House debates

Wednesday, 30 March 2022


Data Availability and Transparency Bill 2020, Data Availability and Transparency (Consequential Amendments) Bill 2020; Second Reading

5:18 pm

Photo of Bill ShortenBill Shorten (Maribyrnong, Australian Labor Party, Shadow Minister for the National Disability Insurance Scheme) Share this | | Hansard source

I rise to speak on the Data Availability and Transparency Bill 2022 and the Data Availability and Transparency (Consequential Amendments) Bill 2022. In doing so, I move:

That all words after "That" be omitted with a view to substituting the following words:

"whilst not declining to give the bill a second reading, the House calls on the Government to:

(1) support the appointment of a Data Commissioner;

(2) immediately abolish the Average Staffing Level cap for the Digital Transformation Agency;

(3) reduce the scourge of contracting out by placing an annual limit on the number of consecutive fixed-term labour hire contracts an agency can issue for a role; and

(4) immediately finalise and publish the Digital Review—including information relating to current and forecast ICT expenditure and assets—conducted by the Digital Transformation Agency".

This bill is designed to facilitate controlled access to public sector data for specific purposes in the public interest through a legislative framework, and is in part a response to the Productivity Commission's inquiry into data availability and use. The three permitted purposes for sharing under the data sharing scheme are delivery of government services, informing government policies and programs, and research and development. Sitting over the top of the scheme is a data commissioner, who has the power to punish breaches.

The member for Fadden has previously described the aims of the bill, and I won't seek to speak further at length on them. I do acknowledge the member for Fadden and his office for listening to our sensible suggestions on this bill and working constructively with Labor to improve it from a bill that was riddled with problems to a bill we believe the people of Australia will accept. In short, legislatively speaking, Labor was presented with a Ford Edsel—with a lemon. We've switched the engines, we've beaten the panels and we've touched up the duco. With our improvements, well, if it's not a Maserati then at least it's a stolid Toyota Corolla. This process of improvement by negotiation has been possible because there is, with one or two notable exceptions, a rare willingness to work together as we get towards the end of the 46th Parliament. This willingness to work together, I submit, has been rare since about September 2013, and that rarity is a shame. I think it is a shame that it takes the ending of this parliament and potential defeat at the ballot box for this nine-year-old government to perhaps get off their seat and get serious about negotiating in a bipartisan way and legislating for the common good.

This bill is not the only recent bill that's benefited from the all-too-rare spirit of goodwill. Why have so many cabinet ministers waited so long for these legislative changes—changes to social security rules, changes to disability services, changes that will help older Australians? These are not major improvements we need in these areas, mind you; they're only minor improvements. But, as minor changes, there will nonetheless be improvements for the lives and convenience of our fellow Australians. So Labor won't play politics; we will support them. The question is: why? Why, at the eleventh hour, do cabinet ministers decide they want a small iota of progress? Is it that they can put their name to something if they lose the election and leave this place—that they have some legacy?

I think the government ministers are staring at the abyss of an uncertain election result. They're contemplating the long nights of the soul that will follow the days on the golf course of a post-parliamentary career. They're faced with the prospect of a long retirement and they're weighing their legacy. They're asking themselves: what was it all about and what did I actually achieve for ordinary Australians? At five minutes to midnight their chilly neoliberal hearts are thawing. Better late than never, but what a waste of governing.

There is a broader question: why has the government been run so politically dogmatically for the last number of years? It's not been a great decade of conservative leadership in this country during these Abbott-Turnbull-Morrison years, but the lack of centrism and the absence of bipartisan leadership has been particularly heightened under the current Prime Minister. People often comment about the Prime Minister's marketing background, but there is another part of his CV that explains a lot more about how, in the last few years, this country has endured being run for hourly political advantage. I speak, of course, of the Prime Minister's time as state director of the Liberal Party in New South Wales. There's a time for politicking—of course there is—but there's a time, such as a pandemic or a national emergency, to rise above and lead for the common good. Instead, we have the former party director's eye there, always like the Eye of Sauron, hovering above the cabinet table, above the coalition, above the premiers—Liberal and Labor—above the national cabinet table scrutinising the best possible advantage not for the nation but for the office holder himself. I do think that much more could have been advanced for Australia with a bipartisan spirit from the government. Alas, we can't turn back the clock of the last three years.

We have some members of this government who I think consider themselves quite adept techno-futurists—call them the Zuckerbergs of the public service. They look to Silicon Valley and they think, 'Why can't the Australian government be more like that?' with perhaps the particular minister boldly at the helm. They look at our information technology changes and they see no risk, only opportunity. This does a strange thing to traditional politics.

Conservatives often accuse parties of the Left and social democratic parties like Labor of wrongly thinking that the state can intervene and help in aspects of society. Parties of labour get accused of being naive about the competence and abilities of the state. At the most extreme, there are proclamations like that of the Treasurer's hero, Margaret Thatcher, that not only is the market better placed than the state to adjudicate most problems, but there's no such thing, even, as society. American Barstool conservative, the late PJ O'Rourke, put it a different way when he said, 'Giving extra power to government is like giving whiskey and car keys to teenage boys.'

But, when it comes to rapid IT advances and the changing of the rules that protect citizens, we find ourselves on our side of the aisle having to say to the more conservative side: 'Calm down, folks. Things can go wrong. The state doesn't always necessarily get these things right.' A perfect example of this in the previous term was robodebt. We should all be state-tech sceptics after robodebt. It's hard to believe in a government technological utopia after the technological dystopia that was robodebt. Let's call robodebt what it was: a cruel and illegal war on the poor, powered by an unhinged automated algorithm in which human oversight was completely removed.

Before the Eden-Monaro by-election, Labor announced our policy that, should we win government, we'll have a royal commission into how robodebt came to be so that these mistakes can never be repeated. Even after robodebt, Labor has been required to be the sensible interlocutor on behalf of the Australian people. And with this bill it is Labor—and I acknowledge my own office and the office of the shadow Attorney-General—who have interceded to remove its most dangerous tendencies and have introduced several much-needed legislative safety rails.

The Data Availability and Transparency Bill that was introduced to parliament in December 2020 was in Labor's view then deeply flawed. We did not have a problem with the underlying purpose of the bill, to the extent that it was aimed to establish a scheme for controlled access to public sector data for three limited purposes: delivery of government services, informing government policies and programs, and research and development. But the bill they proposed then was poorly designed, with all the bad trappings of something that had been through a rushed design process. The flaws are so many that I'll canvass only the major atrocities now.

