On 1 August 2019, the Treasury Laws Amendment (Consumer Data Right) Bill 2019 (also known as Consumer Data Rights (CDR) legislation) became law in Australia. We previously discussed the Australian Competition and Consumer Commission's recommendations for the CDR in our April 2019 edition of LegalBytes.

The new laws will provide consumers, both individuals and businesses, with a right to access specific data relating to them and held by businesses. The CDR will further allow consumers to authorise access to the data by accredited third parties so that they can accurately compare the service they receive to other providers.

The CDR will first be introduced to the banking sector (and will be known as "Open Banking"), followed by an introduction to the energy sector and then the telecommunications sector.

Objections to the legislation have stated that the CDR lacks sufficient consideration of industries beyond the banking, energy and telecommunications sectors to which the CDR will apply. Other objections to the new legislation are concerned with the existing processes for data access which already applies to these industries, and questions have been raised as to how the CDR will fit with existing industry requirements. For example, it is unclear how the CDR will provide for or interfere with a consumer's ability to switch telecommunications providers.

A report on the new legislation, released by the University of Technology Sydney and Western Sydney University, found that the CDR has been drafted narrowly and therefore affords only limited rights to consumers. The report recommended broader rights of data portability and data access be incorporated in addition to the CDR, to bring Australia more in line with the European Union's data access and portability requirements under the GDPR.

For more information, see the Treasury's information page on the laws here.