The SPEAKER ( Hon. Andrew Wallace ) took the chair at 09:30, made an acknowledgement of country and read prayers.
Report relating to the consideration of committee and delegation business and of private Members' business
1. The Committee met in private session on Tuesday, 29 March 2022.
2. The Committee deliberated on items of committee and delegation business that had been notified, private Members' business items listed on the Notice Paper and notices lodged on Tuesday, 29 March 2022, and determined the order of precedence and times on Monday, 11 April 2022, as follows:
Items for Ho use of Representatives Chamber (10.10 am to 12 noon)
PRIVATE MEMBERS' BUSINESS
Orders of the day
1 YOUTH MENTAL HEALTH SERVICES: Resumption of debate ( from 18 October 2021 ) on the motion of Ms Templeman—That this House:
(1) notes with dismay that suicide is the leading cause of death among Australians aged 15 to 24 years;
(2) recognises that for young people the decision to access mental health care is fragile, and if they do not have a positive experience they may not make another attempt to seek help;
(3) further notes that youth-friendly mental health services are not available uniformly to young people; and
(4) calls on the Government to:
(a) increase access to effective mental health services and supports for young people across all stages of mental ill-health; and
(b) build a youth mental health workforce to meet the current and future needs
Time allotted — 30 minutes.
Speech time limits —
All Members — 5minutes each.
[Minimum number of proposed Members speaking = 6 x 5 mins]
The Committee determined that c onsideration of this matter should continue on a future day.
Notices
1 MR ENTSCH: To move:
That this House:
(1) notes that:
(a) 24 March 2022 is World Tuberculosis (TB) Day marking the anniversary of the discovery of the bacterium that causes TB, and a day to commemorate those who lose their lives to this deadly disease each year;
(b) TB is preventable and curable, yet prior to the COVID-19 pandemic it was the world's leading infectious disease killer;
(c) TB killed approximately 1.5 million people around the world in 2020, an increase for the first time in over a decade;
(d) the World Health Organization has found that the COVID-19 pandemic has already reversed the progress made in the fight against TB, with reduced access to treatment and diagnosis of the disease causing more deaths;
(e) the impacts of COVID-19 on TB have been forecasted to be considerably worse during 2021 and 2022;
(f) over 60 per cent of the global TB burden continues to be in our region, the Asia-Pacific;
(g) our region has also accounted for 84 per cent of the reduction in TB case notifications globally between 2019 and 2020, highlighting the effect COVID-19 is having on the detection, and thus treatment, of TB in many of our regional partners;
(h) funding for essential TB services went backwards in 2020; and
(i) global spending to end TB was less than 50 per cent of the 2022 target of the USD$13 billion set each year at the United Nations High-Level Meeting on TB;
(2) acknowledges that the Government:
(a) has provided significant bilateral support to our regional partners to strengthen their response to the COVID-19 pandemic, including committing to share 60 million doses of COVID-19 vaccines by the end of 2022;
(b) has contributed over $920 million to the Global Fund to Fight AIDS, Tuberculosis and Malaria (Global Fund) since its inception, over which time 44 million lives have been saved from deadly diseases (77 per cent of international financing for TB is provided by the Global Fund);
(c) pledged to commit $242 million at the Sixth Replenishment of the Global Fund in 2019, (the United States have announced they will host the Global Fund's Seventh Replenishment Conference in 2022); and
(d) commitments to the Global Fund and other global health initiatives, such as the $130 million investment in the COVAX Advance Market Commitment, have contributed to supporting the global COVID-19 response and saved countless lives; and
(3) calls on the Government to make an increased financial contribution to the Global Fund at the Seventh Replenishment Conference in the United States.
(Notice given 18 February 2022.)
Time allotted — 50 minutes.
Speech time limits —
Mr Entsch — 5minutes.
Other Members — 5minutes each.
[Minimum number of proposed Members speaking = 10 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
Orders of the day — continued
2 AGED CARE SECTOR: Resumption of debate ( from 14 February 2022 ) on the motion of Ms Coker—That this House:
(1) recognises that under the Government, Australia's aged care sector is in crisis due to almost nine years of neglect and funding cuts;
(2) notes that:
(a) after 21 expert reports, the Government knew older people were suffering in residential aged care and did nothing to fix the problems;
(b) the pandemic has exacerbated the structural problems and exposed the weaknesses in the aged care sector and the Government has done nothing to protect or support aged care workers or residents; and
(c) the Government has failed to plan ahead and has failed to supply aged care workers with adequate supplies of personal protection equipment; rapid antigen tests (RATs) and surge workforce which has led to tragic, unnecessary suffering and deaths of residents; and
(3) calls on the Government to:
(a) urgently supply resources, such as RATs needed to help aged care workers get back to work and to ensure residents in aged care get the care they deserve; and
(b) implement all the recommendations from the Royal Commission into Aged Care Quality and Safety, and end the neglect.
Time allotted — remaining private Members' business time prior to 12 noon.
Speech time limits —
All Members — 5minutes each.
[Minimum number of proposed Members speaking = 6 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
Items for Federation Chamber (11 am to 1.30 pm)
PRIVATE MEMBERS' BUSINESS
Notices
1 DR ALY: To move:
That this House:
(1) notes that:
(a) type 1 diabetes (T1D) is a chronic autoimmune health condition that cannot be prevented and affects 127,000 Australians;
(b) continuous glucose monitoring (CGM) is life saving and life changing technology that measures blood glucose, eliminates finger pricks, prevents long term complications and alerts the person for both dangerously high blood glucose readings and for low blood glucose readings;
(c) CGM saves lives of people living with T1D;
(d) tragic deaths have occurred because people in Australia have not been able to access CGM; and
(e) CGM is currently government funded for:
(i) those under 21 years of age;
(ii) those planning and during pregnancy; and
(iii) a small group of those with concession cards over the age of 21;
(2) commends:
(a) JDRF Australia (formerly the Juvenile Diabetes Research Foundation) for the research undertaken that has seen many advancements in preventing T1D, treating T1D and moving closer to a world without T1D;
(b) JDRF's Access For All campaign which aims to make T1D technology affordable and accessible for everyone who wants it; and
(c) Type 1 Diabetes Family Centre, in Western Australia, for their support and advocacy on behalf of the T1D community; and
(3) calls on the Government to:
(a) increase availability and access to CGM so that these technologies are consistent, equitable and available to everyone who wants them; and
(b) prioritise the welfare of those living with T1D.
(Notice given 2 December 2021.)
Time allotted — 45 minutes.
Speech time limits —
Dr Aly — 5minutes.
Other Members — 5minutes each.
[Minimum number of proposed Members speaking = 9 x 5 mins]
The Committee determined that consideration of this matter should cont inue on a future day.
2 MR CONAGHAN: To move:
That this House:
(1) notes that approximately 500,000 Australians including an estimated one in three Aboriginal and Torres Strait Islander people do not have a birth certificate;
(2) recognises the impact this can have on an individual's ability to access services, and participate in the workforce and community such as:
(a) access to government and health services;
(b) enrolment and participation in education;
(c) employment opportunities;
(d) obtaining a driver's licence for transport and mobility;
(e) opening an account with a financial institution;
(f) buying property; and
(g) registering for sporting teams and organisations;
(3) further notes the contribution to the risk factors for Aboriginal and Torres Strait Islander people, particularly in remote communities with limited access to birth registration services;
(4) acknowledges the work undertaken by the Pathfinders National Aboriginal Birth Certificate Program in partnership with the Paul Ramsay Foundation to:
(a) educate and inform Aboriginal and Torres Strait Islander communities;
(b) provide sign-up days for registration; and
(c) visit juvenile justice and correction centres to facilitate registration; and
(5) calls on state and territory governments to commit to removing the barriers for birth registration as a key measure under the National Agreement on Closing the Gap.
(Notice given 19 October 2021.)
Time allotted — 30 minutes.
Speech time limits —
Mr Conaghan — 5minutes.
Other Mem bers — 5minutes each.
[Minimum number of proposed Members speaking = 6 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
3 MR BANDT: To move:
That this House notes that:
(1) the mining and burning of coal, oil and gas is the primary cause of global heating and is causing more frequent and more intense floods, heatwaves, fires; and
(2) to protect lives and livelihoods, no new coal, oil and gas projects should be started in Australia.
(Notice given 29 March 2 022.)
Time allotted — 35 minutes.
Speech time limits —
Mr Bandt — 5minutes.
Other Members — 5minutes each.
[Minimum number of proposed Members speaking = 7 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
4 MR CHRISTENSEN: To move:
That this House:
(1) notes that:
(a) 1 December 1961 is commonly known by the people of West Papua as Independence Day;
(b) the New York Agreement of 15 August 1962 resulted in Dutch colonial authorities handing over the territory of West Papua to the Indonesian Government;
(c) conflict between West Papuans who seek independence and Indonesian authorities continues, and has resulted in the perpetration of grave human rights abuses, including extrajudicial killings, torture, rape, arbitrary arrest and detention, and destruction of property by Indonesian authorities; and
(d) as a result of the wide-spread and grave documented human rights atrocities, legal experts have labelled the situation in West Papua as a 'slow moving genocide' and
(2) calls on the Australian Government to:
(a) cease all Australian financial support and training of Indonesian military, police and security personnel until human rights abuses are eradicated;
(b) continue Australian engagement with the Indonesian Government on pressing human rights and humanitarian concerns, including taking steps to ensure a peaceful resolution to the ongoing conflict, and the protection of human rights defenders;
(c) provide humanitarian assistance and aid, including to displaced West Papuans;
(d) seek assurances from the Indonesian Government to allow visit for the United Nations Human Rights Commissioner to Papua as agreed by Joko Widodo in 2018; and
(e) encourage the Indonesian authorities to participate in dialogue with indigenous Papuan leaders, supported and chosen by the Papuan people, to seek a peaceful resolution to the long-running conflict in West Papua.
(Notice given 23 November 20 21.)
Time allotted — remaining private Members' business time prior to 1.30 pm.
Speech time limits —
Mr Christensen — 5minutes.
Other Members — 5minutes each.
[Minimum number of proposed Members speaking = 8 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
Items for Federation Chamber (4.45 pm to 7.30 pm)
PRIVATE MEMBERS' BUSINESS
Orders of the day
1 COVID-19: Resumption of debate ( from 14 February 2022 ) on the motion of Dr Freelander—That this House:
(1) recognises the significant impact that COVID-19 is continuing to have on the day-to-day lives of Australians;
(2) notes that the Government has demonstrably failed in preparing the nation to be able to live with COVID-19, with;
(a) significant shortages of basic necessities prevalent in our supermarkets and shops;
(b) many communities being unable to access Rapid Antigen Tests, and countless examples of price gouging of these essential medical supplies; and
(c) issues in supply chains, workforces and a lack of support from the Government continuing to wreak havoc on small businesses and employees;
(3) further notes that the Prime Minister and the Minister for Senior Australians and Aged Care Services would rather go to the cricket than show up and do their jobs while Australians continue to suffer; and
(4) condemns the Prime Minister and the Government for:
(a) their lack of foresight;
(b) their lack of planning;
(c) their lack of leadership; and
(d) abrogating their responsibilities to everyday Australians.
Time allotted — 45 minutes.
Speech time limits —
All Members — 5minutes each.
[Minimum number of proposed Members speaking = 9 x 5 mins]
The Committee de termined that consideration of this matter should continue on a future day.
Notices — continued
5 MR SHARMA: To move—That this House:
(1) notes that:
(a) the Normalisation Agreements with Israel are a series of agreements signed by Israel, the United Arab Emirates and Bahrain that seek to normalise relations between their respective countries;
(b) September 2021 marked the one-year anniversary of the signing of the agreements between Israel, the United Arab Emirates and Bahrain in Washington, DC; and
(c) since then, other Arab countries have entered into similar agreements for the normalisation of relations with Israel, including Morocco and Sudan;
(2) welcomes the changes to the region, that are part of a process to end decades of conflict by seeking to build strong regional relationships; and
(3) hopes that these agreements will encourage Israelis and Palestinians to build on earlier agreements in mutually negotiating a peaceful and enduring two-state solution to end the Israeli-Palestinian conflict.
(Notice given 25 November 2021.)
Time allotted — 45 minutes.
Speech time limits —
Mr Sharma — 5minutes.
Other Members — 5minutes each.
[Minimum number of proposed Members speaking = 9 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
Orders of the day — continued
2 COVID-19 YOUTH RECOVERY STRATEGY: Resumption of debate ( from 29 November 2021 ) on the motion of Ms Rishworth—That this House:
(1) recognises that young Australians have been disproportionately impacted by the COVID-19 pandemic and are being left behind in our recovery;
(2) notes that young people:
(a) are facing an extraordinary jobs crisis, further noting that:
(i) during the peak of the pandemic 15 per cent of all jobs were filled by young people yet 40 per cent of all jobs lost since March 2020 were held by a young person;
(ii) the youth unemployment rate soared four times the national average to 13.1 per cent in October 2021 and is now higher than pre-pandemic levels; and
(iii) 50 per cent of young Australians have said that getting more reliable work is of most importance to them when it comes to employment;
(b) are struggling with their mental health, with:
(i) more than 50 per cent of young Australians saying their biggest concern with COVID-19 was mental health;
(ii) one in two young Australians reported to not being able to carry out their daily activities during the pandemic due to a decline in wellbeing;
(iii) one third of young Australians reporting high or very high levels of psychological distress; and
(iv) 75 per cent of Australia's young people describing their mental health as worse during the COVID-19 pandemic;
(c) are suffering severe social disruption, as:
(i) many have missed out on once in a lifetime milestones and rites of passage; and
(ii) more feel isolated due to lockdowns with distributions to school attendance, campus life extinguished, and social gatherings restricted or prohibited;
(d) are grappling with disruptions to education and training, and:
(i) many feel their motivation and career plans have been dented; and
(ii) nearly 50 per cent of young Australians reported being worried about their education being disrupted or held back as a result of the changes to schooling; and
(e) feel they do not have a voice in politics, with:
(i) almost 60 per cent of young Australians feeling the biggest barrier to getting involved in politics was 'feeling like they won't be listened to'; and
(ii) 52 per cent of young people feeling they had a say 'none of the time' in public affairs; and
(3) calls on the Government to work with young people and urgently design a comprehensive COVID-19 Youth Recovery Strategy that puts young Australians at the centre of our economic and social recovery and builds our future generations.
Time allotted — 45 minutes.
Speech time limits —
All Members — 5minutes each.
[Minimum number of proposed Members speaking = 9 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
3 WASTE AND RECYCLING: Resumption of debate ( from 9 August 2021 ) on the motion of Mr T. R. Wilson—That this House:
(1) notes that the 2021-22 budget continues to support significant reforms in Australia's onshore waste and recycling industries, including:
(a) $67 million to support new food and garden organic waste initiatives that assist Australian households to better understand what can be recycled, divert the amount of waste going to landfill and produce top quality compost;
(b) an additional $5.9 million to expand the existing National Product Stewardship Investment Fund to invest in innovative industry-led solutions to improve the way products are designed, reused, repaired and recycled; and
(c) $5 million to help small businesses to adopt the Australasian Recycling Label to help make recycling easier and to boost recycling rates;
(2) further notes that the $190 million Recycling Modernisation Fund is leveraging more than $600 million of investment in state-of-the-art recycling infrastructure to sort, process and remanufacture waste materials onshore; and
(3) congratulates the Government for its leadership in driving a once in a generation $1 billion transformation of our waste and recycling industries that will reduce Australia's waste footprint by 10 million tonnes, protect our environment and create more than 10,000 jobs over the next decade.
Time allotted — remaining private Members' business time prior to 7.30 p m.
Speech time limits —
All Members — 5minutes each.
[Minimum number of proposed Members speaking = 6 x 5 mins]
The Committee determined that consideration of this matter should continue on a future day.
THE HON A. B. WALLACE MP
Speaker of the House of Representatives
30 March 2022
Treasury Laws Amendment (Cost of Living Support and Other Measures) Bill 2022
That this bill be now read a second time.
Excise Tariff Amendment (Cost of Living Support) Bill 2022
That this bill be now read a second time.
Customs Tariff Amendment (Cost of Living Support) Bill 2022
That this bill be now read a second time.
Aboriginal Land Grant (Jervis Bay Territory) Amendment (Strengthening Land and Governance Provisions) Bill 2022
That this bill be now read a second time.
That, in accordance with the provisions of the Public Works Committee Act 1969 , it is expedient to carry out the following proposed work which was referred to the Parliamentary Standing Committee on Public Works and on which the committee has duly reported to Parliament: Great Barrier Reef Marine Park Authority—Douglas Shoal env ironmental remediation.
That, in accordance with the provisions of the Public Works Committee Act 1969, it is expedient to carry out the following proposed work which was referred to the Parliamentary Standing Committee on Public Works and on which the committee has duly reported to Parliament: Services Australia—Fit-out of new leased premises at 120 Bathurst Street, Hobart, Tasmania.
There have long been calls to ban the whole group, with the distinction between the two factions derided as smoke and mirrors. Hezbollah itself has laughed off the suggestion that there is a difference. I have carefully considered the evidence and I am satisfied that they are one and the same, with the entire organisation being linked to terrorism…
This Government have continued to call on Hezbollah to end its armed status; it has not listened. Indeed, its behaviour has escalated; the distinction between its political and military wings is now untenable. It is right that we act now to proscribe this entire organisation.
6.15 The Committee noted evidence highlighting the importance of the sector, its contributions to Australian society more broadly and the importance of international engagement by universities. International research and collaboration—within reason—is a critical part of the Australian economy and society.
6.16 The Committee believes the independence of the sector is critical. Australian universities and research institutions hold entrenched freedoms that allow high quality research and democratic debate of ideas. This is important for both staff and students within the sector. The Australian higher education system plays an important role in Australian public life. The importance of freedom of speech on campuses, international research relationships and collaboration is critical. This independence is at risk though as national security threats can erode it.
6.17 The Committee notes that the sector plays a critical role in Australian society both economically and intellectually. The Committee accepted evidence that national security and academic integrity are not zero sum concepts. National security and academic integrity are mutually reinforcing and critical for a prosperous Australian society. The sector indicated its acknowledgement of the importance of national security, and the national security bodies indicated their support for academic independence and freedom.
Social Security Legislation Amendment (Streamlined Participation Requirements and Other Measures) Bill 2021
That all words after "That" be omitted with a view to substituting the following words:
"whilst not declining to give the bill a second reading, the House:
(1) notes it has grave concerns about the bill, including that:
(a) the Government seems determined to rush the bill through the Parliament, despite many stakeholders raising concerns about its effects; and
(b) there are almost one and a half million people looking for more work, thousands of workers and hundreds of businesses and providers in the employment services sector impacted by this rushed bill; and
(2) calls on the Government to ensure that job seekers are not left behind".
(1) Clause 2, page 2 (table items 8 and 10), omit the table items.
(2) Schedule 1, item 3, page 4 (lines 18 and 19), omit the item, substitute:
3 Subsection 93(1) (table items 18, 19 and 20)
Repeal the items.
(3) Schedule 1, item 61, page 14 (lines 7 and 8), omit the item, substitute:
61 Subparagraph 547AA(1)(b)(ii)
Omit "a Youth Allowance Employment Pathway Plan", substitute "an employment pathway plan".
(4) Schedule 1, item 66, page 14 (lines 27 and 28), omit the item.
(5) Schedule 1, item 80, page 17 (lines 13 and 14), omit the item, substitute:
80 Subparagraph 615(1)(b)(ii)
Omit "a Jobseeker Employment Pathway Plan", substitute "an employment pathway plan".
(6) Schedule 1, items 119 to 122, page 24 (lines 20 to 27), omit the items.
(7) Schedule 1, item 123, page 46 (after line 16), after Division 2B of Part 3, insert:
Division 2C — Guidelines
40Y Guidelines
The Employment Secretary must, by legislative instrument, determine guidelines about:
(a) how a person satisfies the Employment Secretary that the person is willing to actively seek and to accept and undertake paid work in Australia, except particular paid work that is unsuitable to be done by the person; and
(b) the following:
(i) the kind of information to be provided by the Employment Secretary to a person who has made a claim for a participation payment about the person entering into an employment pathway plan under section 40D or 40E;
(ii) the processes (including any technological requirements) for entering into such a plan;
(iii) the processes for reporting compliance with the requirements in such a plan; and
(c) the circumstances in which performing paid work in Australia may constitute a risk to health or safety and how a person satisfies the Employment Secretary that particular paid work constitutes such a risk.