First, the privacy protections were insufficient for data which ultimately is the Australian people's data, not the government's. The government is only a custodian of this information. Second, there was a lack of safeguards were this new system of data sharing to go wrong once it was put in place. Our third major problem was that the scope of the data sharing scheme was excessively broad, proposing opening public data to foreign, non-Australian organisations. Fourth, it was also excessive and highly problematic that such an untested new scheme was proposed to involve private corporations that would be able to apply for access to public data under the bill. And, fifth, the penalties for breaches of the scheme were insufficient.

These weren't all the problems; these were the major problems. So, as it was first proposed, the bill was a mess. It was riddled with conflicts and was too broad ranging, with insufficient safeguards. We were asked by the government who brought us the robodebt fiasco to rubberstamp a system that would potentially expose the data of Australian citizens to foreign corporations. Labor was unwilling to unleash such a dangerous scheme upon the Australian public. We refused to support it in the flawed form. So, for the good of the Australian people, the flawed bill went nowhere. Labor demanded a Senate inquiry, which threw the flaws of the proposed legislation and scheme into further stark relief. I want to thank Senator Tim Ayres, the late Senator Kimberley Kitching and Senator Marielle Smith for their work.

My office has spent more than a year consulting with stakeholders and with the government. To some extent the government has outsourced the job of consulting to the opposition. Anyway, it was not just we in Labor who had concerns about the original design; it was privacy groups, the Law Council and the Australian Medical Association, among others. We were busy behind the scenes throughout 2021 trying to salvage a workable data sharing scheme that also protects the interests of the public. I do want to thank the government and the member for Fadden's office for negotiating in good faith. Whether or not they did it out of pure political pragmatism, it's an okay result for the Australian public nonetheless. The initial risks of the scheme, the privacy concerns and misuse of data, have been mitigated by the concessions the government has given Labor during negotiations.

I believe that the most troubling aspects of the original bill have now been mitigated. The major improvements include that the lack of privacy protections and safeguards have been overcome, that the scope of the scheme extending for foreign organisations has been removed, that the scope of the scheme extending for the private sector has been removed, that a review of how the scheme is running is to be conducted in three years, and that there is a five-year sunset clause in the whole thing. Other improvements include the clear removal of compliance as a legitimate purpose under the scheme, the removal of conflicts in the role of the data commissioner, greater public transparency of the data sharing projects being approved, increased sanctions for the breaches of the rules, and an increased onus on the requirement to seek consent from data holders.

In its new form, the bill now essentially removes some of the barriers to data sharing between state and federal governments and Australian universities for specified purposes and with the approval of the data commissioner. It is now a scheme for data sharing with oversight and for specified purposes and it applies not to foreign entities or the private sector but to Australian governments, their departments and agencies, and the Australian university and research sector.

What is possible under this safer version of the scheme? Well, in the wake of a disaster such as a bushfire or a flood, where the government is trying to get emergency payments to people without documentation, a ruling by the data commissioner could, for instance, enable Centrelink offices to make an emergency disaster payment to a needy family that are not Centrelink clients, into their Medicare-linked bank account. At the moment such a thing is impossible due to rule constraints. That is the scope of the data sharing scheme in our government and universities. With this vast reduction in scope, many of Labor's concerns and the concerns of stakeholders are soothed. The AMA, for instance, was concerned that private health insurers might be able to get their hands on identifiable health data. With the removal of the private sector, that primary concern is addressed.

Labor has worked constructively and diligently. We've communicated our own concerns and the concerns of experts to the government. The result of these painstaking negotiations is a much more acceptable scheme. Our attitude was this: prove to the Australian public that this can work in the public sector before asking them to trust that the doors should be flung open to private multinational corporations.

I now wish to elaborate on why it's so important that leaders in government take a sensible approach to opening up public data sets to private multinational corporations, as was before Labor's intervention initially proposed. But let me say this: this is not an anti-business approach; it's an approach that is pro the rights of the individual. There are many excellent companies. The vast, vast, vast majority here and abroad do business every day in a highly ethical way. But when corporations choose to betray the public trust, things can go wrong very quickly. We would be foolish to ignore lessons from such incidents.

Those of us who remember the dawn of the internet have witnessed how the true nature of digital tech companies and what they do with users' data has become clearer over time. Free search engines, like Google, once seemed like a wonderful free service that was just part of the furniture of the internet. Free online meeting places, like Facebook, seemed the same. But, in 2022, the nature of these businesses is more starkly apparent. There are big companies that must find a way, any way, to drive profit. These are not benevolent charities. The commercial drive has intensified since companies have been floated and they have the pressure of stakeholders. Those carefree early internet days of using search engines and social media while believing it was there to serve you now seem perhaps naïve in retrospect.

The headlines and consequent stock market results that Facebook and Zuckerberg attract today are very different to those of nine years ago. We are aware now of how users' data can be harvested and manipulated and sold to third parties. There is a saying about the digital world: if you don't pay for the product, you are the product. Certainly companies like Facebook and Google make money from advertising, just as traditional media did for many golds. But the real corporate value for some of these companies, the real rivers of gold, are in the targeted, personalised advertising market and the data harvesting of their users.

Data, it is said, has now surpassed oil as the world's most valuable resource. In some ways, the tech titans of the 21st century are strikingly similar to the oil barons of the early 20th century: then, Rockefeller and Getty; now, Bezos and Zuckerberg—super powerful, quasi-monopolistic, utterly committed to their own interests. Like the oil barons, the tech titans pose a challenge to competition watchdogs and how they operate in a legal landscape that struggles to keep pace with their breakneck development. But the commodity in today's masters of industry trade is far more personal than oil; it's the private data of individuals. Some tech companies have never been very upfront about this shadier back end of their business.

