A draft framework governing how personal information moves between Commonwealth agencies is now open for public comment, with submissions closing at the end of May.
The framework replaces a patchwork of bilateral arrangements — some dating back more than a decade — with a single consent and audit regime. Privacy advocates have cautiously welcomed the consolidation but say much depends on the detail.
The three sticking points
Three issues are expected to dominate submissions. First, the definition of "linked service delivery": critics argue it is broad enough to cover nearly any interaction between agencies. Second, the audit arrangements: the draft envisages self-certification by agencies, which privacy advocates have called "internally conflicted". Third, the complaint pathway, which currently routes back through the agency that handled the data rather than an independent reviewer.
The agency leading the consultation declined to comment on specifics, but a departmental spokesperson said "the framework is deliberately in draft form precisely so these kinds of questions can be tested publicly before anything is finalised."
Submissions close on 30 May and will be published in full, except where submitters request confidentiality.