(8) Schedule 1, page 46 (after line 28), after item 127, insert:
127A After subsection 42AC(1)
Insert:
(1A) However, a person does not commit a mutual obligation failure in relation to the person's failure to:
(a) accept an offer of paid work in Australia of more than 15 hours per week; or
(b) undertake paid work in Australia of more than 15 hours per week;
if the person is the principal carer of at least one child or has a partial capacity to work.
Note 1: For principal carer see subsections 5(15) to (24) of the 1991 Act.
Note 2: For partial capacity to work see section 16B of the 1991 Act.
(9) Schedule 1, page 46 (before line 29), before item 128, insert:
127B Section 42AD
Before "A", insert "(1)".
(10) Schedule 1, page 47 (after line 6), after item 130, insert:
130A At the end of section 42AD
Add:
(2) However, a person does not commit a work refusal failure if:
(a) the person is the principal carer of at least one child or has a partial capacity to work; and
(b) the person refuses or fails to accept an offer of paid work in Australia that is more than 15 hours per week.
Note 1: For principal carer see subsections 5(15) to (24) of the 1991 Act.
Note 2: For partial capacity to work see section 16B of the 1991 Act.
(11) Schedule 1, page 47 (before line 7), before item 131, insert:
130B At the end of section 42AE
Add:
(4) A person also does not commit an unemployment failure if:
(a) the person is the principal carer of at least one child or has a partial capacity to work; and
(b) the work in relation to which the person became unemployed was work of more than 15 hours per week.
Note 1: For principal carer see subsections 5(15) to (24) of the 1991 Act.
Note 2: For partial capacity to work see section 16B of the 1991 Act.
(12) Schedule 1, item 133, page 47 (lines 14 and 15), omit the item, substitute:
133 Subparagraph 42E(4)(b)(i)
Omit "section 544A of the 1991 Act", substitute "section 40A".
133A Subparagraph 42E(4)(b)(ii)
Omit "of that Act", substitute "of the 1991 Act".
133B Subparagraph 42E(4)(c)(i)
Omit "section 605 of the 1991 Act", substitute "section 40A".
133C Subparagraph 42E(4)(c)(ii)
Omit "of that Act", substitute "of the 1991 Act".
(13) Schedule 1, page 48 (after line 11), after item 140, insert:
140A At the end of section 42N
Add:
(3) Despite subsection (1), the Secretary must not determine that a person commits a serious failure under that subsection if:
(a) the person is the principal carer of at least one child or has a partial capacity to work; and
(b) the person refuses or fails to accept an offer of paid work in Australia that is more than 15 hours per week.
Note 1: For principal carer see subsections 5(15) to (24) of the 1991 Act.
Note 2: For partial capacity to work see section 16B of the 1991 Act.
(14) Schedule 1, page 48 (before line 12), before item 141, insert:
140B After subsection 42S(2)
Insert:
(2A) Despite subsection (1), the Secretary must not make a determination under that subsection in relation to a person if:
(a) the person is the principal carer of at least one child or has a partial capacity to work; and
(b) the work in relation to which the person became unemployed was work of more than 15 hours per week.
Note 1: For principal carer see subsections 5(15) to (24) of the 1991 Act.
Note 2: For part ial capacity to work see section 16B of the 1991 Act.
(15) Schedule 1, item 142, page 48 (lines 14 and 15), omit the item.
(16) Schedule 1, items 150 and 151, page 49 (line 27) to page 50 (line 8), omit the items.
(17) Schedule 1, item 153, page 52 (lines 19 to 32), omit the item.
(18) Schedule 1, item 158, page 58 (after line 20), after subitem (2), insert:
(2A) Subsection 42AC(1A) of the Social Security (Administration) Act 1999 , as inserted by this Schedule, applies in relation to a failure covered by paragraph 42AC(1A)(a) or (b) of that Act that occurs on or after the commencement of this item.
(19) Schedule 1, item 158, page 58 (after line 33), after subitem (5), insert:
Unemployment failures
(5A) The amendment of section 42AE of the Social Secur ity (Administration) Act 1999 made by this Schedule applies in relation to a voluntary act, or misconduct, that occurs on or after the commencement of this item.
(20) Schedule 1, item 158, page 60 (after line 4), after subitem (13), insert:
Unemployment re sulting from a voluntary act or misconduct
(13A) The amendment of section 42S of the Social Security (Administration) Act 1999 made by this Schedule applies in relation to a voluntary act, or misconduct, that occurs on or after the commencement of this item.
(21) Schedule 1, page 60 (after line 28), after item 159, insert:
159A Review of Workforce Australia, digital protections framework for employment services programs and safeguards for transition to Workforce Australia
Review of Workforce Australia
(1) The Employment Secretary must cause a comprehensive review to be conducted of the effectiveness of the program established by the Commonwealth and known as Workforce Australia in achieving its objectives. In particular, the review must cover the following:
(a) the effects of activity requirements, compliance and penalties on recipients of participation payments and on employment outcomes;
(b) the effects of digital services and enhanced services on recipients of participation payments, employers and employment outcomes.
(2) The Employment Secretary must cause the review to be completed before the second anniversary of the establishment of that program.
(3) The persons who conduct the review must give jobseekers, employers, employment services providers and relevant experts the opportunity to provide input in relation to the review.
(4) The persons who conduct the review must give the Employment Secretary and the Employment Minister a written report of the review.
(5) The Employment Minister must cause a copy of the report to be tabled in each House of the Parliament within 15 sitting days of that House after the report is given to the Employment Minister.
(6) The persons who conduct the review must publish the report on the internet as soon as practicable after that tabling.
Digital protections framework for employment services programs
(7) The Employment Secretary must, by legislative instrument, determine a digital protections framework for employment services programs established by the Commonwealth.
(8) Without limiting subitem (7), the framework must deal with the following:
(a) natural justice;
(b) human rights protections;
(c) transparency and freedom from bias;
(d) privacy;
(e) accessibility of technological processes.
(9) The Employment Secretary's use of technological processes in relation to the following must comply with the framework:
(a) persons entering into employment pathway plans under Division 2A of Part 3 of the Social Security (Administration) Act 1999 ;
(b) the variation of those employment pathway plans;
(c) the cancellation of those employment pathway plans;
(d) the monitoring and reporting of compliance with those employment pathway plans;
(e) the consequences that arise as a result of non-compliance with those employment pathway plans.
Safeguards — transition to Workforce Australia
(10) The Employment Secretary must make arrangements to ensure that a person is not subject to financial penalties or otherwise disadvantaged because of mutual obligation failures covered by paragraph 42AC(1)(e) or (f) of the Social Security (Administration) Act 1999 that are committed in the period of 1 month beginning on the day the person transitions to the program established by the Commonwealth and known as Workforce Australia, where the transition occurs before the end of 30 September 2022 under arrangements made by the Employment Secretary.
Definitions
(11) In this item:
Employment Minister means the Minister who administers Division 3AA of Part 3 of theSocial Security (Administrati on) Act 1999 .
Employment Secretary means the Secretary of the Department administered by the Employment Minister.
(22) Schedule 8, page 75 (line 1) to page 78 (line 14), omit the Schedule.
(23) Schedule 10, page 82 (lines 1 to 7), omit the Schedule.
That this bill be now read a third time.
That so much of the standing orders be suspended as would prevent:
(1) the House inviting His Excellency Mr Volodymyr Zelenskyy, President of Ukraine, to address the House by video-facility on Thursday, 31 March 2022, at 5.30 pm;
(2) unless otherwise ordered, for the purposes of the address by the President of Ukraine:
(a) the House suspending at 5.15 pm, and resuming at 5.30 pm;
(b) the proceedings at 5.30 pm being welcoming remarks by the Prime Minister and the Leader of the Opposition and an address by the President of Ukraine;
(c) at the conclusion of His Excellency's address the House suspending until the ringing of the bells; and
(d) the provisions of standing order 257(c) applying to the area of Members' seats as well as the galleries;
(3) a message being sent to the Senate inviting Senators to attend the House as guests for the welcoming remarks by the Prime Minister and the Leader of the Opposition and address by the President of Ukraine; and
(4) any variation to this arrangement being made only by a motion moved by a Minister.
Social Services and Other Legislation Amendment (Pension Loans Scheme Enhancements) Bill 2021
That this bill be now read a third time.
Social Security Amendment (Improved Child to Adult Transfer for Carer Payment and Carer Allowance) Bill 2022
That all words after "That" be omitted with a view to substituting the following words:
"whilst not declining to give the bill a second reading, the House:
(1) notes the Coalition Government's long delayed changes to the age transfer rules for Carer Support Payments, when children with a disability or terminally ill are turning 16 years, have caused needless anxiety for families; and
(2) condemns the Government for continually failing Australia's 2.6 million carers, including aged carers, especially through the COVID pandemic".
That this bill be now read a third time.
National Security Legislation Amendment (Comprehensive Review and Other Measures No. 1) Bill 2021
That this bill be now read a third time.
That so much of the standing orders be suspended as would prevent the resolution fixing the presumption of debate on the Treasury Laws Amendment (Cost of Living Support and Other Measures) Bill 2022 for the next sitting being rescinded and the debate being adjourned to a later hour this day.
Treasury Laws Amendment (Cost of Living Support and Other Measures) Bill 2022
Excise Tariff Amendment (Cost of Living Support) Bill 2022
Customs Tariff Amendment (Cost of Living Support) Bill 2022
Cognate debate.
Consideration resumed of the motion:
That this bill be now read a second time.
That this bill be now read a third time.
Excise Tariff Amendment (Cost of Living Support) Bill 2022
That this bill be now read a third time.
Customs Tariff Amendment (Cost of Living Support) Bill 2022
That this bill be now read a third time.
National Disability Insurance Scheme Amendment (Participant Service Guarantee and Other Measures) Bill 2021
Music binds us and connects us not only as humans, but to the evolution of life itself’
What we see, this is not a movie, not a bad dream. This is the reality now.
This Budget is about saying where we make money we will make more, as much as we can.
If this was an air war, it would be the Blitz…
The intensity and the frequency of the attacks are on the same scale and if we let too many so-called bombers and their payloads through then it will sow the seeds of defeat.
there's a real venom out there directed at the prime minister that he doesn't understand what's occurring on the ground. This is like a remake of the bushfires some two years ago.
You just have to drive around the area to talk to the people to see they've lost everything.
The federal government is disconnected with the good people of Australia and we're paying the price for it here … I think they should hang their heads in shame.
The failure of the government's budget to make up for a decade of attacks on wages and job security.
In my public life, I have met ruthless people. Morrison tops the list… Morrison is not fit to be Prime Minister.
I'm on DSP. I "survive" because my adult children help out with my mortgage otherwise I'd be homeless. No meat, don't go anywhere, live on pasta, rice, lentils. Medical costs take a big chunk of my money.
I live on rice thins and coleslaw… occasional bit of chicken. Rent is just under half my weekly wage. I'm on 30 hrs per week, over 60 and can't jag full time work. I don't know what my future will look like.
For the first time in my life, I find myself putting things back on the shelf when shopping.
Grocery shopping is becoming upsetting.
I can't remember the last time I had lamb or steak. If it's not marked down we're only having the cheapest cuts, like chuck done in the slow cooker.
Appropriation Bill (No. 3) 2021-2022
Appropriation Bill (No. 4) 2021-2022
Supply Bill (No. 1) 2022-2023
Supply Bill (No. 2) 2022-2023
Supply (Parliamentary Departments) Bill (No. 1) 2022-2023
National Disability Insurance Scheme Amendment (Participant Service Guarantee and Other Measures) Bill 2021
That all words after "That" be omitted with a view to substituting the following words:
"whilst not declining to give the bill a second reading, the House calls on the Government to:
(1) immediately stop the cuts to NDIS participant plans; and
(2) commit to full transparency around scheme costs".
(1) Clause 2, page 5 (at the end of the table), add:
(2) Page 49 (after line 5), at the end of the Bill, add:
Schedule 4 — COVID vaccination
National Disability Insurance Scheme Act 2013
1 Section 9
Insert:
COVID means the coronavirus commonly known as COVID-19 (including any subsequent variants of that coronavirus).
2 At the end of Part 2 of Chapter 7
Add:
204AA CO VID vaccination
This Act does not authorise the doing of anything (including the making of a legislative instrument or an administrative decision) that has the effect of discriminating, directly or indirectly, against a person on the ground that the person has not received or will not receive a COVID vaccination.
Example 1: Denying support under the NDIS to a person with a disability unless the person receives a COVID vaccination.
Example 2: Refusing to register a person as a registered NDIS provider unless staff of the provider are vaccinated, or making such registration conditional on staff of the provider being vaccinated.
Example 3: Making funding for supports conditional on the supports being provided by a person who is vaccinated.
(1) Clause 2, page 4 (table item 23), omit "items 61 and 62", substitute "item 61".
(2) Schedule 1, item 23, page 9 (lines 7 to 15), omit subsection 47A(1), substitute:
(1) The CEO may, in writing, vary a participant's plan (except the participant's statement of goals and aspirations) if:
(a) the variation:
(i) is covered by subsection (1A); or
(ii) is a correction of a minor or technical error; and
(b) any conditions prescribed by the National Disability Insurance Scheme rules are satisfied.
Each variation must be prepared with the participant.
(1A) For the purposes of subparagraph (1)(a)(i), the following variations of a participant's plan are covered:
(a) a variation to the reassessment date of the plan;
(b) a variation of the statement of participant supports included in the plan in relation to the management of:
(i) the funding for supports under the plan; or
(ii) other aspects of the plan;
(c) a variation of the statement of participant supports included in the plan if:
(i) the statement specifies that a support is to be provided by a specified provider, or in a specified manner; and
(ii) the variation is to specify that the support is to be provided by another provider, or in another manner, as the case may be;
(d) a variation of the statement of participant supports included in the plan, or of the funding of supports under the plan, if:
(i) the CEO is satisfied that the participant requires crisis or emergency funding as a result of a significant change to the participant's support needs; or
(ii) after the participant's plan comes into effect, the CEO receives information in response to a request that had been made under subsection 36(2) or 50(2) in relation to the plan (other than a request made under subsection 50(2) for the purposes of varying the plan on the CEO's own initiative), and the variation relates to that information; or
(iii) the variation is made for the purposes of dealing with a change to the reassessment date of the participant's plan; or
(iv) the variation is a minor variation that results in an increase to the funding of supports under the participant's plan.
Note 1: Information mentioned subparagraph (d)(ii) could relate to a support such as an item of assistive technology or a home modification.
Note 2: A statement of participant supports in a participant's plan must give effect to the plan management request of a participant except in certain circumstances (see subsection 43(2)).
Note 3: In varying the participant's plan in relation to the statement of participant supports, the CEO must have regard to the matters set out in subsection (3) of this section.
(3) Schedule 1, item 23, page 10 (lines 8 and 9), omit "and not to reassess the plan under subsection 48(1)".
(4) Schedule 1, item 23, page 10 (lines 10 and 11), omit paragraph 47A(4)(c).
(5) Schedule 1, item 23, page 10 (line 19), omit "and not to reassess the plan under subsection 48(1)".
(6) Schedule 1, item 23, page 10 (lines 26 to 30), omit subsection 47A(7).
(7) Schedule 1, item 39, page 16 (table item 6A), omit "and not to reassess the plan".
(8) Schedule 1, item 58, page 20 (lines 21 to 23), omit the item, substitute:
58 Subsection 209(8) (table item 1, column headed "Description", paragraph (eb))
Repeal the paragraph, substitute:
(eb) paragraph 47A(1)(b) and subsection 47A(6);
(f) subsection 48(5);
(9) Schedule 1, item 62, page 21 (lines 3 to 7), omit the item.
(10) Schedule 2, item 18, page 29 (line 4), omit "to which a psychosocial disability is attributable and".
(11) Schedule 2, item 20, page 29 (lines 17 and 18), omit "subparagraph (1)(a)(ii), an impairment or impairments to which a psychosocial disability is attributable and", substitute "subparagraph (1)(a)(i) or (ii), an impairment or impairments".
(12) Schedule 2, item 21, page 29 (lines 21 and 22), omit the item.
(13) Schedule 2, item 24, page 29 (line 27) to page 30 (line 10), omit the item.
(14) Schedule 2, item 53, page 37 (lines 3 to 6), omit the item, substitute:
53 Subsection 209(8) (table item 1, column headed "Description", before paragraph (a))
Insert:
(aa) subsection 14(3);
That this bill be now read a third time.
That business intervening before order of the day No. 10, government business, be postponed until a later hour this day.
Data Availability and Transparency Bill 2020
Data Availability and Transparency (Consequential Amendments) Bill 2020
That all words after "That" be omitted with a view to substituting the following words:
"whilst not declining to give the bill a second reading, the House calls on the Government to:
(1) support the appointment of a Data Commissioner;
(2) immediately abolish the Average Staffing Level cap for the Digital Transformation Agency;
(3) reduce the scourge of contracting out by placing an annual limit on the number of consecutive fixed-term labour hire contracts an agency can issue for a role; and
(4) immediately finalise and publish the Digital Review—including information relating to current and forecast ICT expenditure and assets—conducted by the Digital Transformation Agency".
We went to the client and said, we only want to do one thing, we want to run a campaign where we target the youth—all youth, all the Blacks and all the Indians—and we try and increase apathy.
… … …
We came up with this campaign which was all about ‘Be part of the gang, do something cool, be part of a movement.'
… … …
Don't vote. Don't be involved in politics. It's like a sign of resistance against – not government, against politics. And voting. And very soon they're making their own YouTube videos. This is the prime minister’s house that's being graffitied! … It was carnage.
… The Bill establishes a new data sharing scheme which will serve as a pathway and regulatory framework for sharing public sector data—
'Sharing' involves providing controlled access to data, as distinct from open release to the public.
This bill is about creating a scheme that will provide controlled access to data to trusted people and organisations.
We believe:
In the inalienable rights and freedoms of all peoples; and we—
work towards a lean government that minimises interference in our daily lives.
(1) Clause 3, page 2 (line 17), omit "consistent safeguards for sharing public sector data", substitute "the sharing of public sector data consistently with the Privacy Act 1988 and appropriate security safeguards".
(2) Clause 4, page 2 (line 24) to page 3 (line 24), omit the clause, substitute:
4 Simplified outline of this Act
This Act establishes a data sharing scheme under which Commonwealth bodies are authorised to share their public sector data with accredited users, and accredited users are authorised to collect and use the data, in a controlled way.
The sharing, collection and use of data must be part of a project that is for one or more of the defined data sharing purposes, and must be done consistently with the data sharing principles and under a registered data sharing agreement that meets the requirements of this Act. Privacy protections apply to the sharing of personal information.
Data may be shared directly with an accredited user, or through an intermediary accredited for the purpose (called an ADSP, short for accredited data service provider).
The National Data Commissioner is the regulator of the data sharing scheme and also has the function of providing education and support in relation to handling public sector data.
The Commissioner's regulatory functions include accrediting ADSPs and users other than Commonwealth, State and Territory bodies. The Minister has the function of accrediting such bodies as users.
The Commissioner also has functions relating to handling complaints and powers to require information and to assess, monitor and investigate data scheme entities.
Data scheme entities have responsibilities under the Act. A range of enforcement options are available to the Commissioner.
This Act mainly relies for its constitutional basis on the matters set out in subsection 13(4) (constitutional requirements for authorisation for data custodian to share public sector data) (but see also subsections 42(2) and 61(2)).
(3) Clause 7, page 4 (line 13), after "this Act, have effect", insert "in relation to acts, omissions, matters and things outside Australia".
(4) Clause 8, page 4 (line 19) to page 5 (line 7), omit the clause.
(5) Clause 9, page 6 (after line 4), before the definition of accredited entity , insert:
access has a meaning affected by section 10.
accreditation authority means:
(a) for an entity applying for accreditation, or accredited, as an ADSP—the Commissioner; or
(b) for a Commonwealth body, State body or Territory body, or the Commonwealth or a State or Territory, applying for accreditation, or accredited, as an accredited user—the Minister; or
(c) for another entity applying for accreditation, or accredited, as an accredited user—the Commissioner.
(6) Clause 9, page 6 (after line 7), after the definition of ADSP , insert:
ADSP-controlled access : see subsection 16B(6).
(7) Clause 9, page 6 (line 8), omit "10(3)", substitute "11A(3)".
(8) Clause 9, page 6 (after line 17), after the definition of APP entity , insert:
APP-equivalence term : see subsection 16E(2).