Today, thanks to journalists, activists and documentaries like The Social Dilemma and The Great Hack, people know a bit more than they used to. But we should not be in any doubt; the highly sophisticated commodification of personal data is very new and challenging territory. Amongst other things, it creates a knowledge and power divide, a divide where the powerful have access to data and can exploit and manipulate the powerless whose data they possess and control. Societies around the world are in the experimental phase of seeing what happens when the private director is able to commodify very personal data. This is not just data around age and location that is being commodified. Your internet clicks and choices portray your outlook on many things. Your very outlook is being parcelled up and sold on. Private aspects of people's likes and dislikes, hopes and fears, their very personalities are being measured and commodified. It's the sort of power and access to personal information which was beyond the imagination of the great George Orwell of the 20th century. It's been a seismic change in society.

Some of the change, arguably, has been consensual. Generation Z would have a very different and much more relaxed notion of privacy and surveillance than the baby boomers. But a lot of it, perhaps, has crept up on people from the tech companies who've harvested the data of unaware targets. They've taken advantage of legislators and competition watchdogs lagging behind the speed of technological advancement, and, where laws have existed, sometimes they have simply been scoffed at at the prospect of them being able to be enforced against them. Sometimes we are like the fish at a trout farm, marvelling at all the free worms that we are being fed. But, eventually, a worm catcher contains a hook, and the fisher exerts their original purpose and reals in their catch.

The secret harvesting of personal data, to some extent, has been a passive activity. The burgers of Silicon Valley have been like observers who sit behind a one-way mirror. The real manipulation begins when, not knowing a lot about you, they start pulling your strings. The Cambridge Analytica scandal is a notorious example of this. The Cambridge Analytica saw Facebook allow a third-party app to take up the personal data of up to 87 million Facebook profiles and build a psychological profile of them, which British consulting firm, Cambridge Analytica, then used in a political campaign. The revelation of the scandal led to a fine for Facebook, led to Cambridge Analytica filing for bankruptcy, yet more statements by Mr Zuckerberg of regret and yet more pledges to do better. If you think this is just a version of politics as usual, it is worth considering the description by the Cambridge Analytica CEO of the hidden interference on behalf of one of the parties in the Trinidad election. He was recorded saying:

We went to the client and said, we only want to do one thing, we want to run a campaign where we target the youth—all youth, all the Blacks and all the Indians—and we try and increase apathy.

… … …

We came up with this campaign which was all about ‘Be part of the gang, do something cool, be part of a movement.'

… … …

Don't vote. Don't be involved in politics. It's like a sign of resistance against – not government, against politics. And voting. And very soon they're making their own YouTube videos. This is the prime minister’s house that's being graffitied! … It was carnage.

These were the people Facebook were in bed with, the ones who were sharing millions of views of data with the people who ran a covert campaign to enlist Afro Caribbean youth in what it pretended to be an authentic youth movement but what was secretly designed to manipulate them into surrendering their votes, which brings us to yet another Facebook scandal.

This time, Facebook turned 700,000 of its users into psychological laboratory rats to be poked and prodded without their awareness. While Facebook customers read their feeds and looked at photos of family and friends, cat videos, news headlines, technology big brother was there testing what would happen if their mindsets were messed with. Without warning, Facebook used data scientists to skew what hundreds of thousands of Facebook users saw when they logged onto the social media site. One group was given a feed featuring happy and positive content. The other was given feeds that skewed negative and featured sad content. At the end of the week-long involuntary experiment, emotional contagion was proven. The negative feed consumers went on to post negative words and content themselves and the positive, more positive content. It was the moment we moved from a world where the customer is always right to one where the customer is unwittingly subjected to a psychological vivisection. It does not take a huge leap of imagination to see big technology combining these manipulative techniques for advertising and commercial purposes.

We have standards around these things like not targeting alcohol advertising at children, but these laws seem like relics and antiquities if in the new media space we do not even know we are being manipulated for advertising purposes. How have we got to this point in the world, where so many in the world can be manipulated like marionettes? In some ways, we are the victims of our own success in the advancement of data technologies and, to some extent, our own over sharing and failure to protect our own privacy online. Facebook falls back on the fine print of its terms and conditions to justify these psychological operations, but I don't really think it passes the lounge room test, the kitchen test, the pub test—what have you. Experts are unconvinced by Facebook's argument there is any real consent on the part of its users. This is by no means a comprehensive timeline of the global digital experience and, of course, so much about our digital revolution has empowered and has delivered massive and fantastic change and improvement to the quality of peoples lives. But the examples I have used come from companies such as Facebook, now calling itself Meta, that originated in the US.

There are even greater threats and complications from platforms like TikTok, which is run by ByteDance out of China. These examples are representative of some of the ways our perception of the free internet is changing and we are becoming more aware and less naive. Digital consumers are, thankfully, increasingly aware of how their information is being commodified. They are increasingly aware that tech companies may promote corporate mottos 'don't be evil and do the right thing' but they don't always practice what they preach.

Ideally, governments around the world should have been ahead of these unsavoury developments. Ideally, we would have been pre-emptively, through regulation and negotiation, protecting citizens from the excesses of large profit-driven corporations. The world is starting to get there now, a little late perhaps, not helped by the blind faith that conservative neoliberal governments around the world have in the so-called invisible guiding hand of the market, but we are starting to get there.

Based on this potted version of the data story so far and where it can go wrong, there are few lessons we can learn. Data, unlike gold or oil, may seem intangible but it is a precious, sought-after commodity. We know that the lust for precious stones leads to the blood diamond industry. We know that shortages of sand needed for building is leading to criminal gang activity and mass environmental destruction. We need to change our mindset and recognise the same incentives and profit motives apply to the precious commodity of data. Firstly, people's data may not be being harvested and exploited at the point of a gun but it is still being harvested, manipulated and exploited. Secondly, legislators need to ensure they are keeping up with the ability of corporations to breach people's inherent rights to privacy, dignity and being free from manipulation. Thirdly, we should be reticent in trusting an unchecked private sector to handle people's data with an automatically guaranteed sense of ethics. Fourthly, we can trust governments much more than we can trust private corporations.

Australians may feel pretty cynical about their governments at the moment. I certainly don't blame them feeling that way about the current federal government. But at least they have the power and the ability to vote them out. We can't vote out Mark Zuckerberg. We need to ensure the government is being a competent gatekeeper, vigilantly protecting citizens' data rights against corporate raiders. The balance good governments must strike is between not being backward about harnessing the power of technological advances and not being naive about the need for effective oversight of the private sector's involvement in government services, which brings us back to our Data Availability and Transparency Bill.

