entry and inspection.
3
Related provisions, authorised applicant, authorised person,
4
issuing officer, relevant chief executive and relevant court
5
(3) For the purposes of Part 2 of the Regulatory Powers Act, as that
6
Part applies in relation to the provisions mentioned in
7
subsection (1) and the information mentioned in subsection (2):
8
(a) there are no related provisions; and
9
(b) the Commissioner is an authorised applicant; and
10
(c) the Commissioner is an authorised person; and
11
(d) any judicial officer within the meaning of the Regulatory
12
Powers Act is an issuing officer; and
13
(e) the Commissioner is the relevant chief executive; and
14
(f) each of the following is a relevant court:
15
(i) the Federal Court;
16
(ii) the Circuit Court;
17
(iii) a court of a State or Territory that has jurisdiction in
18
relation to matters arising under this Act.
19
Person assisting
20
(4) An authorised person may be assisted by other persons in
21
exercising powers or performing functions or duties under Part 2 of
22
the Regulatory Powers Act in relation to the provisions mentioned
23
in subsection (1) and the information mentioned in subsection (2).
24
110 Investigation powers
25
Provisions subject to investigation
26
(1) The following provisions of this Act are subject to investigation
27
under Part 3 of the Regulatory Powers Act:
28
(a) a civil penalty provision;
29
(b) an offence against this Act;
30
(c) a provision of Chapter 3 (responsibilities of data scheme
31
entities).
32
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 111
No. , 2020
Data Availability and Transparency Bill 2020
83
Note 1:
Part 3 of the Regulatory Powers Act creates a framework for
1
investigating whether a provision has been contravened. It includes
2
powers of entry, search and seizure.
3
Note 2:
The meaning of
offence against this Act
is extended by the definition
4
in section 9.
5
Related provisions, authorised applicant, authorised person,
6
issuing officer, relevant chief executive and relevant court
7
(2) For the purposes of Part 3 of the Regulatory Powers Act, as that
8
Part applies in relation to evidential material that relates to a
9
provision mentioned in subsection (1):
10
(a) there are no related provisions; and
11
(b) the Commissioner is an authorised applicant; and
12
(c) the Commissioner is an authorised person; and
13
(d) any judicial officer within the meaning of the Regulatory
14
Powers Act is an issuing officer; and
15
(e) the Commissioner is the relevant chief executive; and
16
(f) each of the following is a relevant court:
17
(i) the Federal Court;
18
(ii) the Circuit Court;
19
(iii) a court of a State or Territory that has jurisdiction in
20
relation to matters arising under this Act.
21
Person assisting
22
(3) An authorised person may be assisted by other persons in
23
exercising powers or performing functions or duties under Part 3 of
24
the Regulatory Powers Act in relation to evidential material that
25
relates to a provision mentioned in subsection (1).
26
111 Recommendations
27
If the Commissioner completes an assessment or investigation,
28
under Part 5.4, of the operations of a data scheme entity, the
29
Commissioner may give the entity written recommendations about
30
any action the Commissioner considers the entity should take in
31
relation to matters covered by the assessment or investigation.
32
Chapter 5
Regulation and enforcement
Part 5.5
Regulatory powers and enforcement
Section 112
84
Data Availability and Transparency Bill 2020
No. , 2020
112 Directions
1
(1) The Commissioner may give a data scheme entity a written
2
direction:
3
(a) if the Commissioner intends to cancel the entity's
4
accreditation--for the purposes of ensuring that the entity
5
does not hold scheme data after the cancellation; or
6
(b) in either of the following situations:
7
(i) the Commissioner is satisfied that the entity has not
8
acted consistently with this Act;
9
(ii) the Commissioner is satisfied that giving the entity a
10
direction under this section is necessary to properly
11
address an emergency or a high risk situation.
12
(2) The direction may require the entity to do, or cease doing,
13
specified actions for the purposes mentioned in paragraph (1)(a) or
14
for the purpose of addressing the situation mentioned in
15
paragraph (1)(b) or ensuring that it does not occur again.
16
(3) The entity must comply with the direction.
17
Civil penalty:
300 penalty units.
18
(4) A direction under subsection (1) is not a legislative instrument.
19
113 Civil penalty provisions
20
Enforceable civil penalty provisions
21
(1) Each civil penalty provision of this Act is enforceable under Part 4
22
of the Regulatory Powers Act.
23
Note:
Part 4 of the Regulatory Powers Act allows a civil penalty provision to
24
be enforced by obtaining an order for a person to pay a pecuniary
25
penalty for the contravention of the provision.
26
(2) However, an authorised applicant may not apply under section 82
27
of the Regulatory Powers Act for an order that a person pay a
28
pecuniary penalty in relation to a contravention of a civil penalty
29
provision of this Act unless the Commissioner has made a
30
determination under section 102 of this Act setting out the
31
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 114
No. , 2020
Data Availability and Transparency Bill 2020
85
Commissioner's opinion that the person has contravened the
1
provision.
2
Authorised applicant and relevant court
3
(3) For the purposes of Part 4 of the Regulatory Powers Act:
4
(a) the Commissioner is an authorised applicant in relation to the
5
civil penalty provisions in this Act; and
6
(b) each of the following is a relevant court in relation to the
7
civil penalty provisions of this Act:
8
(i) the Federal Court;
9
(ii) the Circuit Court;
10
(iii) a court of a State or Territory that has jurisdiction in
11
relation to the matter.
12
114 Infringement notices
13
Provisions subject to an infringement notice
14
(1) A civil penalty provision of this Act is subject to an infringement
15
notice under Part 5 of the Regulatory Powers Act.
16
Note:
Part 5 of the Regulatory Powers Act creates a framework for using
17
infringement notices in relation to provisions.
18
(2) However, an infringement officer may not give a person an
19
infringement notice under section 103 of the Regulatory Powers
20
Act in relation to a contravention of a civil penalty provision of this
21
Act unless the Commissioner has made a determination under
22
section 102 of this Act setting out the Commissioner's opinion that
23
the person has contravened the provision.
24
Infringement officer and relevant chief executive
25
(3) For the purposes of Part 5 of the Regulatory Powers Act:
26
(a) the Commissioner is an infringement officer in relation to the
27
provisions mentioned in subsection (1); and
28
(b) the Commissioner is the relevant chief executive in relation
29
to the provisions mentioned in subsection (1).
30
Chapter 5
Regulation and enforcement
Part 5.5
Regulatory powers and enforcement
Section 115
86
Data Availability and Transparency Bill 2020
No. , 2020
Single infringement notice may deal with more than one
1
contravention
2
(4) Despite subsection 103(3) of the Regulatory Powers Act, a single
3
infringement notice may be given to a person in respect of:
4
(a) 2 or more alleged contraventions of a provision mentioned in
5
subsection (1); or
6
(b) alleged contraventions of 2 or more provisions mentioned in
7
subsection (1).
8
However, the notice must not require the person to pay more than
9
one amount in respect of the same conduct.
10
115 Enforceable undertakings
11
Enforceable provisions
12
(1) The provisions of this Act are enforceable under Part 6 of the
13
Regulatory Powers Act.
14
Note:
Part 6 of the Regulatory Powers Act creates a framework for
15
accepting and enforcing undertakings relating to compliance with
16
provisions.
17
Authorised person and relevant court
18
(2) For the purposes of Part 6 of the Regulatory Powers Act:
19
(a) the Commissioner is an authorised person in relation to the
20
provisions of this Act; and
21
(b) each of the following is a relevant court in relation to the
22
provisions of this Act:
23
(i) the Federal Court;
24
(ii) the Circuit Court;
25
(iii) a court of a State or Territory that has jurisdiction in
26
relation to the matter.
27
Regulation and enforcement
Chapter 5
Regulatory powers and enforcement
Part 5.5
Section 116
No. , 2020
Data Availability and Transparency Bill 2020
87
Enforceable undertaking may be published on the Commissioner's
1
website
2
(3) An authorised person in relation to a provision mentioned in
3
subsection (1) may make an undertaking given in relation to the
4
provision publicly available.
5
116 Injunctions
6
Enforceable provisions
7
(1) The following provisions of this Act are enforceable
under Part 7
8
of the Regulatory Powers Act:
9
(a) a civil penalty provision;
10
(b) a provision of Chapter 3 (responsibilities of data scheme
11
entities).
12
Note:
Part 7 of the Regulatory Powers Act creates a framework for using
13
injunctions to enforce provisions.
14
(2) However, an authorised person may not apply under section 121 of
15
the Regulatory Powers Act for an injunction in relation to conduct
16
in contravention of a civil penalty provision of this Act unless the
17
Commissioner has made a determination under section 102 of this
18
Act setting out the Commissioner's opinion that the person has
19
contravened, is contravening or is proposing to contravene the
20
provision.
21
Authorised person and relevant court
22
(3) For the purposes of Part 7 of the Regulatory Powers Act:
23
(a) the Commissioner is an authorised person in relation to the
24
provisions mentioned in subsection (1); and
25
(b) each of the following is a relevant court in relation to the
26
provisions mentioned in subsection (1):
27
(i) the Federal Court;
28
(ii) the Circuit Court;
29
(iii) a court of a State or Territory that has jurisdiction in
30
relation to matters arising under this Act.
31
Chapter 6
Other matters
Part 6.1
Introduction
Section 117
88
Data Availability and Transparency Bill 2020
No. , 2020
Chapter 6--Other matters
1
Part 6.1--Introduction
2
3
117 Simplified outline of this Chapter
4
Some of the administrative aspects of the data sharing scheme are
5
set out in this Chapter.
6
Administrative decisions made by the Commissioner are
7
reviewable by the Administrative Appeals Tribunal.
8
The following kinds of legislative instruments may be made for the
9
purposes of the data sharing scheme:
10
(a)
data codes (made by the Commissioner);
11
(b)
rules (made by the Minister);
12
(c)
regulations (made by the Governor-General).
