Australia mulls over new Consumer Data Right legislation

Australia mulls over new Consumer Data Right legislation
As Europe prepares for sweeping reforms in data privacy and security through the General Data Protection Regulation (GDPR), equally important laws may be on the cards for Australia. Shashank Venkat presents details of the proposed Consumer Data Right legislation

As the world hurtles towards becoming a data economy, governments across the world are recognising the importance of data privacy and security. The Australian government recently announced details of the Consumer Data Right, a new piece of legislation which will give consumers open access to their personal data. The Consumer Data Right (CDR), to be introduced in 2018, will initially cover data from the telecommunications, banking and energy sectors before gradually moving on to other industries.

The origins of the CDR can be found in the Productivity Commission’s recommendations for data reform, published earlier this year. The new legislation will essentially allow consumers to ‘own’ their data, stemming from usage and transactions. Under the new regime, service providers will have to present the information in a digital format to their customers, who can also ask for their data to be transferred to third parties. The legislation is intended to give consumers greater flexibility and control while comparing offers and services, as well as access cheaper products and switch between different service providers more easily.

In a lot of ways, the CDR mirrors the General Data Protection Regulation (GDPR) in Europe. For instance, data portability and the ability to provide customer data in an electronic form, are critical components of GDPR as well. Though GDPR is more comprehensive and contains a broader set of provisions, including strict fines, compared with CDR. Details of the latter are still being worked out and we will get complete clarity only next year, when the legislation will be introduced. While we await the finer details, it can’t be stressed enough that the CDR is indeed a vital first step towards data transparency down under.

The telecoms industry, which is one of the first sectors to be covered by the open data regime, is not too enthused by the announcement. According to reports, the Australian telecommunications body - Communications Alliance - has called for greater clarity over the CDR. A big bone of contention is the category of data sets covered by the new legislation. Representatives argue that covering all sorts of data sets under the regime will increase the costs of compliance needlessly. They have also stated that consumers already get access to a lot of billing information and have the option of switching providers through mobile number portability. The industry body thinks that this new legislation will lead to a lot of confusion in the long run.

Earlier this year, the Donald Trump administration came under a lot of fire for its repeal of internet privacy rules in the US. Interestingly, the US seems to be treading a completely different path on data privacy compared with Europe and Australia. However, the alarming number of cybersecurity breaches coupled with the rise in the Internet of Things (IoT) calls for a greater effort towards data protection and regulation. In light of this, Europe’s GDPR and Australia’s CDR seem more par for the course. What do you think? 

Icons made by Eucalyp from is licensed by CC 3.0 BY