(9) Clause 9, page 6 (after line 18), after the definition of appointed member , insert:
approved contract : see subsection 123(3).
(10) Clause 9, page 6 (line 25) to page 7 (line 6), omit the definition of Australian entity , substitute:
Australian entity means an entity that is any of the following:
(a) a Commonwealth body, a State body or a Territory body;
(b) the Commonwealth, a State or a Territory;
(c) an Australian university.
(11) Clause 9, page 7 (after line 7), after the definition of Australian ship , insert:
Australian university meansa registered higher education provider:
(a) that, for the purposes of the Tertiary Education Quality and Standards Agency Act 2011 , is registered in the "Australian University" provider category; and
(b) that is established by or under a law of the Commonwealth, a State or a Territory.
(12) Clause 9, page 7 (after line 8), after the definition of authorised officer , insert:
biometric data :
(a) means personal information about any measurable biological or behavioural characteristic relating to an individual that could be used to identify the individual or verify the individual's identity; and
(b) includes a biometric template containing representations of information mentioned in paragraph (a).
Note: Data that is not personal information cannot be biometric data. For example, an eye colour, by itself, is not biometric data.
(13) Clause 9, page 7 (lines 12 to 15), omit the definition of Circuit Court , substitute:
Circuit Court means the Federal Circuit and Family Court of Australia (Division 2).
(14) Clause 9, page 7 (lines 18 to 21), omit the definition of class member .
(15) Clause 9, page 7 (lines 24 to 29), omit the definition of Commonwealth body , substitute:
Commonwealth body :
(a) means:
(i) a Commonwealth entity, or a Commonwealth company, within the meaning of the Public Governance, Performance and Accountability Act 2013 ; or
(ii) any other person or body that is an agency within the meaning of the Freedom of Information Act 1982 ; but
(b) does not include an Australian university.
(16) Clause 9, page 7 (after line 29), after the definition of Commonwealth body , insert:
complex data integration service : see subsection 16D(3).
condition of accreditation means a condition:
(a) prescribed by the rules for the purposes of subsection 77B(1); or
(b) imposed under section 74, 78 or 84.
(17) Clause 9, page 8 (line 16), omit the definition of data , substitute:
data means any information in a form capable of being communicated, analysed or processed (whether by an individual or by computer or other automated means).
(18) Clause 9, page 8 (after line 28), after the definition of Defence Depa rtment , insert:
de-identification data service : see subsection 16C(3).
de-identified has the same meaning as in thePrivacy Act 1988 .
delivery of government services : see subsection 15(1A).
designated individual : see section 123.
designation : see section 123.
(19) Clause 9, page 9 (lines 8 to 16), omit the definition of entity , substitute:
entity means any of the following:
(a) a Commonwealth body, a State body or a Territory body;
(b) a body politic;
(c) an Australian university;
(d) a body corporate;
(e) an individual.
(20) Clause 9, page 9 (after line 17), after the definition of excluded entity , insert:
exit : see section 20E.
(21) Clause 9, page 9 (line 19), omit the definition of foreign entity .
(22) Clause 9, page 9 (before line 20), before the definition of guidelines , insert:
final output of a project means the output specified as the agreed final output in the data sharing agreement for the project (see paragraph 19(3)(b)).
(23) Clause 9, page 9 (after line 20), after the definition of guidelines , insert:
government entity : see subsection 125A(4).
(24) Clause 9, page 9 (lines 21 and 22), omit the definition of mandatory term .
(25) Clause 9, page 10 (line 4) omit "10(4)", substitute "11A(1)".
(26) Clause 9, page 10 (after line 8), at the end of the definition of personal information , add:
Note: Information that has been de-identified is no longer personal information.
(27) Clause 9, page 10 (after line 14), after the definition of primary offence , insert:
project : see section 11A.
(28) Clause 9, page 10 (line 15), omit the definition of publ ic sector data , substitute:
public sector data means data lawfully collected, created or held by or on behalf of a Commonwealth body, and includes ADSP-enhanced data.
(29) Clause 9, page 10 (after line 15), after the definition of public sector data , insert:
registered : a data sharing agreement isregistered if the agreement is included in the register of data sharing agreements under subsection 130(4).
(30) Clause 9, page 10 (line 16), omit "section 45", substitute "subsection 45(1)".
(31) Clause 9, page 10 (line 19), omit the definition of release , substitute:
release : see subsection 10(1).
(32) Clause 9, page 10 (lines 20 to 24), omit the definition of representative complaint .
(33) Clause 9, page 10 (line 25), omit the definition of responsible individua l .
(34) Clause 9, page 10 (after line 26), after the definition of reviewable decision , insert:
reviewer : see section 118.
(35) Clause 9, page 10 (line 28), omit the definition of scheme data , substitute:
scheme data means:
(a) any copy of data created for the purpose of being shared under section 13 as part of a project and held by the entity that is the sharer mentioned in that section, whether or not the data has yet been shared; or
(b) output of a project, other than a copy that has exited the data sharing scheme (see section 20E); or
(c) ADSP-enhanced data of a project, other than a copy that has exited the data sharing scheme (see section 20E).
(36) Clause 9, page 10 (after line 28), after the definition of scheme data , insert:
secure access data service : see subsection 16C(4).
security has the same meaning as in theAustralian Security Intelligence Organisation Act 1979 .
(37) Clause 9, page 11 (lines 1 and 2), omit the definition of share , substitute:
share : see subsection 10(2).
(38) Clause 9, page 11 (after line 2), after the definition of share , insert:
source data : see paragraph 19(3)(a).
(39) Clause 9, page 11 (line 3), omit the definition of State body , substitute:
State body means any of the following, but does not include an Australian university:
(a) a department of a State;
(b) a body established for a public purpose by or under a law of a State, other than a body prescribed by the rules;
(c) the holder of a statutory office appointed under a law of a State, other than an office prescribed by the rules.
(40) Clause 9, page 11 (after line 3), after the definition of State body , insert:
submit : see subsection 20A(3).
(41) Clause 9, page 11 (line 4), omit the definition of Territory body , substitute:
Territory body means any of the following, but does not include an Australian university:
(a) a department of a Territory;
(b) a body established for a public purpose by or under a law of a Territory, other than a body prescribed by the rules;
(c) the holder of a statutory office appointed under a law of a Territory, other than an office prescribed by the rules.
(42) Clause 9, page 11 (after line 4), at the end of the clause, add:
use includes handle, store and provide access.
Note: Examples of use of data by an accredited user include developing and modifying output.
(43) Clause 10, page 11 (lines 5 to 24), omit the clause, substitute:
10 References to access to data
(1) For the purposes of this Act, a reference to an entity providing access to data includes a reference to the entity:
(a) providing another entity with access to the data; and
(b) providing open access to the data ( releasing the data).
(2) This Act uses the expression share to refer to data custodians of public sector data providing accredited entities with access to data under this Act.
(3) For the purposes of this Act, if an entity provides another entity with access to data:
(a) the entity that provides access is taken to retain a copy of the data; and
(b) the entity to which access is provided is taken to collect a copy of the data.
(44) Clause 11, page 11 (line 29) to page 12 (line 10), omit subclause (2), substitute:
(2) An entity is a data custodian if the entity:
(a) is a Commonwealth body; and
(b) is not an excluded entity; and
(c) either:
(i) controls public sector data (whether alone or jointly with another entity), including by having the right to deal with that data; or
(ii) has become the data custodian of output of a project in accordance with section 20F.
(2A) If a data custodian of public sector data shares the data with an intermediary under section 13 as part of a project, the data custodian is taken also to be the data custodian of any ADSP-enhanced data of the project.
(45) Clause 11, page 12 (before line 12), before paragraph (3)(a), insert:
(aa) the National Data Commissioner and any APS employee made available to the National Data Commissioner under section 47;
(46) Clause 11, page 12 (after line 15), after paragraph (3)(b), insert:
(ba) the Australian Federal Police;
(47) Clause 11, page 12 (line 33), omit "share with third parties", substitute "provide other entities with access to, or release".
(48) Clause 11, page 13 (after line 1), at the end of the clause, add:
(5) A data scheme entity may do things under this Act in different capacities. In each of those capacities, the entity is taken to be a different data scheme entity. Among other things, this means that a data scheme entity may enter into a data sharing agreement to which it is party in more than one capacity.
Note: For example, the same entity may be party to the agreement in its capacity as data custodian of data to be shared and in its capacity as the accredited entity with which the data is shared.
(49) Page 13 (after line 1), at the end of Part 1.2, add:
11A The data sharing project
Project, and output and ADSP-enhanced data of project
(1) A project involves at least both of the following elements:
(a) an entity (the sharer ) shares data with another entity (theuser ), either directly or through another entity (theintermediary );
(b) the user collects the data and uses the output of the project, which is:
(i) the copy of the data collected by the user; and
(ii) any data that is the result or product of the user's use of the shared data.
Note 1: The sharer's authorisation to share data is in section 13. The user's authorisation to collect and use data is in section 13A.
Note 2: A project may involve sharing of data by multiple sharers, if multiple entities are data custodians of the data.
(2) If, for the purposes of sharing data under section 13, data services are performed in relation to data, or data is created, by or on behalf of the sharer, the project also involves performing the services or creating the data.
(3) If the sharer shares data with the user through an intermediary, the project also involves both of the following elements:
(a) the sharer shares the data with the intermediary;
(b) the intermediary collects the data and uses the ADSP-enhanced data of the project, which is:
(i) the copy of the data collected by the intermediary; and
(ii) any data that is the result or product of the intermediary's use of the shared data.
Note: The sharer's authorisation to share data with the intermediary, and the intermediary's authorisation to share data with the user on behalf of the sharer, are in section 13. The intermediary's authorisation to collect data from the sharer and use it is in section 13B.
(4) If the sharer is provided with access to output or ADSP-enhanced data of the project, the project also involves the sharer's collection and use of the output or ADSP-enhanced data.
Note: The sharer's authorisation to collect and use the output or ADSP-enhanced data of the project is in section 13C.
Combining projects
(5) A data sharing agreement may treat multiple projects as a single project, as long as they all have the same data sharing purpose or purposes and the same sharer and user and (if applicable) intermediary.
Successive projects
(6) If the user in a project shares data that is output of the project as part of a later project:
(a) the copy retained by the user continues to be output of the earlier project; and
(b) the copy collected by the user in the later project is output of the later project in accordance with paragraph (1)(b); and
(c) if the sharing in the later project is done through an intermediary—the copy collected by the intermediary in the later project is ADSP-enhanced data of the later project in accordance with paragraph (3)(b).
Note: A data sharing agreement may allow the user to share output under section 13 as part of a later project (see section 20D).
(50) Heading to Chapter 2, page 14 (line 1), omit "to share data".
(51) Clause 12, page 14 (lines 4 to 29), omit the clause, substitute:
Part 2.1 — Introduction
12 Simplified outline of th is Chapter
Under the data sharing scheme, Commonwealth bodies are authorised to share their public sector data with accredited users, and accredited users are authorised to collect and use the data, in a controlled way. Data may be shared with an accredited user directly, or through an intermediary accredited for the purpose (called an ADSP, short for accredited data service provider).
The sharing, collection and use of data must be part of a project that is for one or more of the defined data sharing purposes, and must be done consistently with the data sharing principles and a registered data sharing agreement that meets the requirements of this Act. Privacy protections apply to the sharing of personal information.
Commonwealth bodies must be the data custodian of public sector data they share (i.e. they must control the data, including by having the right to deal with it). Some Commonwealth bodies are excluded from the scheme.
Some sharing of data is barred (e.g. if the sharing would contravene a prescribed law or an agreement).
An accredited user's authorisation to use data may in some circumstances extend to providing access to output of the project to other entities, which may or may not be accredited. There are limits on the circumstances in which data sharing agreements may allow this.
If sharing, collection or use is authorised by this Chapter, the authorisation has effect despite any other law of the Commonwealth or a State or Territory.
Data custodians and accredited entities must comply with the rules made by the Minister and data codes made by the National Data Commissioner and meet other responsibilities under this Chapter.
This Act mainly relies for its constitutional basis on the matters set out in subsection 13(4) (constitutional requirements for authorisation for data custodian to share public sector data) (but see also subsections 42(2) and 61(2)).
(52) Clause 13, page 15 (line 1) to page 16 (line 13), omit the clause, substitute:
Part 2.2 — Authorisations
13 Authorisation for data custodian to s hare public sector data
(1) An entity (the sharer ) is authorised to share data with another entity (theuser ), either directly or through another entity (theintermediary ), if all of the following apply:
(a) the constitutional requirements in subsection (4) are met;
(b) the data custodian requirements in subsection (2) are met;
(c) the project the sharing is part of is covered by a registered data sharing agreement that is in effect and that meets the requirements of this Act;
(d) the sharing is in accordance with the data sharing agreement;
(e) the sharer is satisfied that the project is consistent with the data sharing principles;
(f) the user is an accredited user and its accreditation is not suspended;
(g) if the data shared with the user includes personal information—the privacy coverage condition in section 16E is met in relation to the user;
(h) if the sharer shares through an intermediary—the intermediary is an ADSP and its accreditation is not suspended;
(i) if the data shared with the intermediary includes personal information—the privacy coverage condition in section 16E is met in relation to the intermediary.
Note: This section authorises the sharer to share its public sector data with the user and with the intermediary (if any). It also authorises the intermediary (if any) to share with the user, on behalf of the sharer, ADSP-enhanced data of which the sharer is the data custodian.
(2) The data custodian requirementsare the following:
(a) the data is public sector data and the sharer is the data custodian of the data;
(b) if the sharer is not the only data custodian of the data—authority to share the data has been given by each other data custodian;
(c) the sharing is not barred by section 17;
(d) the sharing is consistent with the general privacy protections in section 16A and the purpose-specific privacy protections in section 16B;
(e) if the data shared does not include personal information—only the minimum amount of data necessary for the project to proceed is shared;
(f) if the requirement in subsection 16C(2) or 16D(2) applies—the requirement is met.
Note: If sharing is done through an intermediary, it is possible that authority to share as mentioned in paragraph (2)(b) will be needed from additional data custodians of ADSP-enhanced data of the project, before the ADSP-enhanced data can be shared with the user.
(3) Authority given by a data custodian for the purposes of paragraph (2)(b) must be given by one of the following:
(a) an authorised officer of that data custodian;
(b) if another data custodian is authorised to act as the agent of that data custodian—an authorised officer of the agent data custodian.
(4) The constitutional requirements are that any of the following apply:
(a) the data is shared with a Commonwealth body or Territory body, or the Commonwealth or a Territory;
(b) the data is shared with a State body or a State, as part of a project that:
(i) relates to a matter of national interest that requires national cooperation to achieve an identified national objective; or
(ii) addresses an immediate need to take coordinated action in an area that will have significant national and cross-jurisdictional effect; or
(iii) occurs in the context of the Commonwealth otherwise facilitating cooperation with or between the States;
(c) the data is shared as part of a project that is for a data sharing purpose set out in paragraph 15(1)(a) (delivery of government services) or (b) (informing government policy and programs), if the government concerned is or includes the Commonwealth;
(d) the data is shared with a constitutional corporation as part of a project that is for the data sharing purpose set out in paragraph 15(1)(c) (research and development);
(e) the data is shared by means of electronic communication;
(f) the data is shared to enable analysis for statistical purposes;
(g) the data is statistical information.
13A Authorisation for accredited user to collect and use data
An entity (the user ) is authorised to collect data shared with the user under, or purportedly under, section 13 as part of a project, or to use output of the project, if all of the following apply:
(a) the project is covered by a registered data sharing agreement that is in effect and that meets the requirements of this Act;
(b) the collection or use is in accordance with the data sharing agreement;
(c) the user is satisfied that the project is consistent with the data sharing principles;
(d) the user is an accredited user and its accreditation is not suspended;
(e) if the data shared with the user includes personal information—the privacy coverage condition in section 16E is met in relation to the user;
(f) if the sharing by the sharer is not authorised by section 13—the user does not know and could not reasonably be expected to know that.
13B Authorisation for ADSP to act as intermediary
If an entity (the sharer ) is sharing data with another entity (theuser ) under, or purportedly under, section 13 through another entity (theintermediary ) as part of a project, the intermediary is authorised to collect data shared with it by the sharer, or to use ADSP-enhanced data of the project, if all of the following apply:
(a) the project is covered by a registered data sharing agreement that is in effect and that meets the requirements of this Act;
(b) the collection or use is in accordance with the data sharing agreement;
(c) the intermediary is satisfied that the project is consistent with the data sharing principles;
(d) the intermediary is an ADSP and its accreditation is not suspended;
(e) if the data shared with the intermediary includes personal information—the privacy coverage condition in section 16E is met in relation to the intermediary;
(f) if the sharing by the sharer is not authorised by section 13—the intermediary does not know and could not reasonably be expected to know that.
13C Authorisation for data custodian to collect and use submitted data
If an entity (the sharer ) has shared data with the user under section 13 as part of a project, either directly or through an intermediary, the sharer is authorised to collect output or ADSP-enhanced data of the project from the user or intermediary, or to use output or ADSP-enhanced data of the project collected from the user or intermediary, if both of the following apply:
(a) the project is covered by a registered data sharing agreement that is in effect and that meets the requirements of this Act;
(b) the collection or use by the sharer is in accordance with the data sharing agreement.
(53) Clause 14, page 16 (line 14) to page 18 (line 8), omit the clause, substitute:
14 Penalties for unauthorised sharing
Civil penalty provisions
(1) An entity contravenes this subsection if:
(a) the entity provides access to data; and
(b) the provision of access is purportedly under section 13; and
(c) the provision of access is not authorised by section 13.
Civil penalty: 300 penalty units.
(2) An individual or a body corporate contravenes this subsection if:
(a) the individual or body corporate uses data; and
(b) the use is a provision of access to the data by an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act.
Civil penalty: 300 penalty units.
Offences
(3) An entity commits an offence if:
(a) the entity provides access to data; and
(b) the provision of access is purportedly under section 13; and
(c) the provision of access is not authorised by section 13 and the entity is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
(4) An individual or a body corporate commits an offence if:
(a) the individual or body corporate uses data; and
(b) the use is a provision of access to the data by an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act and the individual is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
14A Penalties for unauthorised collection or use
Civil penalty provisions for user or intermediary
(1) An entity contravenes this subsection if:
(a) the entity collects or uses data; and
(b) the data is ADSP-enhanced data, or output, of a project involving sharing data with the entity under, or purportedly under, section 13; and
(c) the collection or use is not authorised by this Act.
Civil penalty:
(a) 300 penalty units; or
(b) if subsection (2) applies—600 penalty units.
(2) This subsection appliesif the entity concerned is or has been an accredited entity and the contravention is serious, having regard to any of the following matters:
(a) the sensitivity of the data;
(b) the consequences of the contravention for entities, groups of entities or things to which the data involved in the contravention relates;
(c) the level of care taken by the contravening entity in relation to the entity's responsibilities under the data sharing scheme in relation to the collection or use.
(3) An individual or a body corporate contravenes this subsection if:
(a) the individual or body corporate uses data; and
(b) the data is ADSP-enhanced data, or output, of a project involving sharing data with an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use of the data is not authorised by this Act.
Civil penalty: 300 penalty units.
Offences for user or intermediary
(4) An entity commits an offence if:
(a) the entity collects or uses data; and
(b) the data is ADSP-enhanced data, or output, of a project involving sharing data with the entity under, or purportedly under, section 13; and
(c) the collection or use is not authorised by this Act and the entity is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
(5) An individual or a body corporate commits an offence if:
(a) the individual or body corporate uses data; and
(b) the data is ADSP-enhanced data, or output, of a project involving sharing data with an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use of the data is not authorised by this Act and the individual or body corporate is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
Defence
(6) Subsections (1), (3), (4) and (5) do not apply if the data collected or used is a copy of output, or ADSP-enhanced data, that has exited the data sharing scheme, or is derived from such a copy.
Note: A defendant bears an evidential burden in relation to the matter in subsection (6) (see subsection 13.3(3) of the Criminal Code ).
Civil penalty provisions for sharer
(7) An entity contravenes this subsection if:
(a) the entity collects or uses data submitted to the entity under, or purportedly under, section 13A or 13B; and
(b) the collection or use is not authorised by this Act.
Civil penalty: 300 penalty units.
(8) An individual or a body corporate contravenes this subsection if:
(a) the individual or body corporate uses data; and
(b) the data was submitted to an entity under, or purportedly under, section 13A or 13B; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act.
Civil penalty: 300 penalty units.