13
The Commissioner may also make the following non-legislative
14
instruments:
15
(a)
guidelines;
16
(b)
registers making certain information about accredited
17
entities and the mandatory terms in data sharing
18
agreements publicly available;
19
(c)
instruments recognising external dispute resolution
20
providers and approving forms.
21
Some other matters of detail are also set out in this Chapter.
22
Other matters
Chapter 6
Review of decisions
Part 6.2
Section 118
No. , 2020
Data Availability and Transparency Bill 2020
89
Part 6.2--Review of decisions
1
2
118 Reviewable decisions
3
(1) A decision made by the Commissioner in the exercise of any of the
4
Commissioner's regulatory functions set out in section 45 is a
5
reviewable
decision
.
6
(2) Despite subsection (1), the following are not
reviewable decisions
:
7
(a) any of the following decisions about the accreditation of a
8
foreign entity, if made for reasons of security (within the
9
meaning of the
Australian Security Intelligence Organisation
10
Act 1979
):
11
(i) to refuse to accredit the entity;
12
(ii) to suspend or cancel accreditation;
13
(iii) to impose, vary or remove a condition of accreditation;
14
(b) a decision to suspend or cancel the accreditation of an entity
15
as required by subsection 81(3);
16
(c) a decision under section 107 (transfer of matters to
17
appropriate authority);
18
(d) a decision under section 108 (authorisation for Commissioner
19
to disclose and receive information).
20
119 Applications for reconsideration of decisions made by delegates
21
of the Commissioner
22
(1) If a person is affected by a reviewable decision made by a delegate
23
of the Commissioner, the person may apply to the Commissioner
24
for reconsideration of the decision.
25
(2) The application must:
26
(a) be in an approved form (if any); and
27
(b) set out the reasons for the application.
28
(3) If the rules prescribe a fee for making an application under this
29
section, the application is taken not to have been made unless the
30
fee is paid.
31
Chapter 6
Other matters
Part 6.2
Review of decisions
Section 120
90
Data Availability and Transparency Bill 2020
No. , 2020
120 Reconsideration by the Commissioner
1
(1) If an application is made under subsection 119(1) for
2
reconsideration of a reviewable decision, the Commissioner must:
3
(a) reconsider the decision; and
4
(b) affirm, vary or revoke the decision.
5
(2) The Commissioner's decision on reconsideration of a decision has
6
effect as if it had been made under the provision under which the
7
original decision was made.
8
(3) The Commissioner must give the applicant a written notice stating
9
the Commissioner's decision on the reconsideration.
10
(4) Within 28 days after making the decision on the reconsideration,
11
the Commissioner must give the applicant a written statement of
12
the Commissioner's reasons for the decision.
13
(5) If the Commissioner's functions under this section are performed
14
by a delegate of the Commissioner, the delegate who reconsiders
15
the reviewable decision:
16
(a) must not have been involved in making the reviewable
17
decision; and
18
(b) must hold a position, or perform duties, of at least the same
19
level as the delegate who made the reviewable decision.
20
Note:
The Commissioner may delegate functions and powers to certain APS
21
employees in the Department (see sections 47 and 50).
22
121 Deadline for reconsideration
23
(1) The Commissioner must make a decision on reconsideration of a
24
decision within 90 days after receiving an application for
25
reconsideration.
26
(2) The Commissioner is taken, for the purposes of this Part, to have
27
made a decision affirming the original decision if the
28
Commissioner has not informed the applicant of the
29
Commissioner's decision on the reconsideration before the end of
30
the period of 90 days.
31
Other matters
Chapter 6
Review of decisions
Part 6.2
Section 122
No. , 2020
Data Availability and Transparency Bill 2020
91
122 Review by the Administrative Appeals Tribunal
1
Applications may be made to the Administrative Appeals Tribunal
2
to review a reviewable decision if either of the following apply:
3
(a) the decision was made personally by the Commissioner;
4
(b) the decision has been affirmed or varied under
5
paragraph 120(1)(b).
6
Chapter 6
Other matters
Part 6.3
Treatment of certain entities
Section 123
92
Data Availability and Transparency Bill 2020
No. , 2020
Part 6.3--Treatment of certain entities
1
2
123 Treatment of Commonwealth bodies, State bodies and Territory
3
bodies
4
(1) This Act applies to an entity that is a Commonwealth body, or a
5
State body or Territory body, and not a person, as if it were a
6
person, but with the changes set out in this section.
7
(2) If this Act authorises or requires the entity to engage in conduct,
8
the conduct may be engaged in on behalf of the entity by a person
9
covered by subsection (5), if engaging in the conduct is within the
10
scope of the person's employment or authority.
11
(3) In determining whether the entity has breached this Act:
12
(a) conduct engaged in on behalf of the entity by a person
13
covered by subsection (5) acting within the scope (actual or
14
apparent) of the person's employment or authority is taken to
15
have been engaged in instead by the entity; and
16
(b) if it is necessary to establish intention, knowledge or
17
recklessness, or any other state of mind, of the entity, it is
18
sufficient to establish the intention, knowledge or
19
recklessness, or other state of mind, of the person mentioned
20
in paragraph (a).
