Labor thinks the right to delete is coming for Australia's CDR after winter break

But it also thought its amendments were going to be put into Australia's encryption Bill.
Written by Asha Barbaschow, Contributor

The federal opposition is hopeful that a commitment made by the government to amend legislation will be honoured, following Thursday's passage of the Treasury Laws Amendment (Consumer Data Right) Bill.

The Bill passed with no amendments, but Shadow Assistant Treasurer Stephen Jones said his party secured a "breakthrough commitment" from the government that would see the Consumer Data Right (CDR) gain the ability have consumer information deleted

This new legislation will give Australian consumers an "off switch" when it comes to data sharing, Jones explained in a statement.

Similar to a function under the General Data Protection Regulation (GDPR), the off switch would mean that a consumer will have the power to determine when a company should no longer hold their data.

See also: How Europe's GDPR will affect Australian organisations

According to Jones, the amendments to be tabled will require the Australian Competition and Consumer Commission (ACCC) to set out clear rules that require data recipients to delete data when they receive a valid request by a consumer.

The government has committed to moving an amendment after the winter break.

"This is a reform that has long been supported by consumer groups across Australia, and its passage in the next sitting period will be a great achievement," Jones said.

This isn't the first time that Labor's been promised amendments after a Bill is waved through. In December, when the federal government rammed through Australia's encryption laws, Labor lucked out on the amendments it had pinned its hopes on.

The CDR has been touted as opening up competition between banks, utilities, and telecommunications providers, as well as allowing consumers to easily switch between providers.

It will allow individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, in addition to gaining the right to control who can have it and who can use it.

The first sector to which the CDR will apply is finance, through an open banking regime. Under this mandate, due in February 2020, ANZ, the Commonwealth Bank, NAB, and Westpac will be required to give consumers greater access to the information they hold on consumers; and the power to require those banks to provide safe and secure access to that information to trusted third parties.

As banking is the first cab off the rank -- with three of the Big Four having already made access to generic product data for credit and debit cards, deposit accounts, and transaction accounts via an application programming interface (API) last month -- there were concerns raised throughout the brief consultation period that the legislation would not be overly applicable to industries other than banking.

Despite hearing concerns over the adequacy of the privacy safeguards the CDR, the rushed nature of the Bill, the distinct banking focus it will have, and whether the outcome of the CDR will serve organisations more than it will consumers, the Senate Economics Legislation Committee on March 21 recommended that it be passed.

"At the very least, it will improve on current arrangements; and it has the potential to protect and empower consumers and drive competition and innovation," the committee wrote at the time. "The committee particularly welcomes the endorsement of the Bill from innovative high technology companies."

In justifying its reasoning behind allowing the sole recommendation of the Bill be passed, the committee said provisions such as the rules-making facility under the Bill would offer the possibility to address problems as they arise.


Editorial standards