The government has indicated that later this year it will seek to pass additional legislation to modify Australia’s new data-sharing regime and introduce a ‘right to delete’ for consumers.
Legislation laying the basis for the ‘Consumer Data Right’ was passed yesterday by the Senate. The legislation will allow consumers and small businesses to request that a business that holds data relating to their use of its services transfer that data to a third party.
The government says this will make it easier for people to shift between service providers, as well as use third party services that can help them make more informed decisions about their spending. The CDR will be rolled out on a sector-by-sector basis, beginning with the introduction of an open banking regime.
The energy and telecommunications sectors are expected to be among the first wave of industries covered by the CDR.
The Treasury Laws Amendment (Consumer Data Right) Bill 2019 received bipartisan support, with Labor claiming it had secured a “breakthrough commitment” from the government to make changes to the CDR.
The CDR will involve regulation of organisations designated ‘data holders’ and ‘accredited data recipients’. The Australian Competition and Consumer Commission will draw up the rules setting out how the right will apply in different industries.
Proposed amendments tabled yesterday in the Senate but yet to voted on will require the rules implementing the new system for a particular sector to include provisions for CDR data held by a data recipient to be deleted on request from a consumer.
The CDR rules must “specify a requirement on an accredited data recipient to delete all or part of CDR data in response to a valid request by a CDR consumer for the CDR data to be deleted,” a proposed amendment states.
The amendment contains exceptions for cases where there are relevant court orders or the data relates to existing or anticipated legal proceedings and also anticipates other circumstances that may be included in CDR rules “in which an accredited data recipient may refuse to delete the data despite the requirement”.
“The circumstances in which this requirement is exercised will be established in the rules and may vary from industry to industry,” assistant minister for superannuation, financial services and financial technology Senator Jane Hume said yesterday.
Senator Jenny McAllister said that the bill “is not the last word by any means on consumer data rights and protections.”
“More will need to be done to ensure that Australians have control over their data and their privacy,” she said yesterday during debate on the CDR bill.
The right to delete “is a reform that has long been supported by consumer groups across Australia, and its passage in the next sitting period will be a great achievement,” said a statement issued by shadow assistant treasurer Stephen Jones.
Although Labor crowed about a victory for consumers, the party has a recent record of counting its legislative amendment chickens before they hatch: The party in December supported the government’s controversial ‘encryption’ legislation on the proviso that the Coalition would back a range of amendments to the new regime.
Those amendments to what one Labor MP described as “terrible laws” are yet to be considered by parliament after the party withdrew them to allow the legislation to be passed before parliament rose for 2018.