21
Note 1:
The Crown is not liable to be prosecuted for an offence (see
22
subsection 5(2)).
23
Note 2:
Part 2.5 of the
Criminal Code
and section 97 of the Regulatory
24
Powers Act deal with responsibility of bodies corporate for offences
25
and civil penalties.
26
(4) Despite paragraph (3)(a), the entity does not contravene a civil
27
penalty provision of this Act, or commit an offence against this
28
Act, because of conduct of a person that the entity is taken to have
29
engaged in, if it is established that the entity took reasonable
30
precautions and exercised due diligence to avoid the conduct.
31
(5) This subsection covers the following persons:
32
(a) an authorised officer of the entity;
33
Other matters
Chapter 6
Treatment of certain entities
Part 6.3
Section 124
No. , 2020
Data Availability and Transparency Bill 2020
93
(b) a statutory officeholder of the entity;
1
(c) an officer, employee or member of the entity;
2
(d) a person that is party to a contract with the entity (other than
3
a data sharing agreement);
4
(e) an agent of the entity.
5
(6) A reference in this section to this Act includes a reference to a
6
legislative instrument made under this Act.
7
124 Treatment of partnerships and unincorporated associations
8
(1) This Act applies to an entity that is a partnership or an
9
unincorporated association as if it were a person, but with the
10
changes set out in this section.
11
(2) An obligation that would otherwise be imposed on the entity by
12
this Act is imposed on each responsible individual for the entity
13
instead, but may be discharged by any of the responsible
14
individuals.
15
(3) An offence against this Act that would otherwise be committed by
16
the entity is taken to have been committed by each responsible
17
individual for the entity who, at the time the offence was
18
committed:
19
(a) did the relevant act or made the relevant omission; or
20
(b) aided, abetted, counselled or procured the relevant act or
21
omission; or
22
(c) was in any way knowingly concerned in, or party to, the
23
relevant act or omission (whether directly or indirectly and
24
whether by any act or omission of the responsible
25
individual).
26
(4) This section applies to a contravention of a civil penalty provision
27
in a corresponding way to the way in which it applies to an
28
offence.
29
(5) A change in the composition of the entity does not affect the
30
continuity of the entity for the purposes of this Act.
31
(6) An individual is a
responsible individual
for an entity if:
32
Chapter 6
Other matters
Part 6.3
Treatment of certain entities
Section 125
94
Data Availability and Transparency Bill 2020
No. , 2020
(a) for a partnership--the individual is a partner in the
1
partnership; or
2
(b) for an unincorporated association--the individual is a
3
member of the association's committee of management.
4
(7) This section does not apply to an entity to which section 123
5
applies.
6
(8) A reference in this section to this Act includes a reference to a
7
legislative instrument made under this Act.
8
125 Treatment of trusts
9
(1) This Act applies to a trust as if it were a person, but with the
10
changes set out in this section.
11
(2) If the trust has a single trustee:
12
(a) an obligation that would otherwise be imposed on the trust by
13
this Act is imposed on the trustee instead; and
14
(b) an offence against this Act that would otherwise be
15
committed by the trust is taken to have been committed by
16
the trustee.
17
(3) If the trust has 2 or more trustees:
18
(a) an obligation that would otherwise be imposed on the trust by
19
this Act is imposed on each trustee instead, but may be
20
discharged by any of the trustees; and
21
(b) an offence against this Act that would otherwise be
22
committed by the trust is taken to have been committed by
23
each trustee, at the time the offence was committed, who:
24
(i) did the relevant act or made the relevant omission; or
25
(ii) aided, abetted, counselled or procured the relevant act or
26
omission; or
27
(iii) was in any way knowingly concerned in, or party to, the
28
relevant act or omission (whether directly or indirectly
29
and whether by any act or omission of the member).
30
(4) This section applies to a contravention of a civil penalty provision
31
in a corresponding way to the way in which it applies to an
32
offence.
33
Other matters
Chapter 6
Treatment of certain entities
Part 6.3
Section 125
No. , 2020
Data Availability and Transparency Bill 2020
95
(5) This section does not apply to an entity to which section 123
1
applies.
2
(6) A reference in this section to this Act includes a reference to a
3
legislative instrument made under this Act.
4
Chapter 6
Other matters
Part 6.4
Data sharing scheme instruments
Section 126
96
Data Availability and Transparency Bill 2020
No. , 2020
Part 6.4--Data sharing scheme instruments
1
2
126
Data codes
3
(1) The Commissioner may, by legislative instrument, make codes of
4
practice about the data sharing scheme
(
data codes
).
5
(2) Without limiting what a data code may do, it may do any of the
6
following:
7
(a) set out how the data definitions in section 10, and provisions
8
of Chapters 2 (including section 13) and 3, are to be applied
9
or complied with;
10
(b) impose additional requirements to those imposed by
11
Chapters 2 and 3, so long as the additional requirements are
12
not contrary to, or inconsistent with, those Chapters;
13
(c) deal with the internal handling of complaints;
14
(d) deal with the management of complaints under Part 5.3 and
15
impose additional requirements to those set out in that Part,
16
so long as the additional requirements are not contrary to, or
17
inconsistent with, that Part;
18
(e) deal with any other matters the Commissioner considers
19
relevant to the data sharing scheme.
