The Productivity Commission’s proposed comprehensive consumer right to data

Share on twitter
Share on linkedin
Share on facebook

By Dr Drew Donnelly, Compliance Quarter.

Over the last couple of weeks we have asked the question ‘Is your business prepared for roll out of the Notifiable Data Breaches Scheme?’, we have also discussed the impact that recent changes to European Union (EU) privacy laws may have on businesses that hold information on EU citizens. Today, we look at a proposed change to data regulation in Australia that would see individual privacy playing a more muted role in a new comprehensive consumer right to data.

This right is proposed in the Productivity Commission’s Inquiry Report into Data Availability and Use. For the full 658-page report see

Australia’s under-utilised resource

The Productivity Commission (The Commission) observes that Australia is behind other countries with similar governance arrangements (such as New Zealand and the United Kingdom) when it comes to utilising data. This, the commission suggests, applies equally in the case of public data (such as information-matching between government departments) and private data (such as consumer financial data held by banks). The Commission suggests a deep overhaul of data management is required if Australia is to arrest this trend. On page 12 of the Report the Commission describes the situation as follows:

“The legal and policy frameworks under which public and private sector data is collected, stored and used (or traded) in Australia are ad hoc and not contemporary. Privacy has carved out a space, but privacy is only one aspect of data use, and a defensive one at that.”

The cornerstone of the proposed regime would be new federal legislation containing:

  • A new comprehensive data right for consumers.
  • A new structure for data sharing and release. This structure would make access to and release of data more closely aligned with the risks associated with release of that data.

Today we look at the proposed comprehensive data right.

The Comprehensive Right


The new right would mean that consumer data would have to be provided to consumers on request, or to designated third parties. It would also mean a right to request edits or corrections of inaccurate data and to be informed of disclosure of data to third parties.


Note that this new right will not necessarily include ‘imputed data’ of the data holder. ‘Imputed data’ is data recorded about a person but not collected from them or considered to be identifiable. For example, this could include data held by a lender about the difficulty of an individual paying a debt in virtue of their age or marital status. As this data is created from the businesses own expertise and processes it could be considered property of the business. Inclusion of this data in consumer data will depend on industry-negotiated agreement.

The Commission acknowledges that a mandated requirement to provide consumer data could be costly for businesses, and in light of this, the Commission recommends that businesses be permitted to charge a fee for access to the data.

Related to this new comprehensive data right is a Commission recommendation that there be mandatory comprehensive credit reporting. This would require, for example, the sharing of a positive repayment history in an individual’s credit data.

Next steps

It must be emphasised that the Commission’s report simply provides recommendations. It will be up to the Government itself to determine whether any of them are adopted and implemented. The Federal Government has established a cross-portfolio taskforce to determine its response. Already, however, the Government has announced one change in line with the Commission’s recommendations. At the same time as Federal Budget 2017, the Government committed to legislating a comprehensive credit reporting regime if providers do not report at least 40 per cent of their data by the end of 2017.

More to explorer

Autumn leaves falling with copy space on black background

Avoiding Compliance Atrophy: The Critical Role of Assurance Reviews for Growing Energy Retailers

As energy retailers expand their customer base and operations, ensuring ongoing compliance with regulatory obligations can become increasingly challenging. A key risk is “compliance atrophy” – where initially compliant documents, processes and systems slowly deteriorate and waste away over time if not regularly monitored and reviewed. What is compliance atrophy? Compliance atrophy is typically a result of documents, processes and systems being ‘updated’ or ‘reworded’ to reflect changes in focus for the business and input from other stakeholders including marketing

person holding debit card

AER payment difficulty framework review

The Australian Energy Regulator (AER) is conducting a review of the consumer protections available under the National Energy Customer Framework (NECF) for those experiencing payment difficulties. On 14 May 2024, the AER released an issues paper for consultation. The review is driven by the commitment in Action 8 of the ‘Towards Energy Equity’ strategy in which the AER committed to considering whether improvements could be made to the NECF to ensure that consumers experiencing payment difficulties are identified early, engaged

Technicians installing photovoltaic solar panels on roof of house.

Compliance Quarter’s Submission to the AER’s Review of the Compliance Procedures and Guidelines

On 11 April 2024, Compliance Quarter put forward its submission on proposed changes to the AER Compliance Procedures and Guidelines. The AER is reviewing its Compliance procedures and guidelines, which set out the manner and form in which energy businesses in jurisdictions that have adopted the National Energy Retail Law must submit compliance information and data to the AER. We argue that there should be consideration of measures to incentivise early reporting of potential breaches. These may, for example, take the

Leave a Reply

Your email address will not be published. Required fields are marked *