Australia Finalizes Consumer Data Rights Rules

Written by: Chase Langhorne, Esq.

On November 26, 2017 Australia introduced the consumer data right (CDR) which was designed to give consumers greater control over their personal data. Since that time, Australians have been waiting for the Australian Competition and Consumer Commission (ACCC) to issue rules governing exactly how a consumer will be able to exercise their CDRs. On February 4, 2020 the ACCC finally issued those rules.

The rules are designed to allow a consumer to be able to switch between products and services more easily and promote competition. The rules provide consumers the ability to make “product data requests” and “consumer data requests” based on the type of data being requested. The product data request allows for consumers to request data related to products offered by the data holder (read: product or service provider). This type of request does not provide a consumer the ability to request data that relates to a particular, identifiable consumer. The consumer data request provides consumers the ability to request such particularly identifiable data.

Scope
The rules apply to banking, telecommunications, and energy companies for now. There is a phase-in timeline so that the rules will first apply to the banking and telecommunications industries, with the energy industry to follow.

Timeline
The rules were set to go into effect on February 1, 2020, but due to delays the earliest they will go into effect is July 1, 2020, possibly later.

Takeaway
What this means for businesses in Australia is that they will have to implement operational processes to handle these requests. This can be an operational nightmare if personal data is scattered across different systems that are not interconnected.

What this means for consumers is that they will have greater transparency and control over their personal data.