20
(3) A data code that is inconsistent with the regulations or rules has no
21
effect to the extent of the inconsistency, but a data code is taken to
22
be consistent with the regulations and rules to the extent that the
23
data code is capable of operating concurrently with them.
24
127
Guidelines
25
(1) The Commissioner may make written guidelines in relation to
26
matters for which the Commissioner has functions under this Act.
27
Note:
Data scheme entities must have regard to the guidelines when
28
engaging in conduct for the purposes of this Act (see section 27).
29
(2) The guidelines may include principles and processes relating to:
30
(a) any aspect of the data sharing scheme; and
31
Other matters
Chapter 6
Data sharing scheme instruments
Part 6.4
Section 128
No. , 2020
Data Availability and Transparency Bill 2020
97
(b) any matters incidental to the data sharing scheme, including:
1
(i) data release; and
2
(ii) data management and curation; and
3
(iii) technical matters and standards; and
4
(iv) emerging technologies.
5
(3) The Commissioner may publish the guidelines in any manner the
6
Commissioner considers appropriate.
7
(4) Guidelines made under subsection (1) are not a legislative
8
instrument.
9
128 Register of ADSPs
10
(1) The Commissioner must maintain a register of ADSPs.
11
(2) The register must contain the following details for each ADSP:
12
(a) the name of the ADSP;
13
(b) contact details for the ADSP;
14
(c) the data services the ADSP is accredited to perform.
15
(3) The register may contain:
16
(a) information about conditions of the ADSP's accreditation;
17
and
18
(b) any other information in relation to ADSPs that the
19
Commissioner considers appropriate.
20
(4) The register may be maintained in any form the Commissioner
21
considers appropriate.
22
(5) The Commissioner must make the register publicly available, but
23
may omit any details the Commissioner is satisfied are not
24
appropriate to make publicly available.
25
(6) The register is not a legislative instrument.
26
129 Register of accredited users
27
(1) The Commissioner must maintain a register of accredited users.
28
Chapter 6
Other matters
Part 6.4
Data sharing scheme instruments
Section 130
98
Data Availability and Transparency Bill 2020
No. , 2020
(2) The register must contain the following details for each accredited
1
user:
2
(a) the name of the accredited user;
3
(b) contact details for the accredited user.
4
(3) The register may contain:
5
(a) information about conditions of the accredited user's
6
accreditation; and
7
(b) any other information in relation to accredited users that the
8
Commissioner considers appropriate.
9
(4) The register may be maintained in any form the Commissioner
10
considers appropriate.
11
(5) The Commissioner must make the register publicly available, but
12
may omit any details the Commissioner is satisfied are not
13
appropriate to make publicly available.
14
(6) The register is not a legislative instrument.
15
130 Register of data sharing agreements
16
(1) The Commissioner must maintain a register of data sharing
17
agreements.
18
(2) The register must contain the following details for each data
19
sharing agreement:
20
(a) the mandatory terms;
21
(b) if a mandatory term is varied--the term as varied.
22
(3) The register may contain any other information in relation to data
23
sharing agreements that the Commissioner considers appropriate.
24
(4) The register may be maintained in any form the Commissioner
25
considers appropriate.
26
(5) The Commissioner must make the register publicly available, but
27
may omit any details the Commissioner is satisfied are not
28
appropriate to make publicly available.
29
(6) The register is not a legislative instrument.
30
Other matters
Chapter 6
Data sharing scheme instruments
Part 6.4
Section 131
No. , 2020
Data Availability and Transparency Bill 2020
99
131 Recognition of external dispute resolution schemes
1
(1) The Commissioner may, by written notice, recognise an external
2
dispute resolution scheme for:
3
(a) a data scheme entity or a class of data scheme entities; or
4
(b) a specified purpose.
5
(2) In considering whether to recognise an external dispute resolution
6
scheme, the Commissioner:
7
(a) must take the following aspects of the scheme into account:
8
(i) accessibility;
9
(ii) independence;
10
(iii) fairness;
11
(iv) accountability;
12
(v) efficiency;
13
(vi) effectiveness; and
14
(b) may take into account any other matter the Commissioner
15
considers relevant.
16
(3) The Commissioner may:
17
(a) specify a period for which the recognition of an external
18
dispute resolution scheme is in force; and
19
(b) make the recognition of an external dispute resolution
20
scheme subject to specified conditions, including conditions
21
relating to the conduct of an independent review of the
22
operation of the scheme; and
23
(c) vary or revoke:
24
(i) the recognition of an external dispute resolution
25
scheme; or
26
(ii) the period for which the recognition is in force; or
27
(iii) a condition to which the recognition is subject.
28
(4) A notice under subsection (1) is not a legislative instrument.
29
132 Approved forms
30
The Commissioner may, by writing, approve a form for the
31
purposes of a provision of this Act, the rules or a data code.
