Australian Productivity Commission (PC) chair Peter Harris has floated a number of ideas to increase transparency around the use of consumer data in a speech at the International Institute of Communications Telecommunication and Media Forum delivered on Wednesday.
Among the ideas put forward by Harris was forcing companies to detail the other organisations that they are sharing customer data with, and punish them if they fail to meet this obligation.
"A list of parties who have had access to a firm's consumer data holdings should be published on its website every 12 months, or perhaps even more often than that," Harris said. "It should be an offence for that list to be misleading or deceptive."
The PC is looking at data as being a joint asset, Harris said, and consumers should know not only what data is collected, but who it is being shared with.
"This must apply regardless of whether you are a passive supplier of data or an active consumer using it, just as you would with any other property in which you had a shared right," he said.
"Yet we did not want consumers and firms burdened with email after email listing a new commercial relationship."
On the overlap between Europe's General Data Protection Regulation (GDPR) and Australia's Consumer Data Right, Harris said Australian firms would not be keen to see any duplication between the requirements, but it would be "quite plausible" to have the GDPR for monitoring and consent, and Australian Consumer Data Right allowing consumers to treat their data as a tradeable asset.
"The key thing will be to define well enough what is a consumer data holding; and to clarify primacy in areas where there may be cross-over," Harris said.
"I can see that as we come to implement our own new data rights, there is a good chance that the EU concepts could be influential in issues where there are no ready guides."
Harris said viewing data as an asset should not conflict with privacy.
"If the model of joint control of the asset is given full consideration, it may provide a better foundation for setting standards that protect consumers than will privacy rules as currently practiced.
"Privacy is for us just one facet of the diamond called data. Polishing only that one facet will not reveal the true value of this, the 21st century's great new renewable resource."
The Productivity Commission released its Data Availability and Use report in May last year, calling for the establishment of a National Data Custodian to oversee a Data Sharing and Release Act, but also said Australians would not be able to opt out of data collection.
The commission cited responses to its draft report that argued it would be too difficult to implement an opt-out right for consumers as the reason it walked back on one of its draft recommendations.
"Across the spectrum, submissions argued that there would be a need for various exceptions and qualifications to such a right, to the point that we can no longer in good faith suggest that this is applicable comprehensively," the commission said.
The commission stated it was possible for the market to respond to customer demand and offer services that did not collect information on them.
In the latest federal Budget, the government announced it would fund the creation of the Consumer Data Right, a new data sharing framework, and the Open Banking Regime, as well as appointing a National Data Commissioner.
The Consumer Data Right has been given AU$44.6 million in funding over four years, with the right commencing across the telecommunications, banking, and energy sectors before being applied to the entire economy "eventually".
"Data-driven competition and innovation will grow the economy, creating high-value jobs," the government said at the time.
"Improvements are also being made to how the government handles and uses the data it collects to deliver better services and outcomes for Australians, whilst protecting information security.
"A National Data Commissioner will implement and oversee a simpler, safer, and more efficient government data use framework. The National Data Commissioner will be the trusted overseer of the government data system, responsible for proactively monitoring the integrity of the system and engaging with the community."
Of the assigned funding, AU$20.2 million will be spent on the Australian Competition and Consumer Commission (ACCC) determining the costs and benefits of designating sectors to be subject to the right, and developing and implementing the rules to govern the right and the content of data standards; AU$12.9 million to the Office of the Australian Information Commissioner (OAIC) to assess privacy impacts and ensure consistency of rules with the Privacy Act; and AU$11.5 million for the Commonwealth Scientific and Industrial Research Organisation (CSIRO) for its role as data standards setter.
Australia's big four banks will be forced to make banking data available to consumers from the start of the 2020 financial year.
GDPR: A cheat sheet (TechRepublic)
Enforcement of the EU General Data Protection Regulation (GDPR) goes into effect May 25, 2018, and will apply to any company that transacts with European Union citizens. Here's your GDPR go-to guide.
Microsoft says the privacy rules it's introduced to meet the EU's new GDPR law will apply to users globally.
Australia will be appointing a National Data Commissioner as the government announces funding for its Consumer Data Right and a new framework for data sharing, as well as the Open Banking regime.
Andrew Stevens has been named as the new 'independent chair' of the Consumer Data Right's Data Standards Body.
All major banks will need to make data available on credit and debit card, deposit, and transaction accounts by July 1, 2019, after the federal government accepted the recommendations made by a Review into Open Banking.