Offences for sharer
(9) An entity commits an offence if:
(a) the entity collects or uses data submitted to the entity under, or purportedly under, section 13A or 13B; and
(b) the collection or use is not authorised by this Act and the entity is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
(10) An individual or a body corporate commits an offence if:
(a) the individual or body corporate uses data; and
(b) the data was submitted to an entity under, or purportedly under, section 13A or 13B; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act and the individual or body corporate is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
Relat ionship of collection and use civil penalty provisions and offences with other laws
(11) Subsections (1) to (10) have effect despite any other law of the Commonwealth or a State or Territory, whether enacted before or after the commencement of this Act.
(12) To avoid doubt, subsections (1) to (10) have effect regardless of whether a permitted general situation, or a permitted health situation, exists within the meaning of the Privacy Act 1988 .
(54) Page 18 (before line 9), before clause 15, insert:
Part 2.3 — Data sharing purposes and principles
(55) Clause 15, page 18 (lines 15 to 17), omit the note, substitute:
Note: Data sharing agreements must specify the agreed data sharing purpose or purposes and agreed incidental purposes (if any), and prohibit collection or use of data for any other purpose, including any precluded purpose.
(56) Clause 15, page 18 (after line 17), after subclause (1), insert:
Delivery of government services
(1A) For the purposes of paragraph (1)(a), delivery of government services means the delivery of any of the following services by the Commonwealth or a State or Territory:
(a) providing information;
(b) providing services, other than services relating to a payment, entitlement or benefit;
(c) determining eligibility for a payment, entitlement or benefit;
(d) paying a payment, entitlement or benefit.
Note: Making a decision under legislation about whether an individual is eligible to receive a payment, before any payment is made, is an example of delivery of government services. The purpose of making such a decision is not a precluded purpose.
(57) Clause 15, page 19 (after line 10), at the end of subclause (3), add:
Note: The purpose of verifying that a government payment previously made to a person was correctly made is an example of an enforcement related purpose. Other examples include the purpose of recovering overpayments, identifying individuals for compliance activity and identifying individuals for the purposes of exercising statutory investigation powers.
(58) Clause 15, page 19 (after line 19), at the end of clause 15, add:
Preparing data for a later project
(5) A project that involves sharing, collecting and using data in order to prepare (including to create) data for sharing under section 13 as part of a later project that will be for one or more of the data sharing purposes is itself taken to be a project for that or those data sharing purposes.
(6) Subsection (5) applies regardless of whether the entities sharing, collecting and using the data have a particular later project in mind and whether the data is actually shared under section 13 as part of any later project.
(59) Clause 16, page 19 (lines 21 to 33), omit subclauses (1) and (2), substitute:
Project principle
(1) The project principle is that the project is an appropriate project or program of work.
(2) The project principle includes (but is not limited to) the following elements:
(a) the project can reasonably be expected to serve the public interest;
(b) the parties observe processes relating to ethics, as appropriate in the circumstances.
(60) Clause 16, page 20 (lines 6 to 10), omit paragraphs (4)(a) and (b), substitute:
(a) access to data is only provided to individuals who have attributes, qualifications, affiliations or expertise appropriate for the access;
(b) the entity sharing the data considers the following matters in relation to the entity collecting the data (the collector ):
(i) the collector's experience with projects involving the sharing of public sector data, under this Act or otherwise;
(ii) the collector's capacity to handle public sector data securely;
(iii) any data breaches, or breaches of the law relating to data, by the collector;
(iv) any other matters specified in a data code.
(61) Clause 16, page 20 (line 12), after "shared", insert ", collected and used".
(62) Clause 16, page 20 (lines 16 to 19), omit paragraphs (6)(a) and (b), substitute:
(a) the means by which the data is shared, collected and used are appropriate, having regard to the type and sensitivity of the data, to control the risks of unauthorised use;
(b) reasonable security standards are applied when sharing, collecting and using data.
(63) Clause 16, page 20 (lines 23 to 28), omit subclause (8), substitute:
(8) The data principle includes (but is not limited to) the element that only the data reasonably necessary to achieve the applicable data sharing purpose or purposes is shared, collected and used.
(64) Clause 16, page 20 (line 29) to page 21 (line 9), omit subclauses (9) and (10), substitute:
Output principle
(9) The output principle is that the only output of the project is:
(a) the final output; and
(b) output the creation of which is reasonably necessary or incidental to creation of the final output.
(10) The output principle includes (but is not limited to) the following elements:
(a) the data custodian of the data and the accredited user consider:
(i) the nature and intended use of the output of the project; and
(ii) requirements and procedures for use of the output of the project;
(b) the final output contains only the data reasonably necessary to achieve the applicable data sharing purpose or data sharing purposes.
(65) Clause 16, page 21 (lines 10 to 20), omit subclauses (11) and (12), substitute:
Application of data sharing principles
(11) For a data scheme entity to be satisfied that the project is consistent with the data sharing principles, the entity must be satisfied that it has applied each principle to the sharing, collection or use of data in such a way that, when viewed as a whole, the risks associated with the sharing, collection or use are appropriately mitigated.
Note: Entities must also comply with the rules and any data codes (see section 26) and have regard to the guidelines (see section 27).
(66) Page 21 (after line 20), after clause 16, insert:
Part 2.4 — Privacy protections
16A General privacy protections
(1) Data that includes biometric data must not be shared unless the individual to whom the biometric data relates expressly consents to the sharing of the biometric data.
(2) If data that includes personal information is shared, the data sharing agreement that covers the sharing must prohibit any accredited entity with or through which it is shared from storing or accessing, or providing access to, the ADSP-enhanced data, or the output, of the project outside Australia.
(3) If data that has been de-identified is shared, the data sharing agreement that covers the sharing must prohibit the accredited user from taking any action that may have the result that the data ceases to be de-identified.
16B Purpose-specific privacy protections
If data sharing purpose is delivery of government services
(1) If the data sharing purpose of the project is delivery of government services, the data must not include personal information about an individual unless:
(a) one or more of the following apply:
(i) the service being delivered is a service mentioned in paragraph 15(1A)(a) or (b) and is delivered to the individual;
(ii) the individual consents to the sharing of their personal information;
(iii) the sharing would be a disclosure authorised under Part VIA of the Privacy Act 1988 (dealing with personal information in emergencies and disasters); and
(b) the service being delivered is identified in the data sharing agreement for the project; and
(c) only the minimum amount of personal information necessary to properly deliver the service is shared.
(2) If data that includes personal information is to be shared with an accredited user in circumstances in which the shared data exits the data sharing scheme under subsection 20E(4), the data sharing agreement must specify this.
If data sharing purpose is informing government policy and programs or research and development
(3) If the data sharing purpose of the project is informing government policy and programs, or research and development, the data must not include personal information about an individual unless:
(a) both of the following apply:
(i) the individual consents to the sharing of their personal information;
(ii) only the minimum amount of personal information necessary for the project to proceed is shared; or
(b) all of the following apply:
(i) the project cannot proceed without the personal information;
(ii) the public interest served by the project justifies the sharing of personal information about individuals without their consent;
(iii) only the minimum amount of personal information necessary for the project to proceed is shared;
(iv) a permitted circumstance for the project's data sharing purpose exists (see subsections (4) and (5)).
(4) The permitted circumstances for the data sharing purpose of informing government policy and programs are the following:
(a) it is unreasonable or impracticable to seek the individual's consent;
(b) the data is to be collected and used in the course of medical research and in accordance with guidelines under subsection 95(1) of the Privacy Act 1988 ;
(c) the sharing is with an ADSP as an intermediary, to enable the ADSP to prepare ADSP-enhanced data that does not involve personal information about the individual;
(d) the sharing is ADSP-controlled access (see subsection (6));
(e) the accredited user is a Commonwealth body (other than a Commonwealth body excluded from this paragraph by the rules) and the final output of the project includes only de-identified information;
(f) the sharing is a disclosure authorised under Part VIA of the Privacy Act 1988 (dealing with personal information in emergencies and disasters).
Note: It is not unreasonable or impracticable to seek an individual's consent merely because the consent of a very large number of individuals needs to be sought. The Commissioner is also required to make a data code dealing with this matter.
(5) The permitted circumstances for the data sharing purpose of research and development are the circumstances mentioned in paragraphs (4)(a) to (d).
(6) Sharing is ADSP-controlled access if:
(a) an ADSP is sharing the data on behalf of the data custodian with an accredited user; and
(b) the data is shared by means of the ADSP providing access to the data:
(i) by use of systems controlled by the ADSP; and
(ii) to particular identified designated individuals for the entity, each of whom has appropriate experience, qualifications or training; and
(c) the ADSP has implemented controls to prevent or minimise the risk of the data being used to identify individuals.
(7) If the data custodian of the data being shared concludes that, in relation to the sharing of personal information under the agreement for the purpose of informing government policy and programs, or research and development, the circumstance mentioned in paragraph (4)(a) exists (unreasonable or impracticable to seek individual's consent), the agreement must include:
(a) a statement that personal information is being shared without consent of individuals because it is unreasonable or impracticable to seek their consent; and
(b) an explanation of the data custodian's reasons for so concluding.
(8) If personal information about an individual is to be shared without the consent of the individual for the data sharing purpose of informing government policy and programs, or research and development, the data sharing agreement must include a statement setting out why sharing the personal information is consistent with this section.
16C Project involving use of de-identification or secure access data services
(1) The requirement in subsection (2) applies if:
(a) the data sharing purpose of the project is informing government policy and programs or research and development; and
(b) the project involves performing a de-identification data service (see subsection (3)) or a secure access data service (see subsection (4)).
(2) The data sharing agreement that covers the project must require the service to be performed by one of the following:
(a) the data custodian of the data, if the data custodian is not an ADSP but is satisfied that it has the appropriate skills and experience to perform the service;
(b) the data custodian of the data, if the data custodian is an ADSP able to perform such a service consistently with its conditions of accreditation;
(c) an ADSP able to perform such a service consistently with its conditions of accreditation.
(3) A de-identification data service is a service to treat data that includes personal information so that the data is de-identified, using techniques that restrict the data being used in a way that would have the result that the data ceases to be de-identified.
(4) A secure access data service is:
(a) the service of providing ADSP-controlled access; or
(b) any other service that enables an entity to access data under the control of another entity and that includes controls to prevent or minimise the risk of the data being misused.
16D Project involving complex dat a integration services
(1) The requirement in subsection (2) applies if:
(a) the data sharing purpose of the project is informing government policy and programs or research and development; and
(b) the project involves performing a complex data integration service (see subsection (3)); and
(c) a decision that subsection (4) applies to the service has not been made.
(2) The data sharing agreement that covers the project must require the service to be performed by one of the following:
(a) the data custodian of the data, if the data custodian is an ADSP able to perform such a service consistently with its conditions of accreditation;
(b) an ADSP able to perform such a service consistently with its conditions of accreditation.
(3) A service to integrate data is a complex data integration service if:
(a) 2 or more entities control the data being integrated; and
(b) the data is at the unit or micro level; and
(c) any of the following subparagraphs applies to any of the data to be integrated, or to the integrated data:
(i) the data includes personal information;
(ii) the data includes commercially sensitive information (including trade secrets) about the business, commercial, or financial affairs of an organisation;
(iii) the data includes information that is not publicly available about an industry or sector that forms part of the Australian economy;
(iv) the data includes information about one or more persons or things the data custodian of the data considers to be vulnerable or sensitive;
(v) the data is to be used for more than one project;
(vi) the data meets conditions prescribed by the rules; and
(d) the data to be integrated, or the integrated data, has any of the characteristics prescribed by the rules (if any).
(4) An individual covered by subsection (5) may decide that this subsection applies to the integration, if the individual is satisfied that, having regard to the following matters in relation to the data custodian's data and the other data proposed to be integrated, the risk that the integration could cause substantial harm is low:
(a) the size of the data sets;
(b) whether the data relates to a significant proportion of the population of people or things to which the data relates;
(c) the detail of the individual records included in the data;
(d) how current the data is and whether it will be updated;
(e) the quality of the metadata and documentation for the data sets;
(f) whether entities that collected data to be integrated, or on whose behalf data to be integrated was collected, are aware of the proposed use of the data;
(g) if the data includes personal information—whether a person qualified to assess the ethics of the proposed use of the data has conducted such an assessment;
(h) whether the data custodian of the integrated data will control the technical environment in which the integrated data will be accessed;
(i) any other matters prescribed by the rules.
(5) An individual is covered by this subsection if the individual is:
(a) an authorised officer of a data custodian of data that is to be integrated; or
(b) an individual authorised under subsection 137(4) for the data custodian of data that is to be integrated.
(6) An individual who makes a decision that subsection (4) applies must make a written record of the decision and the reasons for the decision.
16E Privacy coverage condition
(1) For the purposes of sections 13, 13A and 13B, the privacy coverage condition is met, in relation to an entity, if:
(a) the entity is an APP entity; or
(b) the Privacy Act 1988 applies to the entity, in relation to its collection and use of data as part of the project, as if the entity were an organisation within the meaning of that Act; or
(c) the entity is subject to an APP-equivalence term of the data sharing agreement in relation to its collection and use of data as part of the project; or
(d) a law of a State or Territory that provides for all of the following applies in relation to the entity's collection and use of data as part of the project:
(i) protection of personal information comparable to that provided by the Australian Privacy Principles;
(ii) monitoring of compliance with the law;
(iii) a means for an individual to seek recourse if the individual's personal information is dealt with in a way contrary to the law.
(2) An A PP-equivalence term is a term of a data sharing agreement prohibiting an entity from collecting or using personal information under the agreement in any way that would, if the entity were an organisation within the meaning of thePrivacy Act 1988 , breach an Australian Privacy Principle.
(3) An act or practice engaged in by an entity that is an organisation referred to in paragraphs 7B(2)(a) and (b) of the Privacy Act 1988 is not, despite subsection 7B(2) of that Act,exempt for the purposes of paragraph 7(1)(ee) of that Act if the act or practice is collecting or using personal information as part of a project.
Note: Paragraphs 7B(2)(a) and (b) of the Privacy Act 1988 refer to an organisation that would be a small business operator if it were not a contracted service provider for a Commonwealth contract (within the meaning of thePrivacy Act 1988 ).
(4) Except as provided by subsection (3) and Part 3.3, nothing in this Act affects the operation of the Privacy Act 1988 in relation to a data scheme entity that is an APP entity.
Note: Part 3.3 (data breach responsibilities) deals with the relationship between this Act and the requirements of Part IIIC of the Privacy Act 1988 (notification of eligible data breaches).
16F Compliance with APP-equivalence term
(1) If an entity is subject to an APP-equivalence term of a data sharing agreement, an act or practice of the entity that contravenes the term in relation to an individual is taken to be:
(a) an interference with the privacy of the individual for the purposes of the Privacy Act 1988 ; and
(b) covered by sections 13 and 13G of that Act.
Note: An act or practice that is an interference with privacy may be the subject of a complaint under section 36 of the Privacy Act 1988 .
(2) The entity is taken, for the purposes of Part V of the Privacy Act 1988 and any other provision of that Act that relates to that Part, to be an organisation (within the meaning of that Act) if:
(a) an act or practice of the entity has contravened, or may have contravened, the APP-equivalence term in relation to an individual; and
(b) the act or practice is the subject of a complaint to, or an investigation by, the Information Commissioner under Part V of the Privacy Act 1988 .
(3) For the purposes of subsection (1), the reference in section 13G of the Privacy Act 1988 to an entity includes a reference to any entity that is subject to an APP-equivalence term.
(4) Paragraph 33C(1)(a) of the Privacy Act 1988 applies in relation to an entity that is subject to an APP-equivalence term of a data sharing agreement as if the entity were an APP entity.
(5) Sections 80V and 80W of the Privacy Act 1988 apply in relation to an APP-equivalence term as if the term were a provision of that Act.
(67) Heading to clause 17, page 21 (line 21), omit the heading, substitute:
Part 2.5 — When sharing is barred
17 When sharing is barred
(68) Clause 17, page 21 (lines 22 to 26), omit subclause (1), substitute:
When sharing is barred
(1) For the purposes of paragraph 13(2)(c), sharing data is barred if the sharing is barred by any of the following subsections.
Note: If a sharing of data is barred, it is not authorised by section 13.
(69) Clause 17, page 21, line 28, omit "The sharing is excluded if", substitute "Sharing data is barred if".
(70) Clause 17, page 21 (line 29), omit "shared".
(71) Clause 17, page 21 (line 31), omit "shared".
(72) Clause 17, page 22 (line 6), omit " 2015 .", substitute "2015 ; or".
(73) Clause 17, page 22 (after line 6), at the end of subclause (2), add:
(c) an excluded entity would be a data custodian of the data, if paragraph 11(2)(b) were disregarded.
(74) Clause 17, page 22 (line 8), omit "The sharing is excluded if", substitute "Sharing data is barred if".
(75) Clause 17, page 22 (line 23), omit "The sharing is excluded if", substitute "Sharing data is barred if".
(76) Clause 17, page 22 (lines 25 and 26), omit "the persons whose conduct is taken under section 123 to be conduct of the data custodian", substitute "the individuals to whom the data custodian's authorisation would extend under section 124".
(77) Clause 17, page 23 (line 7), omit "The sharing is excluded if", substitute "Sharing data is barred if".
(78) Clause 17, page 23 (after line 17), at the end of subclause (5), add:
Note: The Privacy Act 1988 and legislative instruments made under that Act are examples of laws of the Commonwealth giving effect to an international agreement binding on Australia (the International Covenant on Civil and Political Rights done at New York on 16 December 1966 ([1980] ATS 23)).
(79) Clause 17, page 23 (line 19), omit "The sharing is excluded if", substitute "Sharing data is barred if".
(80) Clause 17, page 23 (line 20), omit paragraph (6)(a), substitute:
(a) the copy of the data to be shared is being held as evidence before a court; or
(81) Clause 17, page 23 (line 21), omit "data", substitute "copy".
(82) Clause 17, page 24 (lines 1 to 7), omit subclauses (7) and (8).
(83) Page 24 (before line 8), before clause 18, insert:
Part 2.6 — Data sharing agreements
(84) Clause 18, page 24 (lines 8 to 29), omit the clause, substitute:
18 Data sharing agreement
(1) An agreement is a data sharing agreement if:
(a) the agreement relates to the sharing of public sector data; and
(b) the parties to the agreement include a data custodian of public sector data and an accredited user; and
(c) the agreement is in the approved form (if any) or in writing (if there is no approved form); and
(d) any requirements specified in a data code are met in relation to the agreement.
Note 1: All data sharing agreements must also meet the requirements in section 19. Other provisions also impose requirements in certain circumstances (see for example sections 16B and 16C).
Note 2: Data scheme entities must also have regard to the guidelines (see section 27) in entering a data sharing agreement.
Note 3: Copies of data sharing agreements, including variations, must be given to the Commissioner (see section 33) for inclusion on the register of data sharing agreements under section 130. Certain details of the agreements must be made publicly available.
(2) A data sharing agreement must not be entered into by an individual on behalf of a data scheme entity unless the individual is an authorised officer of the entity or authorised under subsection 137(4) for the entity.
(3) A variation of a data sharing agreement must not be entered into by an individual on behalf of a data scheme entity unless the individual is an authorised officer of the entity or authorised under subsection 137(3) or (4) for the entity.
(4) A data sharing agreement has no effect until the agreement is registered.
(5) A variation of a data sharing agreement has no effect (and the agreement as in effect before the variation continues in effect) until the variation, or the agreement as varied, is registered.
(6) A data sharing agreement may deal with matters not required to be dealt with by this Act, but must not do so in a way that is inconsistent with the data sharing scheme.
(85) Heading to clause 19, page 24 (line 30), omit the heading, substitute:
19 Requirements to be met by all data sharing agr eements
(86) Clause 19, page 24 (before line 31), before subclause (1), insert:
(1A) The requirements in this section must be met by all data sharing agreements.
Note: There are other requirements that, depending on the nature of the project, must be met by some data sharing agreements. See sections 16A and 16B.
(87) Clause 19, page 25 (line 1) to page 27 (line 7), omit subclauses (2) to (12), substitute:
(2) The agreement must describe the project and specify that this Act applies to the project.
(3) The agreement must specify:
(a) the public sector data that the data custodian is to share (including any ADSP-enhanced data an ADSP is to share on behalf of the data custodian) (the source data ); and
(b) the output of the project that the data custodian and accredited user agree is to be the final output.