Labor is in favour of modernising our public service, particularly when doing so can result in a better experience for individual Australians trying to access government services. Labor is in favour of using big data to make sure we can gain the benefits which are available in the provision of information by citizens to their government. But our modernising, progressive impetus must be balanced by the rights of individual Australians in their dealings with government. When it comes to public data, it must always be remembered this is people's data. It is not a thing owned by the government that can or should be commodified or sold to the highest bidder. The government is merely the custodian. We are merely the custodians of our citizens' information on trust. I think, sometimes, some government ministers are tech utopians who think the government should race to emulate the corporate world. But a Silicon Valley motto of 'move fast and break things', if ever appropriate, is particularly inappropriate in the context of obligations a government has to its citizens about their personal information. When tech utopians are given unbridled access to levers of government we can get disasters like robodebt and white elephants like the COVIDSafe app.

Following Labor's not insubstantial contribution, this bill strikes the right balance. It will be constantly up to the government of the day to ensure in practice this scheme is run correctly, that an appropriate person occupies the position of data commissioner and that there are not unwanted, unforeseen consequences. A phrase that was popularised after the American Revolution comes to mind: 'Eternal vigilance is the price of liberty.' Another relevant phrase is: 'You cannot legislate against stupidity.' It will be up to the government of the day to monitor the new scheme and ensure that in practice there are not abuses and breaches that don't go unpunished, but, most of all, that we uphold and continue to honour the public interest.

Photo of Sharon ClaydonSharon Claydon (Newcastle, Australian Labor Party) Share this | | Hansard source

Is the amendment seconded?

Photo of Josh WilsonJosh Wilson (Fremantle, Australian Labor Party, Shadow Assistant Minister for the Environment) Share this | | Hansard source

I second the amendment and reserve my right to speak.

5:43 pm

Photo of George ChristensenGeorge Christensen (Dawson, National Party) Share this | | Hansard source

It may surprise the member for Maribyrnong to know that I probably agreed with nearly 90 per cent of what he said there. We are in this brave new world where big data poses a grave threat to individual rights and privacy, and big data collected by government that is enjoined with big business is probably the scariest situation that I can imagine arise for privacy and for our freedoms. The one thing that I didn't agree with the member for Maribyrnong on was the words that this work had achieved the right balance. Sure, I acknowledge that there has been a lot of discussion between the government and the opposition on this bill, which has taken out of the original bill a lot of the problematic areas. There have been Senate inquiries that have looked into this bill that have taken out a lot of the problematic areas of the bill. But being better doesn't necessarily make it good.

There is a litmus test that we should have in this place when a bill comes before us: did any of your constituents ever email you about government sharing data with different departments or sharing data with state governments or sharing de-identified data with universities? Did anyone ever walk into your office and ask you, as an MP, to vote for this bill, or say that there was a problem they saw that necessitated this proposed act? Did anyone ever stop you in the street? Did anyone ever phone you or one of your staff members about it? I'd say by and large the answer for every single person who inhabits this chamber would be 'no' on this front.

So why are we doing it? Where does it come from? I've heard from the government and now the opposition the argument that, if there's a natural disaster, an extreme event, we can easily get payments to people. If they don't have the data that they need to present to get that payment, we can look at Medicare or we can look at something else and get their data for that purpose. But there's an old saying that hard cases make bad law. That is an extreme situation. Sure, it happens from time to time, but it's still an extreme situation. I don't know that we need to up-end our privacy provisions in this country for that extreme situation. I actually haven't heard another argument beyond that for this bill. I have not heard one. If one exists, I'd love to know. What I would really love to know is an argument that exists for this bill that is actually for the benefit of the people rather than the benefit of government.

Sure, as I said before, a lot of the problematic areas from how it was drafted originally have been knocked out of this bill through the process that it's gone through, but here are some questions. Apparently the data that's going to go to external organisations, which would be universities for research purposes, is going to be data that's de-identified. How is it going to be de-identified? Can it be re-identified? Is there the potential for that? I don't know.

I'm told the data that's going to go inter governmental, whether it's between Commonwealth government departments or the Commonwealth and states, is only going to be for the benefit of individuals, and that that data sharing cannot be used for anything that is investigative, punitive or for any other negative measure against a citizen. But what happens if it is? Sure, there might be a smack on the wrist for someone, but what happens if it is. What happens if it is used in that fashion? Is the Commonwealth going to suddenly drop all proceedings against someone because the data was used in a way that it shouldn't have been? I don't know. I hope that the answer would be that, yes, all proceedings against that individual would be dropped. But the fact is that we've got data sharing, so it could potentially happen. I'm very worried about this bill and the trajectory that we're going down. This bill now has bipartisan support. It doesn't have my support. It might have bipartisan support, but it does not have my support.

I fear that what's behind this is the digital identity push. I've got to tell my colleagues on all sides of this House: do not ever do that. Do not ever accept a national digital identity system in this nation. That will be the end, not the beginning, of privacy in this country. What it will be the beginning of is big government intruding into our lives far too much. I'm afraid that this legislation, having originally been crafted for the purpose of sharing data with private corporations, is also the beginning of something else. We can have all the protections in this bill right now, but 10 years down the track what's going to happen to those protections? Where is this going to lead? Are we going to have data sharing between big government and big corporations? I don't want to be part of that, and that's why I'm stating right now on the record that I do not support this bill.

5:49 pm

Photo of Ed HusicEd Husic (Chifley, Australian Labor Party, Shadow Minister for Industry and Innovation) Share this | | Hansard source

In rising to speak on the Data Availability and Transparency Bill 2020, I wanted to start from a different viewpoint, and that is to reflect on a few events that have occurred in the past 12 months, and it's in a way that you wouldn't necessarily assume would be attached to this bill. In the past 12 months, for the first time, artificial intelligence beat some of the best game players in the world at a video game called Gran Turismo—sport. The first time they attempted this was in July, and the human players won easily. But by October the tables had been turned and increasingly the human players found it very difficult to beat the AI. They noticed more and more that the artificial intelligence found ways to play that people hadn't thought about. This is not the first time this has happened. In fact, AI is starting to challenge the way we approach problems as humans and is starting to challenge the whole notion of reason and logic, the way we apply them, the way we get to answers and the way we find solutions. It's not the first time it's happened in games.

