The Government released the Productivity Commission’s final report into Data Availability and Use last week. The report urges Australia to participate in the ‘global phenomenon’ of the data economy, and puts all organisations on notice that they will need to prepare for the opportunities and challenges this may bring.
The report proposes a complete overhaul of the legal and policy frameworks under which public and private sector data is collected, stored, used and traded. The Productivity Commission (PC) is recommending an ambitious timeline, with reform by Government to commence immediately, and a new data Framework to be implemented by the end of 2018.
The recommended new and broad-reaching data Framework has two key elements:
1. Creation of a new ‘Comprehensive Right’ for consumers and SMEs
The Comprehensive Right affords individuals and small and medium sized businesses with a right to their digital data, such that they are able to trade in and use their digital data. Under the proposed Comprehensive Right, a consumer can request a machine-readable copy of their digital data, as well as direct an organisation to provide a machine-readable copy of their digital data to any third party (including competitors).
According to the report, the data subject to this new Comprehensive Right must be sufficient to generate a competitive offer for a consumer from another provider. That is, the data that an organisation would be required to share with other third parties when requested by a consumer, must include the data held on an individual or SME “that a competing or complementary service provider would themselves need, and reasonably expect to obtain, in seeking to provide a competitive offering.”
Under the proposed Comprehensive Right, consumers in effect have a ‘joint right’ with organisations over their consumer data. In addition, organisations would also be required to disclose the third parties with which an organisation trades, or otherwise discloses, consumer data. Organisations will not be required to advise consumers on every occasion, but they will need to provide an easily accessible list of parties they have shared data with over the past 12 months.
2. A structure for data sharing and release
To implement its proposed new data Framework, the Productivity Commission proposed the introduction of a new Data Sharing and Release Act. The new Act will establish the Comprehensive Right for consumers and would sit alongside the Privacy Act, but importantly, would extend to data that is not covered by the Privacy Act.
The Data Sharing and Release Act would also establish a new regime to facilitate data sharing and release. The regime will include the creation of a National Data Custodian (NDC), a suite of Accredited Release Authorities, and National Interest Datasets. The NDC will have responsibility for, and oversight of the national data system. Its main functions will include accrediting and auditing ‘Accredited Release Authorities’; accepting nominations for National Interest Datasets and assessing their public interest merits before referring the nominations to a Parliamentary Committee for public scrutiny, be responsible for public reporting and complains handling, and guiding data de-identification processes and establishing best practice guidance for risk management and secure storage and access processes.
Whilst the Productivity Commission is unwavering in its belief that “marginal changes to existing structures and legislation will not suffice,” it is at least showing some appetite for industry self-regulation in determining the technological approach to data sharing and the scope of the data subject to the Comprehensive Right – with oversight and approval by the Australian Competition and Consumer Commission (ACCC).
The recommended reforms, according to the PC Report, “are aimed at moving from a system based on risk aversion and avoidance, to one based on transparency and confidence in data processes, treating data as an asset and not as a threat.”
Of course, this idea is not novel or ground-breaking in industry. Many organisations have for a long time treated data as an asset, which is evident in the significant investment organisations make in their technology infrastructure to support their data-practices and security.
The Productivity Commission is correct in its observation that “against the background of an ocean of personal data that is already public there is now, and will be in the future, a need for continued community acceptance and trust in the handling of personal data by both governments and business.”
However, Data Governance Australia (DGA) remains sceptical that the best way to foster this is through a legislative and regulatory framework. Self-regulation is the right approach in the era of rapid transformation, as the introduction of laws and regulations run the risk of stifling innovation and creating a regime that is not flexible enough to respond to the significant rate of change in technology and data-practices.
DGA is committed to creating and maintaining standards for data collection and use, setting benchmarks and enabling our members to drive innovation.
The Productivity Commission’s final report into Data Availability and Use is wide-ranging with radical recommendations and DGA will continue to engage at the highest levels of government to the benefit of members and consumers.
Becoming a member of DGA is the best way to ensure your company’s voice is heard as an integral part of the discussion. See www.datagovernanceaus.com.au for details on how to become a member of DGA.