Will Australia’s data protection authorities grow some teeth in 2019?


Long regarded by many as ‘toothless tigers’, 2019 could see Australian regulators wade more forcefully than before into the regulation and enforcement of privacy and data rights. While most are familiar with the OAIC’s role as Australia’s principle information privacy regulator, the Australian Competition and Consumer Commission (ACCC) looks ready to become increasingly involved in regulating data handling practices across a number of different sectors (as part of its consumer protection role). And regulatory action may flourish with greater political support following the scathing review of regulatory performance from the Banking Royal Commissioner, the MyHealthRecord mess and the ‘success’ of the notifiable data breach scheme.

The ACCC to Enter the Fray – The Consumer Data Right

The ACCC looks set to play a crucial role as the ‘lead regulator’ in the establishment and enforcement of a new Consumer Data Right (‘CDR’) for Australia. The CDR will open access to valuable datasets in designated sectors, starting with the banking, energy and telecommunications sectors. Customers will have a right to access ‘consumer data’ and a right to share that data with accredited third parties of their choice. For example, a banking customer could request to transfer their transaction records to a loan comparison service, or a FinTech which provides investment recommendations tailored to the customer’s financial circumstances.

The CDR is designed to increase consumers access to and use of their data, as well as making it easier for consumers to switch providers. It also seeks to break down the monopolisation of consumer activity datasets. Rather than incumbents such as the major banks holding exclusive access to their consumer customers’ data, those consumers and third parties (e.g. FinTechs) will be given the opportunity to leverage the analytical value of the shared data for the consumer’s own benefit…Click here to read full article.