On 1 May the Australian Government announced
an investment of A$65 million over the next four years to reform the Australian
data system and introduce a range of reform measures to implement the
Productivity Commission’s recommendations on data availability and use.
will focus on three key areas, namely a new Consumer Data Right, establishment
of a National Data Commissioner and new legislative and governance arrangements.
These reforms are expected to help
empower Australians, governments, industries and researchers to use and share
data, while maintaining the strict privacy, security and transparency
safeguards essential to maintain trust in the system.
Creation of a new
Consumer Data Right
The Productivity Commission recommended the Australian
Government introduce a Consumer Data Right to improve consumer control over the
data which businesses hold about consumers' use of products and services.
Providing consumers better access to this data, and the
ability to direct data be transferred to data recipients, would make it easier
for them to find a better deal and share their information only with parties
they trust. For example, consumers could share their data with trusted service
providers or with comparison services to investigate other service offerings. This
in turn is expected to drive greater competition between businesses to attract
new customers and encourage new business models to unlock the value of consumer
In November 2017, the Australian Government announced
that it will a national Consumer Data Right, allowing customers
open access to their banking, energy, phone and internet transactions. In
February 2018, the Australian Government Treasury released a
review report into Open Banking in Australia. Open Banking will be the first
implementation of the Consumer Data Right.
The Consumer Data Right will be designed to ensure strong
privacy protections and security safeguards. Government and industry will
develop appropriate data standards for the protection, access and transfer of
To ensure appropriate oversight and regulation of the
Consumer Data Right, the Office of the Australian Information Commissioner and
the Australian Competition and Consumer Commission will have separate but
complementary enforcement roles and there will be robust information sharing
arrangements between the two.
The Office of the Australian Information Commissioner will
have primary responsibility for individual consumer complaints, and the
Australian Competition and Consumer Commission will focus on ensuring the
system as a whole operates as intended, including supporting competition and
good consumer outcomes. Consumers will be able to direct complaints to a single
contact point, run by the OAIC, who will handle complaints using a 'no wrong
The Consumer Data Right will be introduced primarily through
changes to the Competition and Consumer Act 2010. The Treasurer
will lead implementation of the Consumer Data Right.
Establishment of a
National Data Commissioner
The Productivity Commission recommended establishing a new
statutory role with a supporting office, to take responsibility for a reformed
national data system.
The Australian Government will establish a position to be
called the National Data Commissioner and will introduce a new data sharing and
release framework. The National Data Commissioner will be the trusted
overseer of the public data system.
The Commissioner will provide a consistent and well-defined
approach to data management, including proactively managing risks, dealing with
complaints and monitoring the integrity of the data sharing and release
framework. This would increase community trust and confidence in the way
government manages and uses its data.
The Australian Bureau of Statistics will provide technical
guidance and support to the National Data Commissioner, while a new National
Data Advisory Council will advise the National Data Commissioner on ethical
data use, technical best practice, and industry and international developments.
implementing new legislative and governance arrangements
The Productivity Commission recommended a legislative
pathway to modernise Australia’s regulatory framework governing data
availability and use.
The Australian Government will introduce laws underpinning a
new system for data sharing and release in Australia.
The legislation will establish institutional and governance
arrangements including Accredited Data Authorities and a trusted user framework
to facilitate better sharing of data. The legislative package will set clear
rules and expectations for data sharing and release, including making clear
when data can be shared, and embedding strong safeguards for sensitive data and
effective risk management practices.
In 2009, Australia’s National Statistical Service instituted
an administrative process to accredit agencies to serve as 'Integrating
Authorities' for data being brought together to create more valuable,
statistical and research datasets. The Government plans to enact similar
governance arrangements for Accredited Data Authorities in a data sharing and
release legislative package.
Accredited Data Authorities will engage with data custodians
and users will work together to implement a trusted user framework along the
lines of the Five
Safes model developed in the United Kingdom. Data sharing agreements
between data custodians, Accredited Data Authorities and data users will be a
key part of the governance framework. These agreements will articulate risk
management processes to effectively assess and manage the risks associated with
sharing and release of data for which they are responsible. However,,
accountability for the risks of sharing and releasing data will remain with
The Productivity Commission noted that in some cases,
secrecy provisions in existing laws could unreasonably hinder data sharing and
release for matters of public interest. The Government has responded that the data
sharing and release legislative package will provide a robust authorisation
process, balancing the operation of secrecy provisions with data sharing and
release for public interest purposes. The new legislation will not affect
existing protections applying to particularly sensitive data, such as national
security and law enforcement data.