(4) The agreement must:
(a) specify the data custodian of the source data; and
(b) if the agreement appoints a Commonwealth body as data custodian of output of the project in accordance with section 20F—specify the output and explain why the appointment has been made.
Note: If the accredited user is a Commonwealth body, the agreement may appoint the accredited user as the Commonwealth body that is to be data custodian of the output.
(5) The agreement must specify the title of any law that the sharing would contravene but for section 23 (authorisation to share overrides other laws).
(6) The agreement must:
(a) specify:
(i) the data sharing purpose, or data sharing purposes, of the project; and
(ii) if, under the agreement, the accredited user is to be allowed to use output of the project for any purpose incidental to that purpose or those purposes—any such incidental purpose; and
(b) except in relation to any use of the output allowed in accordance with section 20D—prohibit the accredited user from collecting and using output of the project for any of the following:
(i) any purpose not specified;
(ii) any precluded purpose.
(6A) The agreement must prohibit the accredited user from creating output of the project, other than:
(a) the final output; and
(b) output the creation of which is reasonably necessary or incidental to creation of the final output.
(7) The agreement must specify how the project will be consistent with the data sharing principles, including by:
(a) describing how the public interest is served by the project; and
(b) specifying the actions the party will take to give effect to the principles.
(8) If the sharing is being done through an ADSP, the agreement must:
(a) specify any data services the ADSP is to perform in relation to public sector data shared with the ADSP by the data custodian; and
(b) specify the circumstances in which the ADSP is to share, with the accredited user on behalf of the data custodian, ADSP-enhanced data of the project; and
(c) prohibit the ADSP from providing access to, or releasing, the ADSP-enhanced data in any other circumstances other than circumstances (if any) specified in the agreement.
(8A) For the purposes of paragraph (8)(c), the only other circumstances that may be specified in the agreement are those allowed by section 20A.
(9) The agreement must:
(a) describe in general terms the use to be made by the accredited user of the output of the project; and
(b) prohibit the accredited user from using the output in a way that is inconsistent with the description; and
(c) prohibit the accredited user from providing access to, or releasing, the output in any circumstances other than circumstances (if any) specified in the agreement.
(10) For the purposes of paragraph (9)(c), the only circumstances that may be specified in the agreement are those allowed by section 20A, 20B, 20C or 20D.
(11) The agreement must prohibit the accredited entities that are party to the agreement from doing anything inconsistent with the conditions of accreditation imposed on or applicable to the entity from time to time.
(12) If section 37 applies in relation to sharing under the agreement and the agreement does not provide that subsections 37(2) and (3) are not to apply, the agreement must specify that those subsections apply.
(12A) If the parties agree to responsibilities in relation to data breaches additional to those under Part 3.3, the agreement must set out those responsibilities.
(88) Clause 19, page 27 (line 16), omit "contain any other terms", substitute "meet any other requirements".
(89) Clause 19, page 27 (after line 17), at the end of the clause, add:
(17) The agreement must require the data custodian of the source data to give the Commissioner written notice of the cessation of the agreement, as soon as practicable after the agreement ceases be in effect.
(90) Clause 20, page 27 (lines 18 to 21), omit the clause.
(91) Clause 21, page 27 (line 22) to page 29 (line 7), omit the clause, substitute:
Part 2.7 — Allowed access to outpu t of project
20A Allowed access: providing data custodian of source data with access to ADSP-enhanced data or output
(1) The data sharing agreement may allow the ADSP to provide access to specified ADSP-enhanced data of the project under the agreement to the data custodian of the source data, for the purpose of the data custodian ensuring that the ADSP-enhanced data is as agreed.
(2) The data sharing agreement may allow the accredited user to provide access to specified output of the project under the agreement to the data custodian of the source data, for the purpose of the data custodian ensuring that the output is as agreed.
(3) If the ADSP or accredited user provides access to data that is ADSP-enhanced data or output in accordance with subsection (1) or (2), the ADSP or accredited user submits the data.
(4) Providing access to output or ADSP-enhanced data as allowed by this section is taken to be for the data sharing purpose, or data sharing purposes, of the project.
20B Allowed access: providing access to output for validation or correction
(1) The data sharing agreement may allow the accredited user to provide another entity with access to specified output of the project, if the agreement:
(a) allows the access to be provided to:
(i) an entity that carries on a business, or is a not-for-profit entity, to which the output relates, for the purpose of validating or correcting the output; or
(ii) an individual to whom the output relates, or a responsible person (within the meaning of the Privacy Act 1988 ) for such an individual, for the purpose of validating or correcting the output; or
(iii) another person in circumstances prescribed by the rules that relate to validating or correcting the output; and
(b) requires the data custodian of the source data to be satisfied, before access is provided, that the access will be an authorised use of the output under section 13A.
(2) If data exits the data sharing scheme under subsection 20E(2) as a result of the accredited user providing an entity, individual or other person with access to the data as allowed by subsection (1), the accredited user is taken to have collected a copy of the data from the entity, individual or person concerned, at the time the entity, individual or person validates or corrects the data.
(3) Providing access to output in accordance with a term of a data sharing agreement allowed by this section is taken to be for the data sharing purpose, or data sharing purposes, of the project.
20C Allowed access: providing access to or releasing output in o ther circumstances
(1) The data sharing agreement may allow the accredited user to provide another entity with access to, or to release, specified output of the project, if the agreement:
(a) allows the provision of access, or release, in specified circumstances that do not contravene any other law of the Commonwealth or a law of a State or Territory (disregarding section 23 of this Act); and
(b) if the output includes personal information about an individual—prohibits provision of access or release unless the individual consents; and
(c) requires the data custodian of the source data to be satisfied, before the access is provided or the release occurs, that the access or release will be an authorised use of the output under section 13A.
(2) Providing access to output in accordance with a term of a data sharing agreement allowed by this section is taken to be for the data sharing purpose, or data sharing purposes, of the project.
20D Allowed access: sharing under section 13
The data sharing agreement may allow the accredited user to share output of the project under section 13, if:
(a) the accredited user is appointed as the data custodian of the output in accordance with subsection 20F(2); and
(b) the agreement requires the data custodian of the source data to be satisfied, before the sharing occurs, that the sharing will be an authorised use of the output under section 13A.
20E Exit of ADSP-enhanced data or output of project
Overview of this section
(1) If the user or intermediary in a project uses output, or ADSP-enhanced data, of the project in ways other than those authorised by this Act, it is a defence to an offence under section 14A if the copy being used has exited the data sharing scheme under this section (see subsection 14A(6)).
Exit on provision of authorised or required access
(2) If a person obtains a copy of output of the project as a result of the user providing the person with access to the output, the copy exits the data sharing scheme at the time it is collected by the person, as long as the user's provision of access is:
(a) a use of the output authorised by section 13A or 135 or required by a direction under section 112; and
(b) not a submission of the output; and
(c) not a sharing of data under section 13 allowed as mentioned in section 20D.
Note: See the definition of submit in subsection 20A(3).
(3) If a person obtains a copy of ADSP-enhanced data of the project as a result of the intermediary providing the person with access to the ADSP-enhanced data, the copy exits the data sharing scheme at the time it is collected by the person, as long as the intermediary's provision of access is:
(a) required by a direction under section 112; or
(b) authorised by section 135.
Exit on collection etc. if sharing is for purpose of d elivery of government services
(4) A copy of output of the project held by the user exits the data sharing scheme at the time applicable under subsection (5) if:
(a) the data is personal information about an individual; and
(b) the data sharing purpose of the project is delivery of government services; and
(c) before the data was shared with the accredited user, the individual expressly consented to their personal information:
(i) being shared by the data custodian with the accredited user; and
(ii) being used by the accredited user without the requirements of this Act applying to the use.
(5) For the purposes of subsection (4), the applicable time is:
(a) the time the user collected the copy of the shared data; or
(b) if the individual's consent as mentioned in paragraph (4)(c) specified a later time—that later time.
(6) The user is taken to collect a copy of data that exits the data sharing scheme under subsection (4) from the individual concerned, at the time the data exits.
Exit for accredited user that is appointed data custodian of output
(7) The user in a project is taken to hold a copy of output of the project that has exited the data sharing scheme, from the time specified for exit of the output in the data sharing agreement that covers the project, if:
(a) the agreement appoints the user as data custodian of the output under subsection 20F(2); and
(b) subparagraph 20F(2)(c)(i) does not apply; and
(c) the conditions in subsection 20F(3) for exit of the output are met.
20F Data custodian of outpu t of project
(1) An entity appointed as the data custodian of output of a project in accordance with subsection (2) or (5) becomes the data custodian of the output:
(a) if subparagraph (2)(c)(i) applies—at the time the output is created; or
(b) if subparagraph (2)(c)(ii) applies—at the time the output exits the data sharing scheme under subsection 20E(7); or
(c) if subsection (5) applies—at the time the entity is provided with access to the output in accordance with section 13A.
(2) A data sharing agreement that covers a project may appoint the user in the project as the data custodian of specified output of the project, if:
(a) the user is a Commonwealth body; and
(b) the output is public sector data and not a copy of the shared data collected by the user; and
(c) either:
(i) the agreement allows the user to provide access to the data in circumstances allowed by section 20C or 20D; or
(ii) if subparagraph (i) does not apply—the conditions in subsection (3) for exit of the output are met.
(3) The conditions for exit of the output are that:
(a) provision of access to, or release of, the output by the user would not contravene any other law of the Commonwealth or a law of a State or Territory (disregarding section 23 of this Act); and
(b) if the output includes personal information about an individual—the individual has expressly consented to their personal information being used by the user without the requirements of this Act applying to the use; and
(c) the agreement requires the data custodian of the source data to be satisfied that all requirements in the agreement relating to exit of the output are met before the time specified in the agreement for the exit.
(4) Unless appointed as mentioned in subsection (2), the user in the project is not the data custodian of output of the project. This subsection has effect despite subparagraph 11(2)(c)(i).
(5) A data sharing agreement that covers a project may appoint an entity that is party to the agreement, other than in the capacity of user, as the data custodian of specified output of the project, if:
(a) the entity is a Commonwealth body; and
(b) the entity is not an excluded entity; and
(c) the output is public sector data and not a copy of the shared data collected by the user; and
(d) the agreement allows the user to provide the entity with access to the output in circumstances allowed by section 20C.
Part 2.8 — Relationship with other laws
(92) Clause 22, page 29 (line 9), omit "subsection 13(1)", substitute "section 13".
(93) Clause 22, page 29 (line 11), after "share", insert "or disclose".
(94) Clause 23, page 29 (lines 13 to 24), omit the clause, substitute:
23 Authorisations override other laws
(1) The authorisations in sections 13, 13A, 13B and 13C have effect despite anything in another law of the Commonwealth, or a law of a State or Territory.
Note: These authorisations extend to individuals (see section 124).
(2) Subsection (1) applies in relation to a law enacted before or after the commencement of this Act.
(95) Clause 24, page 29 (lines 25 to 31), omit the clause.
(96) Clause 25, page 30 (line 5), omit "25", substitute "24".
(97) Clause 25, page 30 (line 8), omit "20", substitute "14A".
(98) Page 31 (before line 3), before clause 26, insert:
25 No duty to share but reasons required for not sharing
(1) This Act does not require, or authorise any person to require, a data custodian to share public sector data.
(2) However, a data custodian of public sector data must, within a reasonable period, consider a request for it to share the data, if the request is made:
(a) by an accredited user; and
(b) in the approved form (if any) or in writing (if there is no approved form).
(3) The data custodian may refuse the request for any reason (including that the request is unreasonable), but must give the accredited user written notice of the reasons no later than 28 days after the day the decision to refuse is made.
(99) Clauses 28 and 29, page 31 (line 10) to page 32 (line 16), omit the clauses.
(100) Clause 31, page 32 (lines 23 and 24), omit subclause (1), substitute:
(1) An accredited entity must give the Commissioner written notice, in the approved form (if any) of any event, or change in circumstance, relevant to either of the following:
(a) the exercise of the Commissioner's regulatory functions or the Minister's functions as the accreditation authority for the entity;
(b) the entity's accreditation or conditions of accreditation.
Civil penalty: 300 penalty units.
(101) Clause 32, page 33 (line 4), after "give the", insert "Minister or".
(102) Clause 33, page 33 (lines 18 to 32), omit the clause, substitute:
33 Registration of data sharing agreements
(1) If an entity is party to a data sharing agreement in the capacity of data custodian, the entity must give the Commissioner, in the approved form (if any):
(a) an electronic copy of the agreement; and
(b) if the agreement is varied—an electronic copy of the variation, or the agreement as varied;
no later than 30 days after the day the agreement or variation is made.
(2) The entity must also give the Commissioner any other information or documents required by a data code to be given to the Commissioner at the time the entity gives the Commissioner a document mentioned in subsection (1).
(103) Clause 34, page 34 (lines 1 to 10), omit the clause, substitute:
34 Assist Commissioner in relation to annual report
(1) A data custodian must, within the period applicable under subsection (5) after the end of a financial year, notify the Commissioner, in the approved form (if any), of the following in relation to the financial year:
(a) whether it received requests from accredited users to share data under this Act;
(b) if it received any such requests—the number of requests and the reasons it agreed to or refused them;
(c) if it refused any such requests—the number of requests that were refused where reasons for the refusal were not given within the time required by subsection 25(3);
(d) whether it received complaints relating to the data sharing scheme or its conduct in relation to it, and if it did, the number of complaints and information about the subject matter of the complaints;
(e) whether it entered into any data sharing agreements and if it did, the number entered into.
(2) A data custodian must give the Commissioner any other information and assistance the Commissioner reasonably requires in relation to the preparation of the annual report mentioned in section 138.
(3) An entity that was an accredited entity at any time during a financial year must give the Commissioner any information and assistance the Commissioner reasonably requires in relation to the preparation of the annual report for the financial year mentioned in section 138.
(4) The period for notifying the Commissioner is:
(a) the period applicable under a data code; or
(b) if there is no period applicable under a data code—as soon as practicable.
(104) Clause 35, page 35 (lines 7 and 8), omit ", or unauthorised sharing or unauthorised release of,", substitute "or disclosure of".
(105) Clause 35, page 35 (lines 10 and 11), omit ", or unauthorised sharing or unauthorised release of,", substitute "or disclosure of".
(106) Clause 35, page 35 (line 14), omit "sharing, release", substitute "disclosure".
(107) Clause 36, page 35 (lines 25 to 27), omit "the data custodian shared with or through the entity, or that is the output of such data", substitute "is output, or ADSP-enhanced data, of a project in which the data custodian shared public sector data with or through the accredited entity".
(108) Clause 36, page 35 (line 18), after "the entity must", insert ", within the period applicable under subsection (3),".
(109) Clause 36, page 35 (after line 21), at the end of subclause (1), add:
Civil penalty: 300 penalty units.
(110) Clause 36, page 35 (line 28), after "the data custodian must", insert ", within the period applicable under subsection (3),".
(111) Clause 36, page 35 (after line 30), at the end of subclause (2), add:
Civil penalty: 300 penalty units.
(112) Clause 36, page 35 (after line 30), at the end of the clause, add:
(3) The period for taking the steps is:
(a) the period applicable under a data code; or
(b) if there is no period applicable under a data code—as soon as practicable after the breach occurs.
(113) Clause 37, page 36 (line 8), omit "subsection 13(1)", substitute "section 13".
(114) Clause 37, page 36 (lines 22 to 28), omit subclause (3) (including the note), substitute:
(3) If the accredited entity reasonably suspects or becomes aware that a data breach of the entity has occurred (within the meaning of section 35), the accredited entity must give the data custodian written notice of the suspected or actual data breach:
(a) in sufficient time; and
(b) containing sufficient detail;
to enable the data custodian to comply with its obligations under Part IIIC of the Privacy Act 1988 as that Part applies because of subsection (2) of this section.
(115) Clause 37, page 37 (lines 10 to 15), omit subclause (5), substitute:
Copy of eligible data breach statements given to Information Commissioner
(5) A data scheme entity must, as soon as practicable, give the National Data Commissioner a copy of any statement the entity is required to give the Information Commissioner under section 26WK of the Privacy Act 1988 (statement about eligible data breach), if the eligible data breach to which the statement relates involves scheme data.
(5A) The Information Commissioner may give the National Data Commissioner a copy of any statement given to the Commissioner under section 26WK of the Privacy Act 1988 , if the Information Commissioner is satisfied that the matters dealt with in the statement are relevant to the National Data Commissioner's functions.
(116) Clause 38, page 37 (line 22), after "approved form (if any)", insert ", within the period applicable under subsection (1A)".
(117) Clause 38, page 37 (after line 29), at the end of subclause (1), add:
Civil penalty: 300 penalty units.
(118) Clause 38, page 37 (line 30) to page 38 (line 8), omit subclause (2), substitute:
(1A) The period for notifying the Commissioner is:
(a) the period applicable under a data code; or
(b) if there is no period applicable under a data code—as soon as practicable after the end of the financial year in which the breach occurs.
(2) A data code may prescribe different periods for the purposes of paragraph (1A)(a), according to whether the breach is, or is not, a breach that a reasonable person would conclude would be likely to result in serious harm to an entity, a group of entities or a thing to which the data relates.
(119) Clause 38, page 38 (line 9), omit "for the purposes of paragraph (2)(a)".
(120) Clause 39, page 39 (lines 7 to 10), omit the paragraph beginning "The Commissioner is the regulator", substitute:
The Commissioner is the regulator for the data sharing scheme, and provides advice and guidance about it. The Commissioner also has the function of regulating and enforcing the scheme, which includes dealing with complaints that data scheme entities make about each other, and other complaints relating to the scheme's administration or operation.
In addition, the Commissioner's functions include educating and supporting Commonwealth bodies more generally in relation to sharing and safely handling public sector data.
(121) Clause 39, page 39, at the end of the clause, add:
The constitutional basis for the roles of the Commissioner and Council is set out in subsections 42(2) and 61(2).
(122) Clause 42, page 40 (lines 10 to 14), omit paragraph (1)(d), substitute:
(d) the education related functions set out in section 45A;
(123) Clause 42, page 40 (line 16), omit "the rules", substitute "an instrument under this Act".
(124) Clause 42, page 40 (lines 19 to 22), omit subclause (2), substitute:
(2) The Commissioner may perform the Commissioner's functions only with respect to the following:
(a) sharing of data under, or purportedly under, section 13 and the collection and use of data in relation to such sharing;
(b) matters incidental to the execution of any of the legislative powers of the Parliament or the executive power of the Commonwealth.
(125) Clause 43, page 40 (after line 29), after paragraph (a), insert:
(aa) advise a data scheme entity about how, in the Commissioner's opinion, the data sharing scheme applies, or would apply in particular circumstances, in relation to the entity;
(ab) advise the Minister in relation to the exercise of the Minister's powers under Part 5.2 (accreditation framework);
(126) Clause 43, page 41 (line 5), omit "administration", substitute "administrative".
(127) Clause 45, page 41 (line 12), before "For", insert "(1)".
(128) Clause 45, page 41 (after line 18), at the end of the clause, add:
(2) A person assisting the Commissioner in the performance of any of the Commissioner's regulatory functions must be a person who, in the Commissioner's opinion, has the skills, qualifications or experience necessary to assist the Commissioner to perform that regulatory function.
(129) Page 41 (after line 18), after clause 45, insert:
45A Educatio n and support related functions
For the purposes of paragraph 42(1)(d), the Commissioner's education and support related functions are the following:
(a) to foster best practice by data custodians when responding to requests to share, and sharing, public sector data;
(b) to foster safe data handling practices by Commonwealth bodies;
(c) to make available to Commonwealth bodies information, educational material and support relating to using public sector data and providing other entities with access to it in a controlled manner.
(130) Clause 50, page 42 (lines 28 to 31), omit paragraph (2)(b), substitute:
(b) a regulatory function, or a power in relation to a regulatory function, to the extent that the function would be performed, or the power exercised, by a delegate in relation to the Department in which the delegate is an APS employee; or
(c) functions or powers under Part 4.3 (National Data Advisory Council).
(131) Clause 51, page 43 (lines 14 and 15), omit the note.
(132) Page 45 (after line 14), after clause 58, insert:
58A Disclosure of interests to Minister
The Commissioner must give written notice to the Minister of any interests, pecuniary or otherwise, that the Commissioner has or acquires and that conflict or could conflict with the proper performance of the Commissioner's functions.
Note: See also section 67 in relation to disclosure obligations in connection with the Commissioner's role on the National Data Advisory Council.
(133) Clause 59, page 45 (line 29), before "is absent", insert "if the Commissioner".
(134) Clause 59, page 46 (lines 1 to 4), omit paragraph (e), substitute:
(e) if the Commissioner fails, without reasonable excuse, to comply with:
(i) section 58A (disclosure of interests to Minister); or
(ii) section 67 (disclosure of interests to Minister or Commissioner); or
(iii) section 29 of the Public Governance, Performance and Accountability Act 2013 (which deals with the duty to disclose interests) or rules made for the purposes of that section; or
(135) Clause 59, page 46 (line 5), before "engages", insert "if the Commissioner".
(136) Clause 61, page 47 (line 4), before "The National", insert "(1)".
(137) Clause 61, page 47 (line 6), omit "sharing and use of public sector data", substitute "use of public sector data and provision of access to it in a controlled manner".
(138) Clause 61, page 47 (after line 12), at the end of the clause, add:
(2) The Council may perform the Council's functions only with respect to the following:
(a) sharing of data under, or purportedly under, section 13 and the use of data in relation to such sharing;
(b) matters incidental to the execution of any of the legislative powers of the Parliament or the executive power of the Commonwealth.
(139) Clause 70, page 50 (line 10), before "the member", insert "if".
(140) Clause 70, page 50 (after line 11), after paragraph (d), insert:
(da) if the member fails, without reasonable excuse, to comply with section 67 (disclosure of interests to Minister or Commissioner); or
(141) Clause 73, page 51 (line 5), before "Commissioner", insert "Minister and the".
(142) Clause 73, page 51 (line 8), after "Act", insert "or a data sharing agreement".
(143) Clause 73, page 51 (line 16), after "the Act", insert "or a data sharing agreement".
(144) Clause 73, page 51 (after line 18) after the paragraph beginning "The Commissioner may also", insert:
The Minister may also direct the Commissioner to investigate a data scheme entity.
(145) Clause 73, page 51 (lines 27 and 28), omit "if satisfied a data scheme entity has breached the Act or in emergency situations", substitute "in specified circumstances".
(146) Clause 73, page 52 (line 5), after "a civil penalty provision", insert "or a provision of Chapter 3 (responsibilities of data scheme entities)".
(147) Clauses 74 and 75, page 53 (line 3) to page 55 (line 20), omit the clauses, substitute:
74 Accreditation
(1) If an entity applies for accreditation as an ADSP or an accredited user under section 76, the accreditation authority for the entity may grant the entity the accreditation applied for if:
(a) the entity is an Australian entity and not an excluded entity; and
(b) the authority is satisfied that the entity meets the criteria for accreditation under section 77, to a standard appropriate for the accreditation; and
(c) the authority considers it appropriate, in all the circumstances, to grant the accreditation.
(2) If the accreditation authority grants the entity the accreditation applied for, the authority may accredit the entity:
(a) without imposing conditions of accreditation; or
(b) with conditions of accreditation imposed by the authority, if the authority is satisfied that imposing the conditions is:
(i) appropriate for reasons of security, including on the basis of an adverse or qualified security assessment in respect of a person; or
(ii) otherwise reasonable and appropriate in the circumstances to ensure that scheme data is collected and used in accordance with this Act.
Note 1: The accreditation authority must give the entity notice before making a decision to grant accreditation with conditions (see section 79).
Note 2: Even if the accreditation authority does not impose conditions of accreditation, conditions of accreditation prescribed by the rules may still be applicable to the entity.
(3) Without limiting paragraph (1)(b), the accreditation authority may be satisfied that the entity meets the criteria for accreditation under section 77 to the appropriate standard on the basis that:
(a) the entity will comply with conditions of accreditation imposed on the entity; or
(b) because the entity will comply with conditions of accreditation imposed on the entity, the entity does not need to meet one or more of the criteria.
(4) For the purposes of paragraph (1)(c), an example of when the accreditation authority for an entity may consider it not appropriate to accredit the entity is if the authority considers that the entity's participation in the data sharing scheme would pose concerns for reasons of security.
75 Notice of accreditation decision
(1) The accreditation authority must give the entity written notice of the authority's decision under section 74, as soon as practicable after making the decision.
(2) If the accreditation authority grants the entity the accreditation applied for, the notice must set out the following:
(a) whether the entity is accredited as an ADSP or accredited user, or both;
(b) the day the accreditation comes into force;
(c) if the entity is accredited as an ADSP—that the accreditation must be renewed every 5 years (see paragraph 81(8)(a));
(d) if the authority decides to grant the accreditation with conditions of accreditation imposed by the authority:
(i) those conditions; and
(ii) the reasons for the decision; and
(iii) the entity's review rights under Part 6.2.
(3) If the accreditation authority refuses to accredit the entity, the notice must set out the following:
(a) the reasons for the refusal;
(b) the entity's review rights under Part 6.2.
(148) Clause 76, page 55 (lines 22 to 26), omit subclause (1), substitute:
(1) An entity may apply for accreditation, as an ADSP or an accredited user, to the accreditation authority for the entity.
(149) Clause 76, page 55 (line 28), omit "if the entity is not an individual—".
(150) Clause 76, page 55 (lines 31 and 32), omit paragraph (2)(c), substitute:
(c) include the evidence prescribed by the rules to support the criteria for accreditation and the entity's ability to meet the criteria to the appropriate standard; and
(151) Clause 76, page 56 (lines 5 to 8), omit subclause (3) (including the note).
(152) Clause 77, page 56 (lines 10 to 28), omit subclause (1), substitute:
(1) The criteria for accreditation are the following:
(a) the entity has appropriate data management and governance policies and practices and an appropriately qualified individual in a position that has responsibility for data management and data governance for the entity;
(b) the entity is able to minimise the risk of unauthorised access, sharing or loss of data;
(c) the entity has the necessary skills and capability to ensure the privacy, protection and appropriate use of data, including the ability to manage risks in relation to those matters;
(d) any additional criteria prescribed under subsection (2).
(1A) In addition to the criteria set out in subsection (1), it is a criterion for accreditation as an ADSP that the entity has the necessary policies, practices, skills and capability to perform the following data services:
(a) de-identification data services;
(b) secure access data services;
(c) complex data integration services.
(153) Page 56 (after line 30), after clause 77, insert:
77A General provisions relating to accreditation
(1) An entity accredited as an ADSP continues to be an ADSP (including while its accreditation as an ADSP is suspended) until the accreditation is cancelled.
(2) An entity accredited as an accredited user continues to be an accredited user (including while its accreditation as an accredited user is suspended) until the accreditation is cancelled.
(3) Accreditation is granted on the basis that:
(a) under Part 5.2, the entity may be accredited with conditions of accreditation and conditions of accreditation may be imposed, varied or removed while the entity is accredited; and
(b) the accreditation may be suspended or cancelled under section 81; and
(c) the accreditation may be cancelled, revoked, terminated or varied, and conditions of accreditation may be imposed, varied or removed, by or under later legislation; and
(d) no compensation is payable in any of those events.
(154) Clauses 78 and 79, page 57 (line 2) to page 58 (line 29), omit the clauses, substitute:
77B Conditions of accreditation
(1) The rules may prescribe conditions of accreditation applicable to all entities, or to classes of entities, as prescribed.
(2) Conditions of accreditation, whether prescribed by the rules or imposed by an accreditation authority under section 74, 78 or 84, may require or permit an entity to do something, or prevent it from doing something.
(3) Examples of conditions that may be prescribed or imposed are conditions to do any of the following:
(a) limit the individuals who may collect and use data;
(b) require the entity to provide, at a specified time or specified intervals, evidence of specified matters, or specified information, relating to the entity's accreditation;
(c) prohibit collection or use of personal information;
(d) prohibit collection and use of data other than by means of a secure access data service;
(e) prohibit the entity from storing or accessing, or providing access to, scheme data outside Australia;
(f) if the entity is, or is applying for accreditation as, an ADSP—limit the kinds of data services the entity may provide.
78 Imposition, variation or removal of conditions of accreditation by accreditation auth ority
(1) The accreditation authority for an entity may, while the entity is an accredited entity, impose conditions of accreditation on the entity if the authority considers that doing so is:
(a) appropriate for reasons of security, including on the basis of an adverse or qualified security assessment in respect of a person; or
(b) otherwise reasonable and appropriate in the circumstances to ensure that scheme data is collected and used in accordance with this Act.
(2) If a court finds that an accredited entity has committed an offence against this Act, or a civil penalty order is made against an accredited entity for a contravention of subsection 14A(1) to which subsection 14A(2) applies, the accreditation authority for the entity must consider whether it is appropriate to:
(a) cancel or suspend the entity's accreditation; or
(b) impose one or more conditions on the entity:
(i) to mitigate the risks of the entity contravening subsection 14A(1) again or otherwise breaching this Act; or
(ii) to prevent one or more individuals engaging in conduct in relation to scheme data held by the entity.
(3) If a civil penalty order is made against an entity that is accredited as both an ADSP and an accredited user, subsection (2) applies in relation to the entity in both capacities.
(4) The accreditation authority may vary or remove a condition of accreditation imposed on the entity by the authority at any time if the authority considers that doing so is:
(a) appropriate for reasons of security, including on the basis of an adverse or qualified security assessment in respect of a person; or
(b) otherwise appropriate in the circumstances.
(5) If the Minister decides to impose a condition of accreditation on an entity, or vary or remove such a condition, the Minister must notify the Commissioner of the decision.
79 Notice before decision relating to conditions of accreditation
(1) Subject to subsection (4), the accreditation authority for an entity must not make any of the following decisions in relation to an entity unless the authority has given the entity written notice of the proposed decision in accordance with subsection (2):
(a) a decision under section 74 to accredit the entity with conditions of accreditation imposed by the authority;
(b) a decision under section 78 to impose conditions of accreditation on the entity or vary or remove such conditions;
(c) a decision under section 84 to renew the entity's accreditation with conditions of accreditation imposed by the authority (including conditions of accreditation imposed before the renewal that continue to be imposed on the entity).
Note: The Commissioner is the accreditation authority under section 84.
(2) The notice must:
(a) state the proposed decision; and
(b) request the entity to give the accreditation authority, within the period specified in the notice, a written statement relating to the proposed decision.
(3) The accreditation authority must consider any written statement given to the authority within the period specified in the notice before making the decision.
(4) If the reasons for the decision relate to security, or the accreditation authority reasonably believes the reasons to be serious and urgent, the accreditation authority may decide:
(a) to give the entity a notice under subsection (2) that does not include the request referred to in paragraph (2)(b); or
(b) not to give the entity a notice under subsection (2).
(155) Clause 80, page 58 (line 31) to page 59 (line 6), omit subclauses (1) to (3), substitute:
(1) The accreditation authority for an accredited entity must give the entity written notice of a decision made under section 78, as soon as practicable after making the decision.
(156) Clause 80, page 59 (line 7), omit "(4)", substitute "(2)".
(157) Clause 80, page 59 (line 9), omit "removed;", substitute "removed; and".
(158) Clause 80, page 59 (line 11), omit "effect;", substitute "effect; and".
(159) Clause 80, page 59 (line 13), omit "(if any)".
(160) Clause 80, page 59 (lines 14 to 17), omit the note.
(161) Clause 81, page 60 (line 2) to page 61 (line 20), omit the clause, substitute:
81 Suspension or cancellation of accreditation
When accreditation may be suspended or cancelled
(1) The accreditation authority for an entity may suspend or cancel the accreditation of the entity if any of the following circumstances exist:
(a) the accreditation authority is reasonably satisfied that the entity does not meet the criteria for accreditation under section 77 to the appropriate standard;
(b) the entity becomes a Chapter 5 body corporate within the meaning of the Corporations Act 2001 ;
(c) for accreditation as an ADSP if the entity is a Commonwealth body, State body or Territory body, or the Commonwealth, a State or Territory—the Minister:
(i) refuses to accredit the entity as an accredited user; or
(ii) suspends or cancels the entity's accreditation as an accredited user;
(d) for accreditation as an accredited user—the Commissioner suspends or cancels the entity's accreditation as an ADSP;
(e) the accreditation authority determines it is in the national interest;
(f) for reasons of security, including on the basis of an adverse or qualified security assessment in respect of a person.
Note: An accredited entity continues to be an accredited entity (including while its accreditation is suspended) until its accreditation is cancelled (see subsections 77A(1) and (2)).
(2) The accreditation authority for an entity may suspend the accreditation of the entity if the accreditation authority reasonably suspects that the entity has breached this Act or a data sharing agreement.
(3) The accreditation authority for an entity may cancel the entity's accreditation if the Commissioner determines under subsection 102(1) that the entity has breached this Act or a data sharing agreement.
(4) The Minister may cancel the accreditation of an entity for which the Minister is the accreditation authority if the Minister reasonably believes that the entity has breached this Act or a data sharing agreement.
(5) If an entity is a data scheme entity in more than one capacity, the accreditation authority may have regard to the entity's conduct in any of those capacities for the purposes of subsections (1), (2), (3) and (4).
(6) If, under paragraph (1)(c), there is a ground for suspending or cancelling an entity's accreditation as an ADSP, the Commissioner must consider whether to do any of the following:
(a) suspend or cancel the entity's accreditation as an ADSP on that ground;
(b) impose conditions of accreditation on the entity in its capacity as an ADSP, or vary any such conditions.
(7) If, under paragraph (1)(d), there is a ground for suspending or cancelling an entity's accreditation as an accredited user, the accreditation authority for the accredited user must consider whether to do any of the following:
(a) suspend or cancel the entity's accreditation as an accredited user on that ground;
(b) impose conditions of accreditation on the entity in its capacity as an accredited user, or vary any such conditions.
When accreditation must be suspended or cancelled
(8) The Commissioner:
(a) must suspend an entity's accreditation as an ADSP if the entity fails to apply for renewal under section 85A within 5 years of the grant of accreditation under section 74 or its renewal under section 84, as applicable; and
(b) must suspend or cancel an entity's accreditation as an ADSP after having refused to renew the entity's accreditation under section 84.
Note: An accredited entity continues to be an accredited entity (including while its accreditation is suspended) until its accreditation is cancelled (see subsections 77A(1) and (2)).
Cancellation on request
(9) The accreditation authority for an entity may cancel the entity's accreditation upon request by an authorised officer of the entity. The request must be in the approved form (if any).
Circumstances in which cancellation does not take effect
(10) Unless the accreditation authority for an entity otherwise determines, a decision to cancel the entity's accreditation does not take effect if the entity has not complied with a direction given by the Commissioner under subsection 112(3) (direction for purposes of ensuring that entity does not hold scheme data after the cancellation).
(162) Clause 82, page 61 (lines 22 to 27), omit subclause (1), substitute:
(1) Subject to subsection (4), the accreditation authority for an entity must not suspend or cancel the entity's accreditation under subsection 81(1), (2), (3) or (4) unless the authority has given the entity a written notice in accordance with subsection (2) of this section.
(163) Clause 82, page 61 (line 30), omit "subsection 81(1)", substitute "section 81".
(164) Clause 82, page 62 (line 6), omit "request the accredited entity to give the Commissioner", substitute "for proposed suspension or cancellation under subsection 81(1), (2), (3) or (4)—request the accredited entity to give the accreditation authority".
(165) Clause 82, page 62 (line 10), omit "Commissioner", substitute "accreditation authority".
(166) Clause 82, page 62 (line 11), omit "Commissioner", substitute "accreditation authority".
(167) Clause 82, page 62 (line 12), omit "subsection 81(1)", substitute "section 81".
(168) Clause 82, page 62 (line 13) to page 63 (line 7), omit subclauses (4) to (8), substitute:
(4) If the reasons for making a decision under section 81 relate to security, or the accreditation authority reasonably believes the reasons to be serious and urgent, the accreditation authority may decide:
(a) for a decision made under subsection 81(1), (2), (3) or (4)—to give the entity a notice under subsection (2) of this section that does not include the request referred to in paragraph (2)(c) of this section; or
(b) not to give the entity a notice under subsection (2) of this section.
(169) Clause 83, page 63 (lines 9 and 10), omit "Commissioner must give an accredited entity written notice of a decision under subsection 81(1) or (3)", substitute "accreditation authority for an entity must give the entity written notice of a decision under section 81".
(170) Clause 83, page 63 (line 13), omit "Commissioner", substitute "accreditation authority".
(171) Clause 83, page 63 (lines 16 to 17), omit "under subsection 81(1)".
(172) Clause 83, page 63 (line 18), omit "under subsection 81(1)".
(173) Clause 83, page 63 (lines 19 to 21), omit paragraph (3)(b).
(174) Clause 83, page 63 (line 25), omit ", including the effect of subsection 81(7) if relevant".
(175) Clause 83, page 63 (line 26), omit "(if any)".
(176) Clause 83, page 63 (lines 27 to 35), omit the notes.
(177) Page 63 (after line 35), at the end of Division 3, add:
83A Lifting of suspension
If an entity's accreditation is suspended under section 81, the accreditation authority for the entity may lift the suspension by written notice to the entity if satisfied that:
(a) there are no longer any grounds for the suspension; or
(b) it is otherwise no longer appropriate for the accreditation to be suspended.
(178) Page 64 (line 1) to page 65 (line 1), omit Division 4, substitute:
Division 4 — Renewal of accreditation of ADSPs
84 Renewal
(1) If an entity applies for the renewal of the entity's accreditation as an ADSP under section 85A, the Commissioner may grant the renewal if:
(a) the entity is an Australian entity and not an excluded entity; and
(b) the Commissioner is satisfied that the entity meets the criteria for accreditation under section 77, to a standard appropriate for accreditation as an ADSP; and
(c) the Commissioner considers it appropriate, in all the circumstances, to grant the renewal.
(2) If the Commissioner grants the renewal, the Commissioner may renew the accreditation:
(a) without imposing conditions of accreditation on the entity; or
(b) with conditions of accreditation imposed by the Commissioner (including conditions of accreditation imposed before the renewal that continue to be imposed on the entity), if the Commissioner is satisfied that imposing the conditions is:
(i) appropriate for reasons of security, including on the basis of an adverse or qualified security assessment in respect of a person; or
(ii) otherwise reasonable and appropriate in the circumstances to ensure that scheme data is collected and used in accordance with this Act.
Note 1: The Commissioner must give the entity notice before making a decision to renew the entity's accreditation with conditions (see section 79).
Note 2: Even if the Commissioner does not impose conditions of accreditation, conditions of accreditation prescribed by the rules may still be applicable to the entity.
(3) Without limiting paragraph (1)(b), the Commissioner may be satisfied that the entity meets the criteria for accreditation under section 77 to the appropriate standard on the basis that:
(a) the entity will comply with conditions of accreditation imposed on the entity; or
(b) because the entity will comply with conditions of accreditation imposed on the entity, the entity does not need to meet one or more of the criteria.
(4) For the purposes of paragraph (1)(c), an example of when the Commissioner may consider it not appropriate to grant the renewal is if the Commissioner considers that the entity's continued participation in the data sharing scheme would pose concerns for reasons of security.
85 Notice of renewal decision
(1) The Commissioner must give the entity written notice of the Commissioner's decision under section 84, as soon as practicable after making the decision.
(2) If the Commissioner grants the entity the renewal, the notice must set out the following:
(a) the 5-year period for which the renewed accreditation is in effect (see paragraph 81(8)(a));
(b) if the Commissioner decides to grant the renewal with conditions of accreditation imposed by the Commissioner (including conditions of accreditation imposed before the renewal that continue to be imposed on the entity):
(i) those conditions; and
(ii) the reasons for the decision; and
(iii) the entity's review rights under Part 6.2.
(3) If the Commissioner refuses to renew the entity's accreditation, the notice must set out the following:
(a) the reason for the refusal;
(b) that the entity's accreditation will be suspended or cancelled under section 81; and
(c) the entity's review rights under Part 6.2.
85A Application for renewal
(1) An entity that is accredited as an ADSP may apply to the Commissioner for renewal of its accreditation.
Note: For the consequences of failure to apply for renewal, see subsection 81(8). An entity may apply for renewal under this section before or after its accreditation has been suspended under that subsection.
(2) The application must:
(a) be made by an authorised officer of the entity; and
(b) be in the approved form (if any); and
(c) include the evidence prescribed by the rules to support the criteria for accreditation and the entity's ability to meet the criteria to the appropriate standard; and
(d) include consent for the Commissioner to:
(i) obtain information relevant to the entity's application for renewal from third parties; and
(ii) verify information provided by the entity with third parties.
(179) Clause 87, page 66 (lines 9 and 10), omit "Commissioner may, by notice in writing, request further information or evidence from an", substitute "accreditation authority for an entity may, by notice in writing, request further information or evidence from the".
(180) Clause 87, page 66 (lines 13 and 14), omit "Commissioner requests information or evidence under subsection (1), the Commissioner", substitute "accreditation authority requests information or evidence under subsection (1), the accreditation authority".
(181) Heading to Division 1, page 67 (line 2), omit "Complaints", substitute "Scheme complaints".
(182) Heading to clause 88, page 67 (line 3), before "complaints", insert "scheme".
(183) Clause 88, page 67 (lines 4 to 6), omit subclause (1), substitute:
(1) A data scheme entity may complain to the Commissioner if the complainant reasonably suspects that another entity, while the other entity was a data scheme entity, breached:
(a) this Act; or
(b) a data sharing agreement to which both entities were party when the alleged breach occurred.
(184) Clause 88, page 67 (line 9), omit "belief", substitute "suspicion":
(185) Clause 88, page 67 (lines 14 and 15), omit subclause (4).
(186) Clause 89, page 67 (lines 26 and 27), omit the note.
(187) Clause 90, page 68 (line 3), after "complaint", insert "under section 88".
(188) Clause 91, page 68 (lines 29 to 31), omit paragraph (1)(b), substitute:
(b) consider whether it would be appropriate to seek to resolve the complaint by conciliation, or an external dispute resolution scheme recognised under section 131, and, if so, make the necessary arrangements.
(189) Clause 91, page 68 (lines 32 to 34), omit the note.
(190) Clause 92, page 69 (line 4) to page 70 (line 13), omit the clause, substitute:
92 Grounds for not dealing with complaints
(1) If a complaint is made under section 88 in relation to an entity's alleged breach of this Act or a data sharing agreement, a ground exists for not dealing with the complaint if any of the following applies:
(a) the Commissioner is satisfied that the alleged breach:
(i) did not occur; or
(ii) is not material;
(b) the complainant fails to satisfy the Commissioner that:
(i) the complainant has complained about the alleged breach to the entity; or
(ii) it would not be appropriate for the complainant to do so;
(c) the complainant has complained about the alleged breach to the entity before complaining to the Commissioner and the Commissioner is satisfied that:
(i) the entity has dealt, or is dealing, adequately with the complaint; or
(ii) the entity has not had an adequate opportunity to deal with the complaint;
(d) the complaint was made more than 12 months after the complainant first reasonably suspected the entity breached this Act or the relevant data sharing agreement;
(e) the complaint is frivolous, vexatious, misconceived, lacking in substance or not made in good faith;
(f) an investigation, or further investigation, of the alleged breach is impracticable or otherwise unwarranted, having regard to all the circumstances;
(g) the complainant has not responded, within the period specified by the Commissioner, to a request for information in relation to the complaint;
(h) the Commissioner considers that it would be appropriate to seek to resolve the complaint by conciliation or an external dispute resolution scheme recognised under section 131 (whether or not the entity and the complainant agree to do so);
(i) the complaint is being resolved as mentioned in paragraph (h);
(j) the conduct giving rise to the complaint is the subject of an application under another Commonwealth law, or a State or Territory law, and the subject matter of the complaint has been, or is being, dealt with adequately under that law;
(k) another Commonwealth law, or a State or Territory law, provides a more appropriate remedy for the conduct giving rise to the complaint (including where the Commissioner has formed the opinion mentioned in section 107 (transfer of matters to appropriate authority));
(l) the complainant has withdrawn the complaint.
(2) If the Commissioner decides under subsection 91(2) or paragraph 101(4)(a) to cease dealing with a complaint because a ground exists for not dealing with the complaint, the Commissioner must give the complainant written notice of:
(a) the Commissioner's decision and the reasons for it; and
(b) the complainant's review rights under Part 6.2.
(3) If the Commissioner notified the respondent of the complaint, the Commissioner must give the respondent a copy of any notice given to the complainant.
(191) Clause 93, page 70 (lines 17 and 18), omit "relating to the complaint or the matters that are the subject of the complaint", substitute "under this Act or any other law".
(192) Division 2, clauses 94 to 98, page 71 (line 1) to page 73 (line 8), omit the Division, substitute:
Division 2 — General complaints
94 Making general complaints
A person may complain to the Commissioner about any matter relating to the administration or operation of the data sharing scheme.
95 Dealing with complaints
The Commissioner may deal with a complaint made under section 94 by doing any of the following:
(a) making any preliminary inquiries, of the complainant or any other person, that the Commissioner considers necessary for the purposes of determining whether and how to deal with the complaint;
(b) requesting the complainant to give the Commissioner further information in connection with the complaint;
(c) if the complaint causes the Commissioner to reasonably suspect that an entity has breached this Act, or a data sharing agreement, while the entity is orwas a data scheme entity—investigating the entity's conduct under subsection 101(2);
(d) considering whether it would be appropriate to deal with the complaint by conciliation and, if so, dealing with it or arranging for it to be dealt with in that way;
(e) if the Commissioner is satisfied no action is required in relation to the complaint—deciding to take no action;
(f) exercising any other powers of the Commissioner under this Act that the Commissioner considers appropriate in relation to the complaint, including:
(i) the power to conduct assessments under section 99; and
(ii) the power to transfer matters to other agencies or bodies under section 107.
96 Admissibility of things said or done in conciliation
If a complaint under section 94 is dealt with by conciliation, evidence of anything said or done in the course of the conciliation is not admissible in any legal proceedings under this Act or any other law, unless:
(a) the complainant and respondent otherwise agree; or
(b) the thing was said or done in the course of committing an offence or contravening a civil penalty provision.
(193) Clause 101, page 74 (line 29) to page 75 (line 8), omit all the words from and including "if" to the end of subclause (1), substitute "unless the Commissioner is satisfied that a ground exists for not dealing with the complaint (see section 92)".
(194) Clause 101, page 75 (lines 9 to 11), omit subclause (2), substitute:
(1A) The Commissioner must investigate conduct engaged in by an entity while it is or was a data scheme entity if the Minister directs the Commissioner to do so under subsection (1B).
(1B) The Minister may, by notifiable instrument, direct the Commissioner to investigate conduct engaged in by an entity while it is or was a data scheme entity, if the Minister:
(a) is or was the accreditation authority for the entity; and
(b) reasonably suspects that the entity has breached, is breaching or is proposing to breach this Act or a data sharing agreement.
(2) The Commissioner may, on the Commissioner's own initiative, investigate conduct engaged in by an entity while the entity is or was a data scheme entity if the Commissioner reasonably suspects that the entity has breached, is breaching or is proposing to breach this Act or a data sharing agreement.
(195) Clause 101, page 75 (lines 14 to 17), omit subclause (4), substitute:
(4) The Commissioner may cease an investigation at any time if:
(a) for an investigation under subsection (1)—the Commissioner is satisfied that a ground exists for not dealing with the complaint to which the investigation relates (see section 92); or
(b) for an investigation under subsection (1A):
(i) the Minister no longer reasonably suspects that the entity has breached, is breaching or is proposing to breach this Act or a data sharing agreement (as the case requires), and informs the Commissioner of that fact; or
(ii) the Commissioner otherwise considers it appropriate to cease the investigation; or
(c) for an investigation under subsection (2)—the Commissioner:
(i) no longer reasonably suspects that the entity has breached this Act or a data sharing agreement; or
(ii) otherwise considers it appropriate to cease the investigation.
(196) Clause 102, page 76 (lines 2 and 3), omit "Act, or is breaching or proposing to breach this Act," substitute "Act or a data sharing agreement, or is breaching or proposing to breach this Act or a data sharing agreement,".
(197) Clause 102, page 76 (lines 4 to 9), omit paragraph (1)(b), substitute:
(b) if the Commissioner is satisfied that the entity has breached this Act or the data sharing agreement, or is breaching or proposing to breach this Act or the data sharing agreement—an indication of any action the Commissioner has decided to take, or advise the Minister as accreditation authority to take, in relation to the entity's accreditation, or under Part 5.5 (regulatory powers and enforcement) of this Act or the Regulatory Powers Act as it applies in relation to this Act.
(198) Clause 102, page 76 (after line 14), after subclause (2), insert:
(2A) If the determination relates to an investigation under subsection 101(1A), the Commissioner must give the Minister a copy of the determination.
(199) Clause 103, page 76 (line 25), after "the investigation", insert "together with, if the Commissioner decides to make the determination publicly available, notice of the entity's review rights under Part 6.2 in relation to that decision".
(200) Clause 103, page 76 (line 26), after "complaint", insert "under section 88 or 94".
(201) Clause 103, page 76 (after line 27), after subclause (3), insert:
(3A) If the Commissioner ceases the investigation under subsection 101(4), the Commissioner must give the entity and any complainant written notice of the cessation.
(202) Page 76 (after line 30), at the end of Part 5.4, add:
103A Recommendations
If the Commissioner completes an assessment or investigation, under this Part, of the operations of a data scheme entity, the Commissioner may give the entity written recommendations about any action the Commissioner considers the entity should take in relation to matters covered by the assessment or investigation.
(203) Clause 104, page 77 (line 17), omit "300 penalty units", substitute "30 penalty units".
(204) Clause 104, page 77 (line 22), omit "12 months", substitute "6 months".
(205) Clause 105, page 78 (lines 4 to 7), omit subclause (1), substitute:
(1) A person is not excused from complying with a notice under section 104 on the ground that giving the information or producing the document would disclose a communication protected against disclosure by legal professional privilege, if the communication is:
(a) legal advice given to a Minister or a Commonwealth body; or
(b) a communication between a designated individual for a Commonwealth body, if the communication is within the actual or apparent scope of the individual's designation, and another person or body.
(206) Clause 105, page 78 (after line 16), at the end of the clause, add:
(4) If a person claims, by written notice given to the Commissioner, that, but for subsection (1), information or a document specified in a notice given to the person under section 104 would be protected against disclosure by legal professional privilege, the Commissioner:
(a) must withdraw the notice unless satisfied that it is reasonably necessary and proportionate to the investigation to require the person to give the information or produce the document; and
(b) must ensure that the information and documents are held securely and destroyed when the investigation ends; and
(c) may disclose the information or documents to a person if:
(i) the person is a member of the staff mentioned in section 47, or engaged as a contractor or consultant as mentioned in section 48 or 49, or otherwise providing services to the Commissioner; and
(ii) the Commissioner is satisfied that the disclosure is reasonably necessary for the purposes of the investigation; and
(d) must not disclose the information or documents except in accordance with paragraph (c).
(5) Subsection (4) does not apply if there are no reasonable grounds for the person's claim.
(207) Clause 107, page 79 (line 31), after "complaint", insert "under section 88 or 94".
(208) Clause 108, page 80 (line 11), after "information", insert "or a document".
(209) Clause 108, page 80 (line 14), after "information", insert "or document".
(210) Clause 108, page 80 (line 17), after "information", insert "or document".
(211) Clause 108, page 80 (line 19), omit "powers.", substitute "powers; and".
(212) Clause 108, page 80 (after line 19), at the end of subclause (1), add:
(c) subsection 105(4) does not apply in relation to the information.
(213) Clause 108, page 81 (line 12), after "information", insert "or a document".
(214) Clause 109, page 81 (line 21), omit "subsections 14(2) and (4) (offences for", substitute "an offence against section 14 or 14A (penalties for".
(215) Clause 109, page 82 (after line 24), at the end of subclause (4), add:
Note: The person assisting must have the necessary skills, qualifications or experience (see subsection 45(2)).
(216) Clause 110, page 83 (after line 26), at the end of subclause (3), add:
Note: The person assisting must have the necessary skills, qualifications or experience (see subsection 45(2)).
(217) Clause 111, page 83 (lines 27 to 32), omit the clause.
(218) Clause 112, page 84 (lines 1 to 19), omit the clause, substitute:
112 Directions
Directions in situations of urgency
(1) The Commissioner may give a data scheme entity a written direction requiring the entity to take, or not to take, specified actions if the Commissioner is satisfied that:
(a) either of the following situations exists:
(i) the entity, or another entity, has acted or is likely to act in a way that is inconsistent with this Act or a data sharing agreement;
(ii) an emergency or high risk situation has arisen or is likely to arise; and
(b) for a requirement to take specified actions—it is necessary, to address the situation or prevent it arising again, for the entity to take the actions immediately or as soon as practicable; and
(c) for a requirement not to take specified actions—the entity is taking the actions or may take them imminently and it is necessary, to address the situation or prevent it arising again, for the entity not to take the actions.
Directions in other situations
(2) The Commissioner may give a data scheme entity a written direction requiring the entity to take, or not to take, specified actions if the Commissioner is satisfied that:
(a) the entity, or another entity, has acted or is likely to act in a way that is inconsistent with this Act or a data sharing agreement; and
(b) for a requirement to take specified actions—it is necessary, to address the situation mentioned in paragraph (a) or prevent it arising again, for the entity to take the actions; and
(c) for a requirement not to take specified actions—the entity is taking the actions or may take them and it is necessary, to address the situation mentioned in paragraph (a) or prevent it arising again, for the entity not to take the actions.
(3) The Commissioner may give an accredited entity a written direction requiring the entity to take, or not to take, specified actions if the Commissioner is satisfied that:
(a) the accreditation authority for the entity intends to cancel the entity's accreditation (whether at the entity's request or otherwise); and
(b) for a requirement to take specified actions—it is necessary, to ensure that the entity does not hold scheme data after the cancellation, for the entity to take the actions; and
(c) for a requirement not to take specified actions—it is necessary, to ensure that the entity does not hold scheme data after the cancellation, for the entity not to take the actions.
Specified actions
(4) The specified actions may include providing another entity with access to scheme data.
Compliance with direc tions
(5) An entity must comply with a direction given to the entity.
Civil penalty: 300 penalty units.
(6) A direction made under subsection (1), (2) or (3) is not a legislative instrument.
(219) Clause 117, page 88 (line 7), omit "Administrative decisions made by the Commissioner", substitute "Certain administrative decisions made by the Minister or Commissioner".
(220) Clause 117, page 88 (line 11), after "data codes", insert "and guidelines".
(221) Clause 117, page 88 (line 16), omit paragraph (a) of the paragraph beginning "The Commissioner may also".
(222) Clause 117, page 88 (line 18), omit "the mandatory terms in".
(223) Clause 117, page 88 (after line 21), after the paragraph beginning "The Commissioner may also", insert:
This Chapter also includes provisions about how conduct of individuals is attributed to entities, and extends the authorisations in Chapter 2 for data scheme entities to share, collect or use data to certain individuals and bodies corporate.
(224) Clause 118, page 89 (lines 3 to 20), omit the clause, substitute:
118 Reviewable decisions
(1) Each of the following decisions made by the Commissioner is a reviewable decision :
(a) a decision under section 74 to accredit an entity with conditions of accreditation imposed by the Commissioner, or to refuse to accredit the entity;
(b) a decision under section 78 to impose conditions of accreditation on an accredited entity, or vary them;
(c) a decision under subsection 81(1), (2), (3) or (4) to suspend or cancel an entity's accreditation;
(d) a decision under section 84 to renew an entity's accreditation with conditions of accreditation imposed by the Commissioner, or to refuse to renew an entity's accreditation;
(e) a decision under subsection 91(2), or paragraph 101(4)(a), not to deal with a complaint;
(f) a decision under subsection 102(2) to make a determination publicly available;
(g) a decision under subsection 112(2) or (3) to give an entity a written direction.
The Commissioner is the reviewer for the decision.
Note: Decisions made personally by the Commissioner are reviewable by the AAT (see section 122). The Commissioner is the reviewer only for decisions made by delegates of the Commissioner.
(2) Each of the following decisions made by the Minister is also a reviewab le decision :
(a) a decision to accredit an entity with conditions of accreditation imposed by the Minister, or to refuse to accredit the entity;
(b) a decision under section 78 to impose conditions of accreditation on an accredited entity, or vary them;
(c) a decision under subsection 81(1), (2), (3) or (4) to suspend or cancel an entity's accreditation.
The Minister is the reviewer for the decision.
Note: Decisions made personally by the Minister are reviewable by the AAT (see section 122). The Minister is the reviewer only for decisions made by the Commissioner as the Minister's delegate.
(225) Heading to clause 119, page 89 (line 22), omit "Commissioner", substitute "reviewer".
(226) Clause 119, page 89 (line 24), omit "Commissioner, the person may apply to the Commissioner", substitute "reviewer for the decision, the person may apply to the reviewer".
(227) Clauses 120 and 121, page 90 (lines 1 to 31), omit the clauses, substitute:
120 Reconsideration by reviewer
(1) If a person applies under subsection 119(1) to the reviewer for a reviewable decision for reconsideration of the decision, the reviewer must reconsider the decision and do any of the following:
(a) affirm the decision;
(b) vary the decision;
(c) revoke the decision and substitute a new decision.
(2) The reviewer's decision on reconsideration of a decision has effect as if it had been made under the provision under which the original decision was made.
(3) The reviewer must give the applicant a written notice stating the reviewer's decision on the reconsideration.
(4) Within 28 days after making the decision on the reconsideration, the reviewer must give the applicant a written statement of the reviewer's reasons for the decision.
(5) If the reviewer's functions under this section are performed by a delegate of the reviewer, the delegate who reconsiders the reviewable decision:
(a) must not have been involved in making the reviewable decision; and
(b) must hold a position, or perform duties, of at least the same level as the delegate who made the reviewable decision.
Note: The Commissioner may delegate functions and powers to members of staff (see section 50). The Minister may delegate functions and powers to the Commissioner (see section 137A).
121 Deadline for reconsideration
(1) The reviewer must make a decision on reconsideration of a decision within 90 days after receiving an application for reconsideration.
(2) The reviewer is taken, for the purposes of this Part, to have made a decision affirming the original decision if the reviewer has not informed the applicant of the reviewer's decision on the reconsideration before the end of the period of 90 days.
(228) Clause 122, page 91 (line 3), omit "either", substitute "any".
(229) Clause 122, page 91 (line 4), omit paragraph (a), substitute:
(a) the decision was made personally by the Commissioner (other than a decision made by the Commissioner in the Commissioner's capacity as a delegate of the Minister);
(aa) the decision was made personally by the Minister;
(230) Part 6.3, page 92 (line 1) to page 95 (line 4), omit the Part, substitute:
Part 6.3 — Extension of authorisations and attribution of conduct
123 Designated individuals and designation
(1) For the purposes of this Act, the following table specifies individuals who are designated individuals for entities, and each such individual'sdesignation .
(2) If, for an individual to whom item 1 of the table in subsection (1) applies, any of items 2, 3 or 4 of the table also apply, the individual has the designation specified for each applicable item.
(3) An individual or body corporate's contract with an entity is an approved contract if:
(a) the entity is an accredited entity and party to a data sharing agreement; and
(b) the contract is authorised by, or approved under, the data sharing agreement in accordance with any requirements in a data code.
124 Extension of authorisations to share, collect or use data
Designated individuals
(1) An authorisation in Chapter 2 for an entity to share, collect or use data also authorises a designated individual for the entity to engage in conduct that is, or is part of, the sharing, collection or use, if the conduct is within the actual scope of the individual's designation.
(2) Subsection (1) does not apply to conduct of an individual if either of the following has the effect that the individual may not engage in such conduct:
(a) conditions of accreditation imposed on or applicable to the entity;
(b) the data sharing agreement that covers the sharing, collection or use.
Bodies corporate
(3) An authorisation in Chapter 2 for an accredited entity to collect or use data also authorises a body corporate that is party to an approved contract with the accredited entity to engage in conduct that is, or is part of, the collection or use, if the conduct is within the actual scope of the approved contract.
(4) Subsection (3) does not apply to conduct of a body corporate if either of the following has the effect that the body corporate may not engage in such conduct:
(a) conditions of accreditation imposed on or applicable to the entity;
(b) the approved contract;
(c) the data sharing agreement for the project to which the collection or use relates.
Access to data by designated individuals and certain bodies corporate
(5) If a designated individual for an entity, or a body corporate that is party to an approved contract with an entity, is given access to data by the entity, and the access is within the actual scope of the individual's designation or the body corporate's approved contract, giving the access is taken, for the purposes of the data sharing scheme, to be a use of the data, but not a provision of access to it.
125 Other things an entity may or must do under the data sharing scheme
(1) If an entity may or must do something under the data sharing scheme, the thing may be done, for the entity, by any designated individual for the entity, if doing the thing is within the actual or apparent scope of the individual's designation.
(2) Subsection (1) does not apply in relation to the authorisations in Chapter 2 to which section 124 applies, or in relation to things that may or must be done by an authorised officer or an officer authorised under subsection 137(3) or (4).
125A Contraventions by entities of civil penalty provisions and other non-criminal bre aches of this Act
Conduct attributed to entity
(1) In determining whether an entity has contravened a civil penalty provision of this Act, or otherwise breached this Act:
(a) the entity is taken to have engaged in any conduct engaged in:
(i) by a designated individual for the entity, if the conduct is within the actual or apparent scope of the individual's designation; or
(ii) by a body corporate that is party to an approved contract with the entity, if the conduct is within the actual or apparent scope of the approved contract; and
(b) if it is necessary to establish the entity's state of mind, it is sufficient to establish the state of mind of an individual who has engaged in conduct as mentioned in subparagraph (a)(i).
(2) Despite subsection (1), a government entity does not contravene a civil penalty provision of this Act because of conduct that is attributed to the entity under subsection (1), if the entity took reasonable precautions and exercised due diligence to avoid the conduct.
Note: The government entity bears an evidential burden in relation to the matter in subsection (2) (see section 96 of the Regulatory Powers Act).
(3) An individual whose conduct is attributed to a government entity under subsection (1) is not personally liable for a contravention of a civil penalty provision (including an ancillary contravention) in relation to the conduct.
(4) Any of the following is a government entity :
(a) a Commonwealth body;
(b) a State body, or a Territory body, that is not a body corporate;
(c) the Commonwealth, a State or a Territory.
Interaction with Regulatory Powers Act
(5) Section 97 of the Regulatory Powers Act does not apply in relation to a body corporate that is a Commonwealth body (subsection (1) of this section applies instead).
(6) Subsection (1) does not apply in relation to determining whether a body corporate that is not a Commonwealth body has contravened a civil penalty provision (section 97 of the Regulatory Powers Act applies instead).
125B Offences by entities against this Act
In determining whether an entity has committed an offence against this Act:
(a) the entity is taken to have engaged in any conduct engaged in:
(i) by a designated individual for the entity, if the conduct is within the actual or apparent scope of the individual's designation; or
(ii) by a body corporate that is party to an approved contract with the entity, if the conduct is within the actual or apparent scope of the approved contract; and
(b) if it is necessary to establish the entity's state of mind, it is sufficient to establish the state of mind of an individual who has engaged in conduct as mentioned in subparagraph (a)(i).
Note 1: Part 2.5 of the Criminal Code deals with criminal responsibility of bodies corporate.
Note 2: The Crown is not liable to be prosecuted for an offence.
(231) Clause 126, page 96 (lines 8 and 9), omit "data definitions in section 10, and provisions of Chapters 2 (including section 13)", substitute "definitions in sections 9, 10, 11 and 11A, and provisions of Chapters 2".
(232) Clause 126, page 96 (line 20), omit "relevant", substitute "necessary or convenient to deal with for carrying out or giving effect".
(233) Clause 126, page 96 (after line 20), after subclause (2), insert:
(2A) The Commissioner must make one or more data codes about:
(a) the data sharing principles in section 16; and
(b) the general privacy protections in section 16A; and
(c) the purpose-specific privacy protections in section 16B.
(2B) A data code about the general privacy protections in section 16A must deal with consent by individuals to the sharing of their personal information.
(2C) A data code about the purpose-specific privacy protections in section 16B must deal with the following:
(a) consent by individuals to the sharing and use of their personal information and circumstances in which it is unreasonable or impracticable to seek individuals' consent;
(b) principles to be applied by data custodians when determining:
(i) whether it is necessary to share personal information to properly deliver a government service; or
(ii) the circumstances, or categories of circumstances, where the public interest to be served by a project justifies the sharing of personal information without consent.
(234) Clause 127, page 96 (line 26), after "The Commissioner may", insert ", by legislative instrument,".
(235) Clause 127, page 97 (lines 6 to 9), omit subclauses (3) and (4), substitute:
(3) Guidelines that are inconsistent with the regulations, rules or data codes have no effect to the extent of the inconsistency, but guidelines are taken to be consistent with those instruments to the extent that the guidelines are capable of operating concurrently with them.
(236) Clauses 128 to 130, page 97 (line 10) to page 98 (line 30), omit the clauses, substitute:
128 Register of ADSPs
(1) The Commissioner must maintain a register of ADSPs. The register must include a publicly accessible part and may include a part that is not publicly accessible.
(2) Subject to subsection (4), the Commissioner must include in the part of the register that is publicly accessible the following details for each ADSP:
(a) the name of the ADSP;
(b) contact details for the ADSP;
(c) conditions of the ADSP's accreditation;
(d) at any time while the ADSP's accreditation is suspended—the duration of the suspension (which may be indefinite);
(e) any other details prescribed by the rules to be included in the publicly accessible part of the register.
(3) The rules may prescribe circumstances in which details mentioned in paragraph (2)(a), (b) or (c) must not be included in the publicly accessible part of the register.
(4) The Commissioner must include in the part of the register that is not publicly accessible any details:
(a) prescribed for the purposes of subsection (3); or
(b) prescribed by the rules to be included in the part of the register that is not publicly accessible.
(5) The register may be maintained in any form the Commissioner considers appropriate.
(6) The register is not a legislative instrument.
129 Register of accre dited users
(1) The Commissioner must maintain a register of accredited users. The register must include a publicly accessible part and may include a part that is not publicly accessible.
(2) Subject to subsection (4), the Commissioner must include in the part of the register that is publicly accessible the following details for each accredited user:
(a) the name of the accredited user;
(b) contact details for the accredited user;
(c) conditions of the accredited user's accreditation;
(d) at any time while the accredited user's accreditation is suspended—the duration of the suspension (which may be indefinite);
(e) any other details prescribed by the rules to be included in the publicly accessible part of the register.
(3) The rules may prescribe circumstances in which details mentioned in paragraph (2)(a), (b) or (c) must not be included in the publicly accessible part of the register.
(4) The Commissioner must include in the part of the register that is not publicly accessible any details:
(a) prescribed for the purposes of subsection (3); or
(b) prescribed by the rules to be included in the part of the register that is not publicly accessible.
(5) The register may be maintained in any form the Commissioner considers appropriate.
(6) The register is not a legislative instrument.
130 Register of data sharing agreements
(1) The Commissioner must maintain a register of data sharing agreements. The register must include a publicly accessible part and a part that is not publicly accessible.
(2) Subject to subsection (4), the Commissioner must include in the part of the register that is publicly accessible the following details in relation to each registered data sharing agreement:
(a) the entities that are parties and the capacity in which each entity is a party;
(b) the date the parties entered into the agreement;
(c) the date the Commissioner registered the agreement;
(d) a description of the project the agreement covers;
(e) the data sharing purpose of the project;
(f) a description of the data to be shared;
(g) whether personal information is to be shared;
(h) if personal information is to be shared—a statement in the approved form (if any) relating to the privacy obligations applicable to the accredited user in relation to its use of output of the project and the person or body to whom individuals may complain about use inconsistent with those obligations;
(i) if subsection 16B(7) applies in relation to the agreement—a copy of the statement and explanation required by that subsection;
(j) if subsection 16B(8) applies in relation to the agreement—a copy of the statement required by that subsection;
(k) if, but for section 23, sharing, collecting or using data under the agreement would contravene another law—the title of the other law;
(l) a statement of how the project will serve the public interest;
(m) a description of the final output of the project;
(n) if output of the project may exit the data sharing scheme under section 20E—the circumstances in which the exit may occur;
(o) if the agreement has an expiry date—the expiry date;
(p) whether the agreement is in effect or has expired or been terminated;
(q) if any details are affected by a variation of the agreement—the details as varied and the date the variation was registered;
(r) any other details prescribed by the rules to be included in the publicly accessible part of the register.
(3) The rules may prescribe circumstances in which details mentioned in subsection (2) must not be included in the publicly accessible part of the register.
(4) The Commissioner must include in the part of the register that is not publicly accessible:
(a) copies of data sharing agreements and variations given to the Commissioner under section 33; and
(b) any details prescribed for the purposes of subsection (3); and
(c) any details prescribed by the rules to be included in the part of the register that is not publicly accessible.
(5) The register may be maintained in any form the Commissioner considers appropriate.
(6) The register is not a legislative instrument.
(237) Clause 132, page 99 (line 32), omit "this Act, the rules or a data code", substitute "the data sharing scheme".
(238) Clause 135, page 101 (lines 3 to 27), omit the clause, substitute:
135 Disclosure of scheme data in relation to information-gathering powers
A data scheme entity is authorised to disclose scheme data held by the entity:
(a) to the Auditor-General, if the disclosure is required under the Auditor-General Act 1997 ; or
(b) to the Commonwealth Ombudsman, if the disclosure is requested or required under the Ombudsman Act 1976 ; or
(c) to the Information Commissioner, if the disclosure is required under the Freedom of Information Act 1982 or thePrivacy Act 1988 ; or
(d) to a court or tribunal of the Commonwealth or a State or Territory, or a Royal Commission (within the meaning of the Royal Commissions Act 1902 ), that orders or directs the disclosure.
Note 1: Except as authorised by this section, data scheme entities must not provide access to scheme data unless authorised to do so by Chapter 2 or by a direction under section 112.
Note 2: Section 23 (authorisations override other laws) applies only in relation to provision of access to data authorised by Chapter 2.
(239) Page 101 (after line 27), after clause 135, insert:
135A Data held by National Archives of Australia
Before the open access period
(1) Where public sector data is transferred by its data custodian to the National Archives of Australia before the start of the open access period (within the meaning of the Archive s Act 1983 ) in relation to the data, then, for the purposes of this Act and until the start of the open access period in relation to the data:
(a) the data custodian continues to be the data custodian of the data; and
(b) the National Archives of Australia is not a data custodian of the data.
(2) Subsection (1) has effect despite anything in the definition of data custodian in subsection 11(2).
Records in the open access period
(3) An authorisation in Chapter 2 does not apply in relation to sharing, collecting or using a record in the open access period, unless the sharing, collection or use is part of a project covered by a data sharing agreement registered before the start of the open access period.
Note: Records that are in the open access period may be accessed under the Archives Act 1983 .
(240) Clause 136, page 102 (line 17), at the end of paragraph (1)(d), add ", an Australian citizen or a permanent resident of Australia".
(241) Clause 136, page 102 (line 26), after "Australian entity", insert ", an Australian citizen or a permanent resident of Australia".
(242) Clause 136, page 103 (line 13), after "Australian entity", insert ", an Australian citizen or a permanent resident of Australia".
(243) Clause 137, page 104 (line 10) to page 106 (line 5), omit the clause, substitute:
137 Authorised officers and individuals authorised to do particular things
(1) An individual is an authorised officer of an entity if the individual is specified in paragraph (a) of the column headed "Individuals" in an item in the following table, or authorised under subsection (2), in relation to the entity.
Note: An individual may also be authorised under subsection (3) or (4) to do particular things. These individuals are authorised to do those things but are not auth orised officers .
Note: The expressions SES employee andacting SES employee are defined in theActs Interpretation Act 1901 .
(2) If an item of the table in subsection (1) refers to an individual (the authoriser ) authorising another individual under this subsection, the authoriser may, by written instrument, authorise the other individual to be an authorised officer for the purposes of the data sharing scheme.
Note: An individual authorised under this subsection is an authorised officer (see subsection (1)).
(3) If an item of the table in subsection (1) refers to an individual (the authoriser ) authorising another individual under this subsection, the authoriser may, by written instrument, authorise the other individual to enter into variations to data sharing agreements for the entity.
(4) If an item of the table in subsection (1) refers to an individual (the authoriser ) authorising another individual under this subsection, the authoriser may, by written instrument, authorise the other individual to do all of the following for the entity:
(a) enter into data sharing agreements;
(b) enter into variations to data sharing agreements;
(c) make decisions that subsection 16D(4) applies to a proposed integration of data and make the required records under subsection 16D(6).
(244) Page 106 (after line 5), after clause 137, insert:
137A Delegation by Minister
(1) The Minister may, in writing, delegate any or all of the Minister's powers under Part 5.2 to the Commissioner.
Note: Sections 34AA to 34A of the Acts Interpretation Act 1901 contain provisions relating to delegations.
(2) In exercising a delegated power, the Commissioner must comply with any written directions of the Minister.
(245) Clause 138, page 106 (line 22), after "public sector data", insert "from accredited users".
(246) Clause 138, page 106 (after line 24), after subparagraph (2)(d)(i), insert:
(ia) the number of such requests refused by data custodians where reasons for the refusal were not given within the time required by subsection 25(3);
(247) Clause 138, page 106 (after line 28), at the end of paragraph (2)(d), add:
(v) the number of complaints received by the Commissioner under Division 1 of Part 5.3 (scheme complaints);
(vi) the number of complaints received by the Commissioner under Division 2 of Part 5.3 (general complaints);
(vii) the number of complaints received by data custodians relating to the data sharing scheme or a data custodian's conduct in relation to the data sharing scheme;
(248) Clause 139, page 107 (line 16), after "Commissioner", insert ", or for or on behalf of the Minister in the Minister's capacity as an accreditation authority for an entity,".
(249) Clause 140, page 108 (line 3), after "performed by", insert "or on behalf of".
(250) Clause 142, page 108 (line 30) to page 109 (line 9), omit subclauses (2) and (3), substitute:
(2) A review must start by, and be completed within 12 months (or a longer period agreed by the Minister) of:
(a) the third anniversary of the commencement of this section; and
(b) the day that is 3 months after the commencement of any amendments of the Privacy Act 1988 that:
(i) are made in response to the review of that Act announced by the Attorney-General on 12 December 2019; and
(ii) in the Minister's opinion, are likely to have a material impact on the data sharing scheme.
(3) If subsection (2) would have the effect that a review must start before another review is completed:
(a) the reviews may be combined; and
(b) the combined review must be completed within 12 months (or a longer period agreed by the Minister) of the day the latest of the reviews was required to start.
(251) Page 109 (after line 15), at the end of Part 6.5, add:
143 Sunset of the data sharing scheme
(1) Subject to this section, this Act ceases to have effect at the end of the day (the sunset day ) that is the fifth anniversary of the commencement of this section.
Note: Section 7 of the Acts Interpretation Act 1901 (effect of repeal or amendment of Act) applies in relation to this section.
(2) Despite subsection (1), regulations may be made under section 134 for the purposes of subsection (3) of this section at any time during the period starting 12 months before the sunset day and ending immediately before the first anniversary of the sunset day.
(3) The regulations may, for the purposes of ensuring that scheme data is appropriately dealt with, prescribe matters of a transitional nature relating to this Act ceasing to have effect under subsection (1), including:
(a) prescribing any saving or application provisions; and
(b) the matters set out in subsections (4) to (7).
(4) The regulations may provide that certain provisions of this Act continue to apply, or to apply in a modified way, after the sunset day, for the purposes set out in the regulations. Those provisions continue to apply, or continue to apply in the modified way, as set out in the regulations.
Note: For example, the regulations may continue in existence the Commissioner and the Council.
(5) The regulations may empower the Commissioner to give a data scheme entity, or an entity that was a data scheme entity before the sunset day, a written direction requiring the entity to take, or not to take, specified actions in order to ensure that scheme data is appropriately dealt with in connection with this Act ceasing to have effect.
(6) The regulations may create offences or civil penalties for failure to comply with a direction mentioned in subsection (5).
(7) The regulations may prescribe:
(a) penalties, not exceeding 50 penalty units for individuals and entities other than bodies corporate or 250 penalty units for bodies corporate, for offences against the regulations; and
(b) civil penalties, not exceeding 300 penalty units for individuals and entities other than bodies corporate or 1,500 penalty units for bodies corporate, for contraventions of the regulations.
(8) Regulations made for the purposes of subsection (3) of this section must not have the effect of allowing data to be shared under section 13 (authorisation for data custodian to share public sector data) after the sunset day.
(9) All legislative instruments made under this Act (including regulations made for the purposes of subsection (3) of this section) are repealed on the first anniversary of the sunset day.
That this bill be now read a third time.
Data Availability and Transparency (Consequential Amendments) Bill 2020
That this bill be now read a third time.
Offshore Petroleum (Laminaria and Corallina Decommissioning Cost Recovery Levy) Bill 2021
… an inadequate capability and capacity to support and sustain a protracted response resulting in short and long term biological, ecological and social harm in the event of an uncontrolled hydrocarbon release.
…failure to maintain the oil spill response arrangements provided for by the current TSA would result in an immediate and significant threat to the environment.
That this bill be now read a third time.
Treasury Laws Amendment (Laminaria and Corallina Decommissioning Cost Recovery Levy) Bill 2021
That this bill be now read a third time.
Veterans’ Affairs Legislation Amendment (Enhanced Family Support) Bill 2022
That this bill be now read a third time.
Treasury Laws Amendment (Enhancing Tax Integrity and Supporting Business Investment) Bill 2022
Income Tax Amendment (Labour Mobility Program) Bill 2022
In public hospitals across Australia, patients can get band-aids, bandages, painkillers, or incontinence aids, but not sanitary items when they need them. Through the #PadUpPublicHealth campaign, Share the Dignity has listened to thousands of harrowing stories from Australian's who have not had access to period products while in hospital. Some have been forced to bleed through their hospital gowns. Others have had to use unsuitable alternatives like dressings or adult nappies. While some hospitals do provide period products, it is not mandatory for them to do so. When provision is managed at an individual hospital level, availability can be limited, and patients have relied on the kindness of doctors, nurses and staff who give pads of their own. Menstruation is not a choice, and women, girls and those who menstruate should not have to worry about how they manage their period at any point, especially when they are sick and vulnerable. Pads should be free and easily accessible in all hospitals for patients who need them.
We therefore ask the House to implement a Federal policy mandating the provision of free pads, upon request, to all patients being cared for in public hospitals nationally. Women's and girls' ability to safely manage their menstrual hygiene is associated with basic human rights including non-discrimination, access to education and participation in public and professional life. This policy is therefore in line with global movements acknowledging menstrual hygiene as a fundamental human right and a critical link in achieving gender equality.
The DEPUTY SPEAKER ( Mr Goodenough ) took the chair at 10:00.
She exemplified the courage and creativity that we all say we want from candidates for public office but on all sides we too often shun both, favouring useful idiots, obedient nudniks and bland time-servers.
In the fell clutch of circumstance
I have not winced nor cried aloud.
Under the bludgeonings of chance
My head is bloody, but unbowed.
Who can find a virtuous woman? For her price is far above rubies.
She opens her mouth with wisdom and on her tongue is the law of kindness.
In this parliament, we must proudly make the case for Australian exceptionalism. Australia is not exceptional because we have been divinely mandated, or because of some inherent quality unasked and unearned; Australia is exceptional precisely because generations of Australians have made hard choices and hard sacrifices.
I come here to represent everyday Australian people: the working Australians, the families, the students, the hospital cleaners, the retail workers, the mortgage holders, the renters, the mums and dads, the 4 am shift workers, the nurses, the police, the firefighters and the factory workers.
I will never forget the call I got from a mother of four, a union member whose supervisor had unilaterally imposed a roster change without notice. She was sobbing in despair; she could barely get the words out. English was not her first language, but the agony and the desperation in her voice did not need words. The change in roster meant she would no longer be able to pick up her kids. And if she could not hold down her job she would not be able to feed them. On the other end of the line, I did what union reps do all over the country every day: I listened, I reassured and I promised to use every bit of strength the union had to solve her problem. And we did.
Learn to do right; seek justice.
Defend the oppressed.
Take up the cause of the fatherless;
plead the case of the widow.
It is time to decide what kind of parliament we will be. Will we live down to the cynicism of the community about politicians, or will we show leadership in challenging days? It is time to decide what kind of party Labor will be. Will we be seduced by the glamour of narrow interest-group politics, or will we continue to fight for all Australians? It is time to decide what kind of country we are. Will we shirk the decisions that face us, or will we once again rise to the moment and choose what is hard, what is complex, what is right?
That further proceedings be conducted in the House.
Dr Cass today announced that the Government has decided to create a national park in the East Alligator River area of the Northern Territory. The park will be known as Kakadu National Park …
The parliamentary draftsman has been asked to draft two major pieces of environmental legislation for the current session, the Minister for the Environment, Dr Cass, said today. These were acts incorporating the environmental impact statement procedure and a truly national system of national parks.
The use of force by one country against another is the repudiation of the principles that every country has committed to uphold.
This applies to the present military offensive.
It is wrong.
It is against the Charter.
It is unacceptable.
But it is not irreversible.
All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State…