Consumer data right coming to the energy sector

9 September 2019
David Smith, Partner, Melbourne

The consumer data right (CDR) will provide consumers the right to access specific data in relation to them held by businesses, and to authorise access to this data by trusted and accredited third parties. The aim of the CDR is to provide consumers with more control over their data, which would give consumers more agency regarding with whom they transact, and provide consumers with more convenience in managing their services.

In our earlier article, we outlined the recent updates to the rollout of the CDR regime in Australia. The CDR rollout in the banking sector is well underway, with an exposure draft of the CDR rules for the banking sector released on 29 March 2019. The next phase will be the introduction of the CDR for the energy sector, with the telecommunications sector and potentially other sectors to follow.

The Australian Competition and Consumer Commission (ACCC) has released its position paper on the data access model to apply to the CDR for the energy sector.

The data access model governs how consumers are able to access data from data holders (for example, energy retailers or distributors). In the context of the implementation of the energy CDR, the data access model selected affects the development of the authorisation and authentication arrangements, technical standards, and allocation of liability arrangements.


Gateway model

After public consultation and assessment, the ACCC confirmed that its preferred data access model is the “gateway model” where the Australian Energy Market Operator (AEMO) provides a gateway function, acting as intermediary between data holders and accredited data recipients. A high-level overview of how the “gateway model” functions is as follows:

  1. A consumer consents to an accredited data recipient (ADR) (such as an energy retailer or distributor) obtaining their data.
  2. The ADR submits a request to AEMO to obtain access to the consumer’s data.
  3. AEMO identifies which data holder (such as another energy retailer or distributor, or AEMO itself) holds the relevant consumer data, and provides details of the access request to the relevant data holder.
  4. The data holder undergoes a process of authentication and authorisation with the consumer to confirm that the access request is genuine and properly authorised. If AEMO is the data holder (for example, if the access request relates to National Meter Identifier (NMI) standing data or National Electricity Market (NEM) interval metering data), then AEMO is required to complete the authentication and authorisation process for NMI standing data or NEM interval metering data directly with the consumer.
  5. If the access request is authenticated and authorised by the consumer, AEMO will share the consumer’s data the subject of the access request.

An illustration of the “gateway model” process can be viewed here.


ACCC assessment

In selecting the “gateway model”, the ACCC had regard to the following advantages:

  • due to AEMO’s existing market operator role, it already has systems and processes in place familiar to market participants, which would minimise delays or costs in the implementation of the energy CDR;
  • AEMO’s existing IT infrastructure is scalable, and flexible enough to facilitate the addition of new datasets, data holders, and ADRs over time and at the least cost;
  • the “gateway model” requires fewer data links and authentication processes compared to the other access models considered;
  • the “gateway model” leverages AEMO’s existing databases and minimises infrastructure requirements for data holders compared to the other access models considered; and
  • AEMO has the ability to add value to its role as ‘gatekeeper’ through standardisation of access requests in order to avoid the mismatch of data, and through assisting energy retailers to understand their obligations as data holders.

However, the ACCC did acknowledge that there are certain issues that will need to be addressed in the implementation of the “gateway model”. Particularly, there are certain reliability, security and privacy risks resulting from the pooling of personal information at a central point, AEMO, which could leave it vulnerable to attacks. Nonetheless, the ACCC notes that AEMO already processes a significant amount of personal information through its B2B e-Hub and it has developed significant IT capability to mitigate increased risk to reliability, security and privacy under the “gateway model”.


Next steps

The ACCC has indicated that it will seek public consultation regarding the most appropriate authorisation and authentication framework applicable to the “gateway model”, however no specific timeframe has been set down for this public consultation.

The ACCC also anticipates conducting public consultation regarding the CDR rules specific to the energy sector in the coming months.


Authored by:

Hazel McDwyer, Partner

David Smith, Partner

Raisa Blanco, Associate

This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.

Get in touch