32
Chapter 6
Other matters
Part 6.4
Data sharing scheme instruments
Section 133
100
Data Availability and Transparency Bill 2020
No. , 2020
133 Rules
1
(1) The Minister may, by legislative instrument, make rules
2
prescribing matters:
3
(a) required or permitted by this Act to be prescribed by the
4
rules; or
5
(b) necessary or convenient to be prescribed for carrying out or
6
giving effect to this Act.
7
(2) To avoid doubt, the rules may not do the following:
8
(a) create an offence or civil penalty;
9
(b) provide powers of:
10
(i) arrest or detention; or
11
(ii) entry, search or seizure;
12
(c) impose a tax;
13
(d) set an amount to be appropriated from the Consolidated
14
Revenue Fund under an appropriation in this Act;
15
(e) directly amend the text of this Act.
16
(3) Rules that are inconsistent with the regulations have no effect to
17
the extent of the inconsistency, but rules are taken to be consistent
18
with the regulations to the extent that the rules are capable of
19
operating concurrently with the regulations.
20
134 Regulations
21
The Governor-General may make regulations prescribing matters:
22
(a) required or permitted by this Act to be prescribed by the
23
regulations; or
24
(b) necessary or convenient to be prescribed for carrying out or
25
giving effect to this Act.
26
Other matters
Chapter 6
Other matters
Part 6.5
Section 135
No. , 2020
Data Availability and Transparency Bill 2020
101
Part 6.5--Other matters
1
2
135 Disclosure of scheme data in relation to information-gathering
3
powers
4
(1) A data scheme entity is authorised to disclose scheme data held by
5
the entity if the disclosure is:
6
(a) to a person who has the power to require the disclosure of
7
information under a law covered by subsection (2) for the
8
purposes of exercising the person's functions in relation to
9
this Act or the data sharing scheme; or
10
(b) to a person who requires the disclosure of the scheme data
11
under a law of the Commonwealth or a State or Territory for
12
the purposes of giving effect to this Act or the data sharing
13
scheme; or
14
(c) to a court or tribunal that orders or directs the disclosure of
15
the scheme data in the course of proceedings relating to this
16
Act or the data sharing scheme.
17
Note:
Except as authorised by this subsection or under the
Freedom of
18
Information Act 1982
, an accredited entity must not share or release
19
scheme data unless authorised to do so under subsection 13(3).
20
(2) The following laws are covered by this subsection:
21
(a) the
Auditor-General Act 1997
;
22
(b) the
Ombudsman Act 1976
;
23
(c) a law of the Commonwealth to the extent that the law
24
requires or authorises the use or disclosure of information for
25
the purposes of performing the Information Commissioner's
26
functions in relation to the data sharing scheme.
27
136 Geographical jurisdiction of civil penalty provisions and
28
offences
29
Geographical jurisdiction of offences and civil penalty provisions
30
(1) A person does not contravene a civil penalty provision of this Act,
31
or commit an offence against this Act, unless at least one of the
32
Chapter 6
Other matters
Part 6.5
Other matters
Section 136
102
Data Availability and Transparency Bill 2020
No. , 2020
following paragraphs applies in relation to the conduct constituting
1
the alleged contravention or offence:
2
(a) the conduct, or a result of the conduct, occurs wholly or
3
partly in Australia, or on board an Australian aircraft or
4
Australian ship;
5
(b) for conduct alleged to constitute an ancillary contravention--
6
the conduct, or a result of the conduct, that would constitute
7
the primary contravention to which the ancillary
8
contravention relates would have occurred wholly or partly in
9
a place covered by paragraph (a);
10
(c) for conduct alleged to constitute an ancillary offence--the
11
conduct, or a result of the conduct, that would constitute the
12
primary offence to which the ancillary offence relates was
13
intended by the person to occur wholly or partly in a place
14
covered by paragraph (a);
15
(d) the conduct occurs wholly outside Australia and the person
16
engaging in the conduct is an Australian entity.
17
Defence for primary contravention or primary offence
18
(2) Despite subsection (1), a person does not contravene a civil penalty
19
provision of this Act, or commit an offence against this Act, if:
20
(a) the alleged contravention or offence is a primary
21
contravention or primary offence; and
22
(b) the conduct constituting the alleged contravention or offence
23
occurs wholly in a foreign country, but not on board an
24
Australian aircraft or Australian ship; and
25
(c) the person is not an Australian entity; and
26
(d) there is not in force, in the foreign country or the part of the
27
foreign country where the conduct constituting the alleged
28
contravention or offence occurred, a law creating a pecuniary
29
or criminal penalty for conduct corresponding to the conduct
30
constituting the alleged contravention or offence.