But it was also interesting that when AI was used to consider the development of new antibiotics it also came up with antibiotics that had been discovered in a way that most human researchers wouldn't have necessarily thought would be the way that you would develop that antibiotic and, in addition, simply crunched through the data, way quicker than any humans would have been able to do. That's where artificial intelligence is at, at the moment. But it is not only about the way people think about its ability to crunch data, particularly large datasets. But the way it's doing it, and the solutions it's coming up with—it's doing it in a way that we didn't think about.

There are a number of things that come out of that, most notably—and I will come to this later—the framework we put around the operation of AI. In the case of the antibiotics, there was a specific requirement that whatever the AI came up with could not be toxic for humans. So, frameworks are important. As AI starts to develop, it will increasingly be used—and it is being used. Everyone thinks it's a new development. It's taken about 50 years or so to get to this point. And computing power, neural networks—all the developments that have occurred in the past 10 to 15 years—have meant that AI is getting better and better and better.

Increasingly, governments are going to find that they will rely on artificial intelligence more and more. As Henry Kissinger points out—and over the break I read this book, which he wrote with Eric Schmidt, formerly of Google—as AI gets better, governments increasingly, when they decide to make decisions outside of an AI framework, will be asked—parliamentarians will find themselves being asked—'Well, why did you use AI instead of humans to make those decisions?' That likely is a scenario, plausibly, that will occur.

The thing about AI is that to get better and better and better it needs this thing called data. It needs to be able to possess that in increasing volumes and to be able to crunch it on a continual basis and to be able to apply it in particular ways. So, for us as parliamentarians, it is really important that we engage in this debate and think through not just to the darkest edges of the debate, which the mind will tend to wander to—and I understand that that's the way we will get to that point. But the fact of the matter is that if we don't use this and we decide to shut our minds to the notion of the use of AI and the availability of data to make that happen, then, sure, we can do that, but other countries will be using it, and other countries will apply it in ways to make their economies work better, to make their governments work smarter and to make their communities operate better.

So, that is going to be an important consideration for us—whether or not we do that now or leave it for others to do, while we get left behind. I don't think most Australians would want that. In a country where we have regularly been pointed out as being fast adopters of technology, I think in the broader public mind they get that technology does make our life easier and that they want to use it in ways that improve quality of life.

But I tell you what, it's taken a hell of a long time to get to this bill to look at the frameworks around how that data is used and shared. The Productivity Commission in 2016 brought down its report that talked about how we use data. There's a whole movement around open data and gov data. There have been a lot of people, like Pia Waugh, who've been here in times past when gov hacks have occurred. The movement aims to get access to data and to think about how to do things differently and improve the quality of living, not to just be attracted to the darker edges of this debate but to actually think about, with the data that has been collected, how we can apply it in a way that makes people's lives better. That movement has existed here for quite some time.

The Productivity Commission tried to think, 'How would we use data, and what frameworks could we put in place?' This came out ages ago. The first act that we got out of the coalition was not to think about the open data requirements and the way in which government could use this much more beneficially; their first thought was to come up with a consumer data right, to make a buck out of it, and provide a framework for banking that could take data that was currently being used in finance to then be used in that respect. I don't have a problem with that, but it's interesting that that was the priority of this government. I'll come to the CDR thing in the moment.

That happened in 2016. The first thing they did was CDR. The coalition promised before the last election that they would have this framework in place. We then got this bill in December 2020. And then the only point at which this gets debated is now.

If we pass this today, which I imagine we will—and I want to commend the member for Maribyrnong because he has applied deep thought to this. He has worked constructively, he has consulted, and he has secured improvements to this bill. But all that effort that the member for Maribyrnong undertook has gone to waste because this government has failed to get this bill debated in this House and then considered by the Senate. Guess what? The Senate, tomorrow: estimates. It's out. So, by the time this bill gets considered, it is highly unlikely it will pass. It will be two terms since we've had some sort of framework in place to manage this, which is just crazy, because this is stuff we do need to do. We do need to think, as the member for Maribyrnong has been pointing out, about those ethical considerations about how data's used. As much as we need to ensure that that data's available, that it is crunched through AI and that it is applied in beneficial ways, we do need to—as he has rightly pointed out—not think in a completely utopic way but just get the balance right. I think the best thing in this debate is not to be completely in a utopian frame of mind or a dystopian frame of mind but to just get the balance right.

Ellen Broad, in a really good book—and I encourage people to read this book—Made by Humans, makes the point that AI is not some magical thing that just applies on its own. It is shaped by people, and the decisions on its application are shaped by people. She also points out government's tendency. You can't always assume that government will use technology in a way that is always beneficial, because more often than not it will use technology in a way that sometimes runs counter to people's interests. We should always bear that in mind as well. That's why I think the member for Maribyrnong's interventions are important to inject that type of thinking. We do need to make sure that we don't have other robodebts, but we also need to make sure that, if we can speed up decision-making in automated ways and we've got the frameworks right, we do so and we have that data available.

For the people who suggest that this bill will open up all sorts of terrible consequences in the way that things will be used—I haven't heard a lot of those voices. I have spoken in times past about, for example, the way in which we set up the metadata framework many years ago and the way that was pushed through. I have been on this case about the way that data has been used, accessed or applied for quite some time. So it is interesting to see. We heard from one of the speakers just a few moments ago, who I don't think ever spoke up before. Maybe I'm wrong; I'm happy to stand corrected. They never spoke up on the way that metadata was used or the countless pieces of national security legislation that come through and access citizens' data all the time. I never heard those protections being championed by those opposite at all. Let's not forget the irony of some of those on the far Right who rail against data and the way it's being used while they mine data themselves for the sake of building their own political careers, movements or whatever.

I come back to the point that this government talks a big game on data, talks a big game on digital. I note the AIIA had recommended that the government set up AI ethics boards to create the guidelines and best practice for the use of artificial intelligence in government, to create ethical guidelines for the development and use of AI, to ensure that members across the APS and members from industry are involved in that setting up of standards and practice, and that an AI register of all current and future solutions that use AI or machine learning be established to allow for citizen transparency. These are all good things. The industry is thinking about it; the government is slow to act on it. I commend the AIIA for putting that stuff on the public record to get governments to think about the use of data because it will be important longer term.

For the government, it is always a shiny new bauble when it comes to them. It is the latest thing that they might get a great media headline out of and make themselves look like they are future-leaning but they never seem to deliver. It seems to be a common thread with this government, with the coalition to be always there for the announcement but never there for the delivery.

I referenced earlier the Consumer Data Right. I have had a number of complaints from industry about the way the consumer Data Right has been set up for finance—bear in mind it will go across to energy and telecoms at some point—and about the mismanagement of this process. I had one person in particular point out that the Consumer Data Right is progressing at lightning speed after a number of years of instability and iterative development. A person said to me that there is a sense amongst the market that the first sector has not been finished and now attention and resources have been redeployed to other areas. They emphasised banking is not finished yet. There has been no straight-through consent mechanism, no consumer dashboard, no monitoring of the health of the API ecosystem. The role of intermediaries, an afterthought, has not been tested or finalised. there is no unique identifier between different sectors to allow for cross-sectoral data sharing—that is, banking has a customer ID while energy has a premises identifier. There is literally no way for one sector to register an amendment of withdrawal of consent with another sector, which is a big issue, a massive issue. That is about making sure that consent is allowed and, when it is not, how things are managed post that.

The refusal to consider business data and personal data differently from a risk standing means 2.4 million SMEs will have their operations disrupted through zero MYOB and be no longer able to share data with apps that exist on their marketplaces. This point, which I think is relevant to this debate, is that the Data Availability and Transparency Bill and the CDR are literally incompatible in their current formats. There is no conceivable way that public data sets can mingle with CDR data which, to this person's view, is a tragedy due to the potential for used cases and global best practice. These rules are being developed as a priority over standards which is backwards. The most damning thing is that, weirdly, the Treasury is leading this, not the technical people nor the ministerial office—lots of duck shoving going on! What a surprise.

We on this side suggested that those opposite be careful and think this stuff through in the last term. We wanted to have the Senate involved through that whole process as the house of review but we had the Treasurer working with Senator Jane Hume to shut down any work on this and shut down the thinking around it. We need data availability to make sure that it is applied in a way that will work for the people. We need to ensure there is confidence in the way that occurs. What we don't need is a situation where the government is only out there for the sake of the headline, only there for the sake of the announcement, trying to gather a great photo opportunity and then not following through. If CDR is any example or sends us any signal about how this will operate under a coalition then we should be very concerned. It is important to get the frameworks right, as has been attempted by this bill. I wonder whether or not it will get through. But getting the final landing, making sure this works is even more important because, if we lose the confidence of people, we will ensure that we can't get our act together at a broader level.

6:04 pm

Photo of Andrew LeighAndrew Leigh (Fenner, Australian Labor Party, Shadow Assistant Minister for Treasury) Share this | | Hansard source

Fifty-five years ago, in 1967, Edward Gough Whitlam gave the budget reply speech. In that speech he said, 'One of the problems in discussing health policy in Australia is the lack of reliable official information.' Fifty-five years on, not as much has changed as we might have liked. As my co-author Philip Clarke, the director of the Health Economics Research Centre at Nuffield's Department of Population Health at Oxford University, notes, 'There is still great potential to learn more from using administrative data on improving health efficiency.' In Philip's paper—co-authored with Xinyang Hua, Guido Erreygers, John Chalmers and Tracey-Lea Laba, in Health Policywhen they used linked Medicare data, in the first year of life Medicare spending was actually regressive. Their paper notes that analysis of out-of-pocket expenditure could be much more detailed if there was better access to linked administrative data and suggests a number of important ways forward.

Yet the use of health data by researchers has been plagued by the incompetence of this government when it comes to releasing those data. An article in the University of Melbourne's magazine Pursuit in 2017, by Vanessa Teague, Chris Culnane and Ben Rubinstein, is titled 'The simple process of re-identifying patients in public health records'. It notes that in September 2016 the government put out an MBS/PBS sample dataset and the researchers found that the encryption of supplier IDs was easily reversed. They informed the department and the dataset was taken offline. Then in December 2016 the same researchers found that patients could be re-identified by using known information about the person to find their record. The researchers found unique records matching three current or former members of parliament and a number of other prominent Australians. They informed the department in December 2016 and, again, the dataset was taken down.

But rather than acknowledge the honesty of the cryptographers who made clear to the department the flaws in the encryption methodology, this government set about attacking those researchers—attacking the very researchers who'd noted the flaws in what the government put online. The then Attorney-General, George Brandis, announced plans to criminalise the act of re-identifying previously de-identified data, as though somehow it was alright for the government to put out a dataset in which individuals could be re-identified; they'd just make it a crime to do so. Fortunately, that legislation didn't pass, but the ongoing attacks on Vanessa Teague ultimately led to her having to quit the University of Melbourne.

There is great potential to be had from the careful use of big data. But we on this side of the House recognise the importance of maintaining strict privacy protections. Thanks to the work of the member for Maribyrnong, Bill Shorten, a number of troubling aspects of this bill have been removed or overcome, including overcoming the lack of privacy protections and safeguards, removing the scope of the scheme to extend to foreign organisations, removing the scope of the scheme to extend to the private sector, and introducing a three-year review and a five-year sunset clause. That reflects the strong views of those of us on this side of the House that big data can make a difference in improving people's lives but that it must be done with care and appropriate scrutiny.

That, of course, was the big flaw in the robodebt scandal, which had its genesis in the belief by those opposite that it was possible to simply use big data analytics to chase down welfare recipients who'd allegedly done the wrong thing. Robodebt was not the first time in which big data analytics had been used to detect fraud. What made it different was removing the human element from the system. As Cathy O’Neil’s terrific book Weapons of Math Destruction has made clear, algorithms can be dangerous. They can replicate existing biases in court sentencing processes. Algorithms, if misused in the assessment of teachers, can produce results which are more strongly driven by noise than signal. Indeed, the recent book by Daniel Kahneman, Olivier Sibony and Cass Sunstein, Noise: A Flaw in Human Judgment, has made clear that we need to be very careful about the use of big data in a way that allows noise to dominate signal.

We have, in public policy, too many examples of algorithms in big data being misused. And, yet, when they're used right, they can be incredibly helpful. Georgia State University is currently using predictive analytics to spot students in danger of dropping out, not just looking at their overall GPA but their scores in particular classes. They have increased their four-year graduation rate as a result. We have seen careful work being done by Raj Chetty and his co-authors, including Nathaniel Hendren and John Friedman, in using big data analytics to look at mobility across the United States—for example, noting that your chances of going from the bottom fifth to the top fifth of the income distribution are three times greater in San Jose, California than they are if you grow up in Charlotte, North Carolina. A similar analysis by Sarah Merchant using tax records covering almost the entire US population from 1989 to 2015 has discovered that the income gap between blacks and whites persists for generations and is driven entirely by differences in wages and employment between black and white men rather than women, and found that it's smaller for black boys who grow up in neighbourhoods with lower poverty rates.

In New Zealand, the Integrated Data Infrastructure has found that the probability of moving from low pay to high pay is not as high when the analysis is done using detailed monthly income records as when carried out using patchy surveys. New Zealand has also used its Integrated Data Infrastructure to analyse the potential spread of COVID and to identify those areas that are most at risk. So, we do need to make sure, as Martin Kurzweil has pointed out, that ‘algorithm is not destiny’, that it's important that human judgement is never removed from the process. But, if we do that and we're careful about our use of big data, there is great potential for government to partner with academic institutions in order to improve lives for all Australians and to better fulfil that goal that Gough Whitlam laid out in his budget reply speech of 1967.

6:13 pm

Photo of Daniel MulinoDaniel Mulino (Fraser, Australian Labor Party) Share this | | Hansard source

This bill, the Data Availability and Transparency Bill, is designed to facilitate the controlled access to public sector data for specific purposes in the public interest through a legislative framework. That's a rather anodyne statement and potentially one that many would find unobjectionable, but it's also one with potentially significant implications for people's everyday lives, both positive and negative. And that's why this bill is important and that's why, more importantly, it's so important that this government and future governments move in a sensible direction when it comes to government's use of data. This is part of this government's belated response to the Productivity Commission's inquiry into data availability and use.

As earlier speakers on this side have alluded to, there is a significant potential upside if governments can better use data. There are many examples, which I won't run through exhaustively, but one example is new services—qualitatively different services to ones that we're currently seeing. An obvious example of that is on-demand buses, which can make a real difference in people's lives, particularly in regional and outer suburban areas. Another one is individualised services, which can make a huge difference in the efficiency and effectiveness of services like health care and other areas of service delivery, such as aged care and the NDIS.

Another example is the more accurate and efficient use of scarce government resources, particularly natural resources—and this is something explicitly alluded to in this bill—after natural resources. I want to refer very briefly to something that I worked on a long time ago, when I was a state MP, which was a series of bus routes options for a school for children with autism. The use of data in relation to their travel preferences and the optimisation of routes led to a more than 50 per cent reduction in travel time, plus the removal of any need for children to change buses, which had been extremely stressful. That required the use of data in relation to when people wanted to travel, but it was done in such a way that all of the data was protected and it led to a significant improvement in outcomes. So I am not a complete utopian, but I definitely see the potential for a significant upside.

But I do want to talk explicitly about some of the potential downsides, and all of the previous speakers on this side have referred to that. The member for Maribyrnong went through quite a number of them. The use of algorithms is particularly dangerous. It can lead, quite often, to perverse, unexpected and unintended outcomes. One example is the fracturing of people's access to media and information, for example on social media platforms. Another one is algorithms that just get wrong outcomes, and robodebt is a good example of that, although it's a very, very tragic one in terms of its real-life impacts. Another obvious risk is privacy, which a number of speakers have alluded to. That is clearly something which governments will have to be vigilant about in the future. Another risk is outright manipulation, and, again, other speakers have alluded to this. Facebook is an example of where certain political campaigns, or other people or entities trying to change people's views in a range of ways, have manipulated people in ways that are often quite dangerous. So there are clearly pros and cons. The member for Maribyrnong outlined a number of them, and the member for Chifley spoke about the fact that we need to achieve a balance in this area.

This bill is a step forward. It is clearly a belated one, given how long ago it was that the Productivity Commission handed down its report and, as earlier speakers have indicated, given the low likelihood of it even passing. Some troubling aspects of the original bill have been removed, such as the lack of privacy protections and safeguards. The scope of the scheme extending to foreign organisations has been removed, and the scope of the scheme extending to the private sector has been removed. So this bill is a far better bill than was originally proposed, but there is clearly so much more to do. I'm one of the members on this side who would see this as a journey that we are just starting. This is going to be an area of opportunity for government, but it is going to be an area where we have to remain ever vigilant, given the potential for unexpected and very dangerous outcomes.

The 2017 Productivity Commission report, which led to the government's response and to which this bill is a response, did talk about the importance of creating a new right that enables both opportunities for active data use by consumers and fundamental reform of Australian's competition policy, but it also talked about the need for a structure for data sharing and release that is a risk based and that allows for arrangements to be dialled up and down according to different risks. I think that is a very important aspect of any arrangements.

As I said, this bill is a first step in the journey. I've seen firsthand how the smart and careful use of data by government can lead to better outcomes, but we do need to be constantly ensuring that whatever protections are in place are state of the art, fit for purpose and appropriately risk rated, and it is only in that way that we should proceed with expanding the use of data by government.

6:19 pm

Photo of Craig KellyCraig Kelly (Hughes, United Australia Party) Share this | | Hansard source

I rise to speak on the Data Availability and Transparency Bill 2020. I cannot support this bill. The balance between the risk to privacy and the potential benefits is just not there. If we go through the explanatory memorandum of the bill, it notes:

… The Bill establishes a new data sharing scheme which will serve as a pathway and regulatory framework for sharing public sector data—

'Public sector data' means your data, Madam Deputy Speaker Claydon, and my data and the data of every other one of the 25-million-plus Australians—

'Sharing' involves providing controlled access to data, as distinct from open release to the public.

What that means is your data, which you as an individual may wish to keep private, can be given to others. As the minister noted, in his second reading speech:

This bill is about creating a scheme that will provide controlled access to data to trusted people and organisations.

Who are these trusted people who can be trusted with Australians' private data? Who are these trusted organisations who can be trusted with Australians' private data? In my mind, the risks of this clearly do not outweigh the potential benefits. We have seen what has happened over the last two years, where it is now the custom in this country to have to show your medical records to line up, to hire a car, to enter a restaurant. That has become common practice in this country. Medical records that should be your private information are no longer private in this country. We are going down a dark, authoritarian track towards a society of digital identity, and I cannot stand and support this legislation.

