The interim national data commissioner has defended data-sharing laws before parliament that will make it easier for third parties to access personal information.
Critics warn the proposed bill should be clearer in its expectations about data security, given rising cyber attacks and the lure of interlinked datasets for lucrative identify theft.
The proposed data availability and transparency bill will let federal government agencies share information with trusted third parties and researchers, including private data about individuals' relationships and finances.
Interim commissioner Deborah Anton conceded the nation's data trove was of interest to others, including foreign governments, but said the bill was about making effective public policy and raising standards across the public service.
"There are both increased benefits and increased risks," Ms Anton told a parliamentary committee hearing in Canberra on Tuesday.
Parliamentary committee deputy chair and Labor senator Tim Ayres said the laws had been drafted by "true believers" in data sharing for better policy outcomes.
"That works fine until there's a breach," he said.
Information from large data holders such as the Australian Bureau of Statistics and the national agency for information and statistics on health and welfare would be "largely de-identified", the committee heard.
But NSW Council of Civil Liberties member Jonathan Gadir wants data to be de-identified and exclude personal information.
He also recommended a public interest test and a no-harms standard be added to the bill.
Electronic Frontiers Australia board member Justin Warren raised Australia's track record of the robo-debt debacle, the botched Census of 2016, and a trail of cyber security breaches in government services.
The Morrison government is working on expanding the scheme to public sector data held by state and territory governments, raising the stakes for privacy and legal experts.
"It's not good enough to have good intent," Mr Warren told the hearing.
"We have to have systems to deal with bad intent and bad outcomes."
Dr Bruce Baer Arnold, vice chair of the Australian Privacy Foundation, was concerned one of the architects of the bill was robo-debt proponent, federal minister Stuart Robert.
The bill should be rejected in line with the Senate's function to protect against an "overreaching executive", Dr Baer Arnold said.
Lucie Krahulcova, executive director at Digital Rights Watch, said the bill seemed to glaze over the right of the individuals to give informed consent any number of times during their lifetimes.
But the Law Council of Australia's privacy law committee chair Olga Ganopolsky said the bill "is salvageable".
The "purpose test" in the bill dictates the data can only be shared for informing policy and programs and research and development.
All data use must be set out in data-sharing agreements, which will be made available on a website.
There are penalties for breaching the rules, including criminal penalties for "reckless breaches".
Ms Anton said the bill would create a scheme to allow and control data sharing "for the right reasons, with the right people", overseen by an independent data commissioner.
She said the data custodian could say no.
"There is no duty to share."
Patterns and details of movement captured by the COVIDSafe app cannot be shared, the committee heard.
Electoral roll data and My Health records are also outside the scope of the proposed bill.
Australian Associated Press