31
Defence for ancillary contravention or ancillary offence
32
(3) Despite subsection (1), a person does not contravene a civil penalty
33
provision of this Act, or commit an offence against this Act, if:
34
Other matters
Chapter 6
Other matters
Part 6.5
Section 136
No. , 2020
Data Availability and Transparency Bill 2020
103
(a) the alleged contravention or offence is an ancillary
1
contravention or ancillary offence; and
2
(b) for conduct constituting an alleged contravention--the
3
conduct constituting the primary contravention to which the
4
alleged contravention relates, or a result of that conduct,
5
occurs, or would have occurred, wholly in a foreign country,
6
but not on board an Australian aircraft or Australian ship; and
7
(c) for conduct constituting an alleged offence--the conduct
8
constituting the primary offence to which the alleged offence
9
relates, or a result of that conduct, occurs, or was intended by
10
the person to occur, wholly in a foreign country, but not on
11
board an Australian aircraft or Australian ship; and
12
(d) the person is not an Australian entity; and
13
(e) there is not in force, in the foreign country or the part of the
14
foreign country where the conduct constituting the alleged
15
contravention or offence occurred, a law creating a pecuniary
16
or criminal penalty for conduct corresponding to the conduct
17
constituting the primary contravention or primary offence to
18
which the alleged contravention or offence relates.
19
(4) A person who is alleged to have contravened a civil penalty
20
provision of this Act and who wishes to rely on subsection (2) or
21
(3) bears an evidential burden (within the meaning of the
Criminal
22
Code
) in relation to the matters set out in the subsection.
23
(5) For the purposes of the application of subsection 13.3(3) of the
24
Criminal Code
to an offence against this Act, subsections (2) and
25
(3) of this section are taken to be exceptions provided by the law
26
creating the offence.
27
Note:
This means that a defendant bears an evidential burden in relation to
28
the matters in subsections (2) and (3).
29
Other matters
30
(6) Division 14 of the
Criminal Code
(standard geographical
31
jurisdiction) does not apply in relation to an offence against this
32
Act (this section applies instead).
33
(7) A reference in this section to a result of conduct is a reference to a
34
result that is an element of the civil penalty provision or offence.
35
Chapter 6
Other matters
Part 6.5
Other matters
Section 137
104
Data Availability and Transparency Bill 2020
No. , 2020
(8) For the purposes of this section and without limitation, if a person
1
sends, or causes to be sent, an electronic communication or other
2
thing:
3
(a) from a point outside Australia to a point in Australia; or
4
(b) from a point in Australia to a point outside Australia;
5
that conduct is taken to have occurred partly in Australia.
6
(9) A
point
includes a mobile or potentially mobile point, whether on
7
land, underground, in the atmosphere, underwater, at sea or
8
anywhere else.
9
137 Authorised officers
10
(1) An individual specified in the following table for a kind of entity is
11
an
authorised officer
of an entity of that kind.
12
13
Authorised officers
Item
Kind of entity
Individuals who are authorised
officers
1
Any of the following:
(a) a Department;
(b) an Executive Agency within the
meaning of the
Public Service
Act 1999
;
(c) a Statutory Agency within the
meaning of the
Public Service
Act 1999
The following:
(a) the Agency Head within the
meaning of the
Public Service
Act 1999
;
(b) an employee in the entity
authorised in writing by the
Agency Head for the purposes of
this section
2
Any of the following:
(a) a corporate Commonwealth
entity within the meaning of the
Public Governance,
Performance and Accountability
Act 2013
;
(b) a Commonwealth company
within the meaning of the
Public
Governance, Performance and
Accountability Act 2013
The following:
(a) the chief executive officer
(however described) of the
entity;
(b) an individual authorised in
writing by the chief executive
officer for the purposes of this
section
3
A person who is a prescribed
The following:
Other matters
Chapter 6
Other matters
Part 6.5
Section 137
No. , 2020
Data Availability and Transparency Bill 2020
105
Authorised officers
Item
Kind of entity
Individuals who are authorised
officers
authority within the meaning of
paragraph (c) or (d) of the definition
of
prescribed authority
in
subsection 4(1) of the
Freedom of
Information Act 1982
and not
covered by item 1 or 2
(a) the person;
(b) a person authorised in writing by
that person for the purposes of
this section
4
A body corporate not covered by
item 1 or 2
The following:
(a) the chief executive officer
(however described) of the
entity;
(b) a director of the entity;
(c) an employee of the entity
authorised in writing by the chief
executive officer for the
purposes of this section
5
A partnership or unincorporated
association not covered by item 1 or
2
The following:
(a) a responsible individual for the
entity (see subsection 124(6));
(b) an individual determined in
accordance with the rules
6
A trust not covered by item 1 or 2
The following:
(a) a trustee of the trust;
(b) an individual determined in
accordance with the rules
7
An entity not covered by any other
item
An individual determined in
accordance with the rules
1
(2) Rules determining an individual for the purposes of an item of the
2
table in subsection (1) may provide for individuals to be
3
determined by reference to a decision of the Commissioner or
4
another person.
5
(3) If the rules provide that a kind of individual who would be an
6
authorised officer of a kind of entity under an item of the table in
7
Chapter 6
Other matters
Part 6.5
Other matters
Section 138
106
Data Availability and Transparency Bill 2020
No. , 2020
subsection (1) is not an authorised officer, the rules have effect
1
despite the item.
2
(4) Rules made for the purposes of subsection (3) may prescribe
3
another kind of individual as an authorised officer for the kind of
4
entity instead.
