Consumer Data Right Draft Rules
The submission to the Australian Competition and Consumer Commission’s (ACCC) consultation on the Consumer Data Right (CDR) draft rules in the banking sector (CDR draft rules) was prepared by the Law Council.
The Law Council has previously provided a submission to the Senate Standing Committee on Economics on the Treasury Laws Amendment (Consumer Data Right) Bill 2019 (the Bill). The Law Council notes that the Bill lapsed when the Federal Parliament prorogued with the announcement of the Federal Election on 11 April 2019.
The Law Council has also provided submissions on the draft Privacy Impact Statement for the CDR Rules in February 2019, on the Working Draft of the Consumer Data Standards in November 2018 and on the CDR Rules Framework in October 2018.
Generally, the Law Council supports the objects of these reforms to allow for greater access for consumers to their data. However, the Law Council holds concerns about the short timeframe within which it is proposed to finalise the CDR draft rules, with aspects of Opening Banking intended to be available from 1 July 2019. In addition, the Law Council notes that some of the necessary detail about the CDR draft rules will be clarified further in ‘Data standards’ which have not yet been made publicly available for public consultation. This difficulty is particularly acute in the absence of enabling legislation envisaged by the now lapsed Bill. There is no guarantee that the legislation will be so enacted on or before 1 July 2019.
The Law Council notes that there are significant privacy implications arising from these concerns and would urge reasonable consultation on all aspects of the reform prior to it being rolled out.
In this submission, the Law Council makes observations with respect to the CDR draft rules regarding:
(a) the clarity of terms and offences;
(b) valid requests and consents;
(c) disclosure as to ‘use’ of consumer data;
(d) the impact on consumers refusing consent to data being used for some purposes;
(e) the storage of data; and
(f) anonymity and data breaches.
You can read the full submission below.