When I came to this place for the very first time, I signed up to the principles that the Liberal Party believes in. The very first sentence was:

We believe:

In the inalienable rights and freedoms of all peoples; and we—

that is, the Liberal Party—

work towards a lean government that minimises interference in our daily lives.

Allowing trusted people and so-called trusted organisations to access the private data of Australian citizens is not what I signed up for when I first came to this parliament, and I cannot support this bill.

6:23 pm

Photo of Stuart RobertStuart Robert (Fadden, Liberal Party, Minister for Employment, Workforce, Skills, Small and Family Business) Share this | | Hansard source

I thank all those who have contributed to the debate. I especially thank the member for Maribyrnong for his constructive leadership and his support. It has been quite a pleasure to work with him. I also thank Deborah Anton, the Interim National Data Commissioner up until 2021. I thank Gayle Milnes, the National Data Commissioner Designate, for her work. I thank Kelly Wood, Susan Calvert, Paul Menzies-McVey and the ONDC team for their hard work and professionalism. I thank the senior CIOs of government—Chris Fechner, Charles McHardie, and Ramez from the ATO—for all of their work as well.

The Data Availability and Transparency Bill establishes a new scheme for sharing Australian government data. Underpinned by strong safeguards and simplified efficient processes, the scheme lays the groundwork for world-class data-driven government services that will benefit all Australians. This is critical legislation to advance our collective vision for Australia to become a leading digital economy and data-driven society by 2030. The legislation acts on commitments made by the government in response to the 2017 Productivity Commission inquiry into data availability and use. The Australian government demonstrated the benefits of data sharing in response to the COVID pandemic, establishing pathways for sharing critical data to save lives and livelihoods.

The Parliamentary Joint Committee on Human Rights, the Senate Scrutiny of Bills Committee and the Senate Finance and Public Administration Legislation Committee all made recommendations for amendments. The government has carefully considered these recommendations and the dissenting report tabled by the Labor Party senators on the Senate Finance and Public Administration Legislation Committee. I thank all of those who've been involved in this, including the member for Isaacs, for their constructive engagement. This has necessarily been a detailed and considered process. Following these consultations, the government will now move a series of amendments with bipartisan support to clarify and enhance privacy protections and introduce additional safeguards in relation to national security concerns.

Amongst other things, the amendments will clarify that the scheme will not extend to the private sector during its initial establishment. The bill now provides for a review three years after the scheme's commencement, in addition to a review three months after the commencement of any amendments to privacy law which would have a material impact on the scheme. Reviews of the scheme will help ensure that it is operating as intended and remains relevant and adaptable to evolving technology and public expectation, and they will provide an opportunity to consider refinement or expansion in the future.

The government would also like to thank the Senate Finance and Public Administration Legislation Committee for its detailed consideration of the bill package and take this opportunity to formally respond to the three recommendations made by the committee. The committee's first recommendation was that assurances be provided to parliament about appropriate ongoing oversight by security agencies of data-sharing agreements and potential security risks. The government supports this recommendation and moves an amendment to ensure that data-sharing agreements take effect only once registered by the commissioner rather than upon party signature. This change mitigates potential risks by allowing the commissioner to work with relevant security agencies to identify agreements which may pose security risks or not comply with the Data Availability and Transparency scheme prior to any sharing occurring. In addition, foreign entities are not able to become accredited, which means that data cannot be shared with a foreign entity under the scheme.

Also related to national security, the committee's second recommendation was that findings of the Parliamentary Joint Committee on Intelligence and Security's inquiry into national security risks affecting the Australian higher education and research sector be taken into account when developing data codes and guidance material for the scheme and inform continued engagement with the national security community. The government supports this recommendation and will respond to outcomes of the inquiry once the final report is released. The government also notes the recently released guidelines to counter foreign interference in the Australian university sector and will consider this guidance in relation to the scheme in addition to the outcomes of the inquiry.

The committee's final recommendation was that the government consider whether amendments could be made to the Data Availability and Transparency Bill or further clarification added to the EM to provide additional guidance regarding privacy protections, particularly in relation to the de-identification of personal data. The government supports this recommendation and moves amendments to strengthen the privacy protections in the bill. The privacy protections include minimising the sharing of personal information as far as possible without compromising the data-sharing purpose, prohibiting the re-identification of data that has been de-identified, prohibiting the storing or accessing of personal information outside of Australia, making it mandatory for accredited data service providers to undertake any complex data integration for projects to inform government policies and programs in research and development, and requiring express consent for the sharing of biometric data.

Furthermore, a data code will require consent to be current and specific and provide that an individual may withdraw consent at any time with retrospective effect. Additional privacy protections will also be imposed dependent upon the data-sharing purpose. Personal information will be able to be shared without consent for the delivery of government services where the individual concerned is receiving the service.

The Data Availability and Transparency Bill minimises the sharing of personal information for informing government policies and programs and for research and development by promoting de-identification of data. The amendments also respond to concerns raised by Australian Labor Party senators in their dissenting report by increasing penalties, clarifying that data cannot be shared for compliance purposes and ensuring that consideration is given to reviewing the data-sharing scheme if changes to the Privacy Act are implemented following the current review of that act.

This legislation takes a significant step forward towards data-driven innovation across the economy, a step towards a future where policy decisions are enriched by strong data and government services are simple, helpful, respectful and transparent. Australians can have enormous confidence that the new scheme is world-class and that data sharing is the safest and most effective it can be. I commend the bill to the House.

Photo of Sharon ClaydonSharon Claydon (Newcastle, Australian Labor Party) Share this | | Hansard source

The original question was that this bill be now read a second time. To this the honourable member for Maribyrnong has moved as an amendment that all words after 'That' be omitted with a view to substituting other words. The immediate question I put to the House is that the amendment be disagreed to.

Question agreed to.

The question now is that the bill be read a second time.

A division having been called and the bells having been rung—

As there are fewer than five members on the side for the noes for this division, I declare the question resolved in the affirmative in accordance with standing order 127. The names of those members who are in the minority will be recorded in the Votes and Proceedings.

Question agreed to, Mr Bandt, Mr Christensen, Mr Craig Kelly and Mr Wilkie voting no.

Bill read a second time.

Message from the Governor-General recommending appropriation announced.