5
138 Annual report
6
(1) After the end of each financial year, the Commissioner must
7
prepare and give a report to the Minister, for presentation to the
8
Parliament, on the Commissioner's activities during the financial
9
year.
10
(2) The report must include the following in relation to the financial
11
year:
12
(a) information about legislative instruments and guidelines
13
made by the Commissioner under this Act;
14
(b) information about activities undertaken for the purposes of
15
the regulatory functions set out in section 45;
16
(c) a description of any efforts made by the Commissioner to
17
assist data scheme entities to comply with the requirements
18
of the data sharing scheme;
19
(d) a statement of the following:
20
(i) the number of requests received by data custodians of
21
public sector data for sharing of data under this Act and
22
information about the reasons for requests being agreed
23
to or refused;
24
(ii) the number of data sharing agreements made;
25
(iii) the number of entities accredited;
26
(iv) the number of accredited entities as at the end of the
27
financial year;
28
(e) information about the activities of the National Data
29
Advisory Council;
30
(f) information about the number of APS employees made
31
available to the Commissioner as mentioned in section 47;
32
Other matters
Chapter 6
Other matters
Part 6.5
Section 139
No. , 2020
Data Availability and Transparency Bill 2020
107
(g) a report on financial matters, including a discussion and
1
analysis of the financial resources available to the
2
Commissioner in the financial year and how they were used.
3
Note:
The Commissioner may require data scheme entities to give
4
information and assistance for the purposes of preparing the report
5
(see section 34).
6
(3) The report may include any other information relating to the
7
operation of the data sharing scheme that the Commissioner
8
considers appropriate.
9
(4) The report must be given to the Minister by the 15th day of the
10
fourth month after the end of the financial year, or by the end of
11
any further period granted under subsection 34C(5) of the
Acts
12
Interpretation Act 1901
.
13
139 Charging of fees by Commissioner
14
(1) The rules may prescribe fees to be charged by the Commissioner
15
for services provided by or on behalf of the Commissioner in
16
performing or exercising functions or powers under this Act, the
17
rules or the data codes.
18
(2) Without limiting subsection (1), the rules may provide for the
19
amount of a fee to be the cost incurred by the Commonwealth in
20
arranging and paying for another person to perform functions or
21
exercise powers.
22
(3) A fee prescribed by the rules is payable to the Commonwealth.
23
(4) The rules may make provision for:
24
(a) when and how fees are payable;
25
(b) any other matters in relation to fees including exemptions,
26
refunds and remissions.
27
(5) If a fee is payable for a service, the service need not be provided
28
while the fee remains unpaid. The rules may provide for the
29
extension of any times for providing services accordingly.
30
Chapter 6
Other matters
Part 6.5
Other matters
Section 140
108
Data Availability and Transparency Bill 2020
No. , 2020
140 Charging of fees by data scheme entities
1
(1) A data custodian of public sector data may charge fees to an
2
accredited entity for services performed by the data custodian in
3
dealing with a request by the accredited entity for data to be shared
4
under this Act.
5
(2) A data custodian that charges fees must do so in a way that is not
6
inconsistent with the policies of the Australian Government.
7
(3) Nothing in this section has the effect of preventing an accredited
8
entity (including a Commonwealth body) from charging fees in
9
relation to services it performs in relation to the data sharing
10
scheme.
11
141 Commonwealth not liable to pay a fee
12
(1) The Commonwealth is not liable to pay a fee that is payable under
13
this Act. However, it is the Parliament's intention that the
14
Commonwealth should be notionally liable to pay such a fee.
15
(2) The Finance Minister may give such written directions as are
16
necessary or convenient for carrying out or giving effect to
17
subsection (1) and, in particular, may give directions in relation to
18
the transfer of money within an account, or between accounts,
19
operated by the Commonwealth.
20
(3) Directions under subsection (2) have effect, and must be complied
21
with, despite any other Commonwealth law.
22
(4) In subsections (1) and (2),
Commonwealth
includes a
23
Commonwealth entity (within the meaning of the
Public
24
Governance, Performance and Accountability Act 2013
) that
25
cannot be made liable to taxation by a Commonwealth law.
26
142 Periodic reviews of operation of Act
27
(1) The Minister must cause periodic reviews of the operation of this
28
Act to be undertaken.
29
(2) The first review must:
30
Other matters
Chapter 6
Other matters
Part 6.5
Section 142
No. , 2020
Data Availability and Transparency Bill 2020
109
(a) start no later than 3 years after the commencement of this
1
section; and
2
(b) be completed within 12 months or a longer period agreed by
3
the Minister.
4
(3) Subsequent reviews must:
5
(a) start no later than every 10 years after the commencement of
6
this section; and
7
(b) be completed within 12 months or a longer period agreed by
8
the Minister.
9
(4) The Minister must cause a written report about each review to be
10
prepared. A review is taken to be completed when the Minister is
11
given the report about the review.
12
(5) The Minister must cause a copy of the report about each review to
13
be laid before each House of the Parliament within 15 sitting days
14
of that House after the Minister receives the report.
15