Published on the 14/05/2020 | Written by Jonathan Cotton
ACCC says it intends to speak softly and carry a big stick…
Companies failing to meet the standards of the Australia’s Consumer Data Right project – nationwide competition and consumer reform aimed at cracking open siloed company data in key industries – could face court action now that a new enforcement policy has been revealed.
Announced in 2018, Australia’s data portability reform is designed to improve consumers’ ability to compare and switch between products and services and to encourage competition between service providers. Improved access to their data, so the logic goes, will help consumers find cheaper services and will promote transparency and innovation.
“With this important reform comes significant and serious safeguards.”
‘‘The Consumer Data Right is an important reform that will give consumers greater access to and control over their data,” ACCC Commissioner Sarah Court says “With this important reform comes significant and serious safeguards.”
Now that the compliance and enforcement policy for the Consumer Data Right has been released by the Australian Information Commissioner (OAIC) and the ACCC – central rule-maker, consumer educator and enforcer of the scheme – it’s apparent that organisations who fail to comply with the spirit of the reform could face actions ranging from infringement notices to accreditation revocation to court proceedings.
For the ACCC, it’s a case of speaking softly and carrying a big stick. In the first instance, action might be as mild as an official request for better compliance, and satisfied as easily as a voluntary written commitment from a business to address a non-compliance issue. Data holders or accredited data recipients may also be issued with infringement notices if the ACCC considers that a breach has occurred. Court orders, including declarations of a breach, injunctions and penalties, are similarly on the cards for CDR participants not complying with the data right.
Escalating things, the ACCC can suspend or revoke accreditation status under certain circumstances, prohibiting the party from collecting data while in effect, if, for example, such an action is necessary in order to protect consumers.
Beyond that, in the case of serious breaches of privacy safeguard rules or data standards, legal proceedings are on the cards.
“The court can make a range of orders including civil penalties, action to remedy a breach, an injunction to restrain a CDR participant from engaging in the conduct, and orders disqualifying individuals from being directors of corporations.
“We are more likely to initiate court proceeding where the conduct results, or has the potential to result, in competitive harm or substantial consumer detriment; is widespread, such that enforcement action is likely to have a significant deterrent effect; or involves a CDR participant that has a history of previous breaches of competition, consumer or privacy laws.”
Compliance with the reforms will be monitored ‘a wide range of information sources and monitoring tools’ to assess levels of compliance and identify potential breaches. That, according to the report, will be a combination of stakeholder intelligence, a complaints process, mandatory periodic reports from data holders and recipients, auditing, information requests and compulsory notices.
Such measures are worthwhile, says the ACCC, as the Government seeks to adopt a ‘strategic risk-based approach to compliance and enforcement’, focused first and foremost on establishing consumer confidence in the security and integrity of the CDR.
“It is the responsibility of each Consumer Data Right participant to be fully aware of their regulatory obligations or face scrutiny by the ACCC and the OAIC,” Court says.
“The Compliance and Enforcement Policy helps clarify these obligations as people prepare to participate in the Consumer Data Right from July 2020.”
The release of the compliance document is a sign that the Australian Government – in particular the ACCC – is deadly serious about protecting consumer confidence in its new Consumer Data Right.
That might be a lead worth following across the Tasman.
In New Zealand, Kiwi banks have already been called on by the government to voluntarily adopt just such open banking principles. Progress, however, has been nonexistent, with New Zealand Commerce and Consumer Affairs Minister Kris Faafoi expressing impatience with the banking sector’s scant progress on voluntary initiatives.
In December, Faafoi issued an open letter to Kiwi bank, saying that the rate of progress had been too ‘uncertain and slow’, and he had therefore directed officials to provide him with advice on the implementation of a potential Consumer Data Right in New Zealand.
Perhaps here, the banking sector has missed a first mover advantage. As Covid-19 related economic pressure continues to mount for small business, the compulsory implementation of a Kiwi data right – and the consumer benefits predicted to flow from it – might look like an increasingly attractive option for a Government eager to stimulate the economy.