Security News

Australian Government Considering Sharing Citizens' Data Without Their Consent

Despite "robust discussions and debate in roundtables about consent", the Australian Government is willing to share its citizens' data without their consent.

"While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research, and programs can outweigh the benefits of consent, provided privacy is protected," it stated in its Data Sharing and Release Legislative Reforms Discussion Paper, which was released in early September. "Closed data protects privacy, but carries the risk that research does not use the best information, government policies are not targeted where they are most needed, and citizens find it difficult and annoying to access government services."

Among other things, the government feels the need to "keep pace with the private sector - and aspire to be a market leader - when it comes to delivering services ... (the public) expect government services to be seamless, easy and fast - just like their normal experience of shopping and banking."

One example of doing away with consent goes back 31 years to the Privacy Act 1988, which "did not use a consent model but (was) accepted by the public" (it contained a health research consent waiver). Many Australians probably can't remember - or have not even heard of - the Privacy Act 1988 and have no idea of its consent waiver. What's more, 1988 and 2019 are completely different worlds and the internet and cybercrime, if mentioned at all in 1988, would have been contained to science fiction.

Those in favour of waiving consent cite one benefit being that the legislation will help government and researchers use a better evidence base: "Requiring consent for all data sharing will lead to biased data that delivers the wrong outcomes. If we required consent, then data would only be shared where consent was given. This will skew the data which is shared, leaving it unfit for many important purposes in the public benefit; it also runs the risk of leading to flawed policy and research which impacts negatively on society ... the legislation will provide access to data to advance knowledge and create better public policy."

Some disagree with this 'for' argument.

"Bullshit," is the short answer from tech analyst and blogger, Justin Warren. "Researchers fervently believe they can improve public policy and programs by doing more research. Can someone point to research that supports this position? I mean, you've been doing research for decades, so surely there's lots of good, systemic evidence that more data and research improves things on a public policy front, yes?"

The government goes a long way to painting a pretty picture and states that the public will no longer "have to tell (the government) the same basic information over and over again, and we will be able to create a connected and seamless user experience for those accessing government services." Yet it also says that "the government ... is the custodian of Australia’s data and (it) is already being used to inform policy development and the delivery of services - yet much more can be done with this truly national asset."

Many consider it an asset worth protecting.

***The government aims to have draft legislation in early 2020 and the Bill introduced to Parliament in mid-2020.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join 916 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: