Review of the Data Availability and Transparency Act: Progress or paralysis

• Introduction
• Initial consultation
• The draft report
• Next steps
• Conclusion

Introduction

This article was co-authored with Kirk Boladeras.

The Data Availability and Transparency Act 2022 (Cth) (Act) aims to unlock value in public sector data for the benefit of Australians.

We wrote about the Act when it was first introduced in April 2022. The Act was created out of a recognition that effective use of public sector data can secure better outcomes in the public interest through greater productivity and efficiency. The Act sets up a regulated data sharing scheme (DATA scheme), which authorises Commonwealth bodies to provide controlled access to public sector data to accredited users (being accredited state and federal government entities and public Australian universities) for specific purposes.

The Act is currently under review (as required by the Act), led by Dr Stephen King and supported by the Department of Finance (Review). The Review will in essence determine if the DATA scheme has delivered on its promise, or whether it has been paralysed by procedural and complexity challenges. The Review could well result in significant changes to the existing DATA scheme, that may simplify and broaden the scope of its application.

The Review may affect three broad groups:

• existing participants (i.e. Australian Government agencies, State and Territory Government agencies, and Universities) should actively consider how the Review is likely to impact existing processes, arrangements, and procedures;
• organisations that are currently eligible for accreditation but are not yet accredited. This group should monitor the outcomes of the Review, as accreditation may become less cumbersome with the benefits of participation starting to outweigh the costs; and
• organisations that are not currently eligible for accreditation (such as Aboriginal Controlled-Community Organisations (ACCOs), not for profits, primary health networks, and aged care providers). This group should also monitor the outcome, as these organisations may become eligible to participate for the first time following the Review.

Since the commencement of the Act, we have seen:

• the establishment of the Office of the National Data Commissioner (Commissioner) to regulate the DATA scheme, which now has approximately 40 permanent staff;
• implementation of the accreditation framework - as of 1 July 2025, approximately 37 entities are accredited to participate in the DATA scheme, including 17 Commonwealth entities, 10 State & Territory entities, and 10 Universities;
• only eight data sharing agreements entered into (and all of these relate to the delivery of the national disability data asset);
• the Commissioner make two data codes under section 126 of the Act; and
• the Commissioner develop a digital platform (Dataplace, featuring the Australian Government Data Catalogue), providing education, guidance and advice to promote best practice data handling and use.

Initial consultation

The Government released an issues paper for the Review in April 2025. The terms of reference (on pg 3 of the issues paper) require the Review to consider:

• whether the Act supports improved public sector data availability and transparency, including sharing public sector data in a controlled way;
• whether the operation of the Act has advanced its objectives;
• how does the operation of the Act compare and interact with other existing mechanisms for facilitating access to, and sharing and use of, public sector data;
• stakeholder satisfaction with the operation of the Act as a tool for reducing barriers and enabling effective access to, sharing and re-use of public sector data; and
• whether the Act should remain in force beyond its legislated sunset date in April 2027.

A total of 63 public submissions were received in response to the issues paper. There was a general recognition that the DATA scheme had established important foundations, but many submissions expressed concerns and suggested improvements. Three of the key themes across the submissions are set out below.

• the complexity of the Act and the corresponding administrative burden: Approximately 20 submitters raised this issue, seeking simplification of the DATA scheme. Universities in particular flagged the Act as being overly complex and administratively burdensome;
• limited scope for accreditation: Approximately 18 of the submissions raised this issue. Submitters want to see the DATA scheme expanded to not for profits, community organisations, and ACCOs to broaden the DATA scheme's reach and benefits. Submitters see the limited scope of the DATA scheme as a missed opportunity to foster broader collaboration and innovation; and
• Interoperability with existing frameworks (such as the Privacy Act 1988 (Cth) and Tertiary Education Quality and Standards Agency): Approximately 15 submissions raised this issue. The submissions focused on the need for clarification of potential overlaps and inconsistencies, to achieve certainty and confidence in the DATA scheme.

The draft report

Subsequently, in July 2025, a draft report was released, containing the Review's draft findings and recommendations (Report). The preliminary view expressed in the Report is, in essence, that the Act is not achieving its purpose, but that reform of the Act, which would be substantial, is preferable to allowing the Act to sunset. Consultation on the draft findings and recommendations in the Report closed in early August 2025, and submissions on the Report will be made public in due course.

The Report contained 11 draft findings. The key findings, in our view, can be summarised as:

• the Act has not achieved its objectives. The Act has not driven material additional sharing of public sector data, in part because of the complexity of the scheme creating a high barrier to participation;
• there is a role for the Act to play in making Commonwealth data more available, but substantial modifications are required. The Act should be stripped back to its essential elements - it needs to be simple and flexible;
• the Act is difficult to use because it is too complex, prescriptive and inflexible;
• the Commissioner is not adequately empowered to facilitate and encourage participation;
• the accreditation framework can be improved to make it more effective. Obtaining accreditation is resource intensive and one-size-fits-all;
• expanding eligibility for accreditation would support greater use of the scheme. For example, ACCOs, not for profits, and primary health networks could be included; and
• the current data sharing purposes authorised by the Act are appropriate but could be improved.

The Report also made 16 draft recommendations. The Review appears to support extending the DATA scheme beyond its sunset date, provided that the role of the scheme is clarified, and made simpler and more flexible. However, the Review also raised a focus question for further consultation as to whether it would be preferable for the Act to sunset and an entirely new framework be developed. The key recommendations, in our view, can be summarised as:

• the Act's data sharing authorisation framework should be simplified and its requirements streamlined to reduce complexity;
• the Act's settings should be more flexible and proportionate, clearer and more easily adaptable, and a recalibration of the privacy safeguards should be done in coordination with the Privacy Act reforms;
• to encourage uptake, the Commissioner's functions and powers should be reformed to focus on assurance, oversight, and facilitation (rather than enforcement) and other regulatory frameworks such as the Privacy Act relied on for enforcement and compliance;
• the Act should establish a permissions-basis accreditation model (rather than the current strict "user" and "data service provider" designations);
• the entities that can seek accreditation should be expanded to include ACCOs, not for profit research institutions, primary health networks, and not for profit service delivery organisations (including approved aged care providers); and
• the data sharing purposes should be expanded to include data curation and the creation of data assets.

Next steps

The next step will be the release (and presentation to the Minister) of the final report later in 2025. The Minister must then present the final report to both Houses of Parliament within 15 sitting days of receiving it. Assuming the government accepts the recommendations in the final report and the Act does not sunset, legislative amendments will be required.

Conclusion

Ultimately, the Review is a vital health check on a piece of legislation with profound implications for how Australia uses and shares its public sector data. The central question remains: will the Review lead to meaningful reforms that unlock the Act's full potential, or will the existing challenges persist, paralysing the scheme? In our view, if the Review's findings and recommendations are implemented, there is great potential for the Act to become a cornerstone of a data-driven future.

We will keep you updated. If you require assistance, please contact a member of the team below.