The Productivity Commission’s proposed comprehensive consumer right to data

Share on twitter
Share on linkedin
Share on facebook

By Dr Drew Donnelly, Compliance Quarter.

Over the last couple of weeks we have asked the question ‘Is your business prepared for roll out of the Notifiable Data Breaches Scheme?’, we have also discussed the impact that recent changes to European Union (EU) privacy laws may have on businesses that hold information on EU citizens. Today, we look at a proposed change to data regulation in Australia that would see individual privacy playing a more muted role in a new comprehensive consumer right to data.

This right is proposed in the Productivity Commission’s Inquiry Report into Data Availability and Use. For the full 658-page report see

Australia’s under-utilised resource

The Productivity Commission (The Commission) observes that Australia is behind other countries with similar governance arrangements (such as New Zealand and the United Kingdom) when it comes to utilising data. This, the commission suggests, applies equally in the case of public data (such as information-matching between government departments) and private data (such as consumer financial data held by banks). The Commission suggests a deep overhaul of data management is required if Australia is to arrest this trend. On page 12 of the Report the Commission describes the situation as follows:

“The legal and policy frameworks under which public and private sector data is collected, stored and used (or traded) in Australia are ad hoc and not contemporary. Privacy has carved out a space, but privacy is only one aspect of data use, and a defensive one at that.”

The cornerstone of the proposed regime would be new federal legislation containing:

  • A new comprehensive data right for consumers.
  • A new structure for data sharing and release. This structure would make access to and release of data more closely aligned with the risks associated with release of that data.

Today we look at the proposed comprehensive data right.

The Comprehensive Right


The new right would mean that consumer data would have to be provided to consumers on request, or to designated third parties. It would also mean a right to request edits or corrections of inaccurate data and to be informed of disclosure of data to third parties.


Note that this new right will not necessarily include ‘imputed data’ of the data holder. ‘Imputed data’ is data recorded about a person but not collected from them or considered to be identifiable. For example, this could include data held by a lender about the difficulty of an individual paying a debt in virtue of their age or marital status. As this data is created from the businesses own expertise and processes it could be considered property of the business. Inclusion of this data in consumer data will depend on industry-negotiated agreement.

The Commission acknowledges that a mandated requirement to provide consumer data could be costly for businesses, and in light of this, the Commission recommends that businesses be permitted to charge a fee for access to the data.

Related to this new comprehensive data right is a Commission recommendation that there be mandatory comprehensive credit reporting. This would require, for example, the sharing of a positive repayment history in an individual’s credit data.

Next steps

It must be emphasised that the Commission’s report simply provides recommendations. It will be up to the Government itself to determine whether any of them are adopted and implemented. The Federal Government has established a cross-portfolio taskforce to determine its response. Already, however, the Government has announced one change in line with the Commission’s recommendations. At the same time as Federal Budget 2017, the Government committed to legislating a comprehensive credit reporting regime if providers do not report at least 40 per cent of their data by the end of 2017.

More to explorer

notes on board

How to Manage Multiple Compliance Deadlines: A Case Study

Compliance managers in the energy sector are constantly juggling a large work load with competing deadlines. Managing time effectively is a core skill for compliance managers. In this article, we will present a hypothetical case study of a compliance manager in an energy retailer who has to juggle multiple compliance tasks and deadlines, and how they can use some strategies and tools to manage their workload and prioritise effectively. We will also share some insights and tips from Compliance Quarter,

laptop on table top

How to Avoid Compliance Risks by Effective Communication: A Case Study

Compliance managers in the energy sector face many challenges in ensuring that their businesses comply with the regulatory framework. One of the most common and frustrating situations is when their advice is ignored or overridden by senior management or other stakeholders, exposing the business to potential compliance risks and penalties. In this article, we will present a hypothetical case study of a compliance manager in an energy retailer who faced this scenario and how it affected the business outcomes. We

Contemporary design of multifamily living houses. Modern luxury apartments buildings.

Modernising Electricity Regulation: The AES Framework and Embedded Networks in Western Australia

Background The existing licensing framework overseeing the sale and supply of electricity in Western Australia (WA) has struggled to adapt to the rapid expansion of emerging and atypical electricity business models in recent years. To address this, in 2019, the then Minister for Energy commissioned Energy Policy WA to assess the regulatory framework in Western Australia. In 2020, Energy Policy WA initiated consultations on a proposed regulatory framework for various categories of ‘alternative electricity services’ called the Alternative Electricity Services

Leave a Reply

Your email address will not be published. Required fields are marked *