ACCC tasked with drawing up new open banking rules

It will be the role of the Australian Competition and Consumer Commission to determine how a new consumer data right (CDR) will apply to a particular sector of the economy, under draft legislation released today by the government.

It will be the role of the Australian Competition and Consumer Commission to determine how a new consumer data right (CDR) will apply to a particular sector of the economy, under draft legislation released today by the government.

The CDR will allow consumers to get access to data held by businesses and share it with third parties, potentially making it easier to compare products or shift to a new service provider.

The government last year said it would legislate a new CDR as part of its response to the Productivity Commission’s data inquiry.

The CDR will “empower customers to use their data for their own benefit,” a statement released by Treasurer Scott Morrison said.

“Customers will determine which data is shared, on what terms and with whom. The Consumer Data Right is a right for customers and not for those who wish to access or use a customer’s data.”

The introduction of an open banking regime for Australia is the initial focus of the CDR.

The legislation “will arm Australians with the right information they need to seek better deals on banking products and loans, with further sectors such as energy and telecommunications services to be added over time,” Morrison said.

The government today released an exposure draft of the Treasury Laws Amendment (Consumer Data Right) Bill 2018, which sets out how the CDR will function.

The new framework will have three categories of participant: Consumers, data holders, and accredited data recipients.

The legislation also allows for the designation of a data standards body that will support a data standards chair in setting standards for the format and process by which CDR data needs to be provided to a consumer. Initially, the CSIRO’s Data61 will be the designated data standards body.

The ACCC and the Office of the Australian Information Commissioner will be the key regulators of the new system; the former will be tasked with overseeing the system from a competition and consumer perspective, while the latter will be tasked with handling privacy-related complaints.

Under the bill, the minister will be able to designate sectors of the economy that the CDR will apply to (though the ACCC can make recommendations). As part of that process he or she will be required to consider the likely effect on consumers, market efficiency, the privacy of individuals and businesses, competition, the promotion of data-driven innovation as well as the likely regulatory impact.

It will be up to the ACCC, in consultation with the OAIC, to determine how the CDR applies to a particular sector, drawing up rules covering a range of matters, including the disclosure, use, accuracy, storage, security, or deletion of data, the accreditation of data recipients, and reporting and record keeping.

Data recipients may have different levels of accreditation, under the legislation. The minister has the power to appoint the data recipient accreditor—initially at least, the ACCC will have the role.

In some circumstances, a consumer will be able to direct that data is provided to a non-accredited entity. An explanatory document released by the government states: “Data that has been derived from CDR data, such as financial reports compiled from transaction data, may also be transferred by a CDR consumer out of the CDR system. For example, to their accountant.”

As part of the creation of the new data-sharing framework, a new series of privacy safeguards will be created—each equivalent, but the government says more onerous than the Australian Privacy Principles. The exception is APP 12 (access to personal information), for which the government said the CDR as a whole is the equivalent.

The privacy safeguards represent the minimum protections for CDR data, with the ACCC able to set additional privacy rules on a sector-by-sector basis.

In his statement, Morrison said, “The government is committed to ensuring that high levels of privacy protection and information security for customer data is embedded in the new regulatory framework. This bill delivers enhanced protections, backed by well-resourced regulators with strong powers.”

The government is conducting a consultation on the exposure draft until 7 September.

Copyright © 2018 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon