The consumer data right (CDR) will provide consumers the right to access specific data in relation to them held by businesses, and to authorise access to this data by trusted and accredited third parties. The aim of the CDR is to provide consumers with more control over their data, which would give consumers more agency regarding with whom they transact, and provide consumers with more convenience in managing their services.
In our earlier article, we outlined the recent updates to the rollout of the CDR regime in Australia. The CDR rollout in the banking sector is well underway, with an exposure draft of the CDR rules for the banking sector released on 29 March 2019. The next phase will be the introduction of the CDR for the energy sector, with the telecommunications sector and potentially other sectors to follow.
The Australian Competition and Consumer Commission (ACCC) has released its position paper on the data access model to apply to the CDR for the energy sector.
The data access model governs how consumers are able to access data from data holders (for example, energy retailers or distributors). In the context of the implementation of the energy CDR, the data access model selected affects the development of the authorisation and authentication arrangements, technical standards, and allocation of liability arrangements.
After public consultation and assessment, the ACCC confirmed that its preferred data access model is the “gateway model” where the Australian Energy Market Operator (AEMO) provides a gateway function, acting as intermediary between data holders and accredited data recipients. A high-level overview of how the “gateway model” functions is as follows:
An illustration of the “gateway model” process can be viewed here.
In selecting the “gateway model”, the ACCC had regard to the following advantages:
However, the ACCC did acknowledge that there are certain issues that will need to be addressed in the implementation of the “gateway model”. Particularly, there are certain reliability, security and privacy risks resulting from the pooling of personal information at a central point, AEMO, which could leave it vulnerable to attacks. Nonetheless, the ACCC notes that AEMO already processes a significant amount of personal information through its B2B e-Hub and it has developed significant IT capability to mitigate increased risk to reliability, security and privacy under the “gateway model”.
The ACCC has indicated that it will seek public consultation regarding the most appropriate authorisation and authentication framework applicable to the “gateway model”, however no specific timeframe has been set down for this public consultation.
The ACCC also anticipates conducting public consultation regarding the CDR rules specific to the energy sector in the coming months.
Hazel McDwyer, Partner
David Smith, Partner
Raisa Blanco, Associate