As we recently reported, the Australian Government has this week released the Productivity Commission’s final report into Data Availability and Use.
The final report proposes some radical reforms to the regulation of data across Australia’s economy, with a focus on enhancing consumer rights over data and creating a regulatory framework that will promote sharing and release of important public and private data sets. An important theme of the Commission’s report is the need to drive the debate about data beyond concerns about privacy, and instead to focus on creating an environment that facilitates greater availability and use of data assets. Many of the recommendations would be implemented through a new piece of federal legislation, coined by the report as the Data Sharing and Release Act, which would sit alongside existing privacy legislation, but would focus on cutting through regulatory and other obstacles that currently prevent broader sharing of data within the economy.
As we previously communicated in the lead up to the Report's release, technology companies will need to be particularly alert to the implications of this report as, if adopted by Government, the new open data landscape will present both risks and opportunities for this sector.
Three key factors to consider for this sector will be:
1. The imperative to mobilise as an industry to respond to these developments
The Commission’s report recommends an industry-led approach to managing proposed new consumer rights over data. The report suggests an expansive default definition of “consumer data” (i.e. data held by a service provider that a consumer would have rights to access and transfer to third parties, including potential competitors of the service provider), but indicates that a different and potentially narrower definition could be formulated by industry agreement on a sector by sector basis (subject to general oversight by the ACCC).
The technical processes by which consumer data can be accessed and transferred in response to a consumer request may also be defined by industry agreement. This approach recognises that it may not be possible to apply a one-size-fits-all approach to complex data management issues. However, it will only be effective to the extent that there are industry bodies in place that are capable of facilitating an appropriate industry-level agreement. While there may be obvious bodies to play this role for certain segments of the technology industry, such as the CommsAlliance for telecommunications providers, it may be more challenging for others in this diverse sector (from online bookmakers, to providers of wearable technology, to social media operators and others) to develop a coordinated approach.
2. There will be complex interactions with the existing regulatory regime
As flagged above, the Commission proposes that the new data sharing framework would sit alongside existing legislation addressing privacy and other data management issues. This includes legislation of general application, such as the Privacy Act, as well as more targeted legislation that deals only with certain industry sectors, such as the Telecommunications Act and other legislation that imposes specific information handling obligations on telecommunications providers. This may lead to areas of overlap and complex compliance issues for entities that operate in these areas. For example, a telecommunications provider may need to manage different, but overlapping data access and handling requirements across at least three different legislative regimes. There may potentially be instances when compliance with one regime could result in a breach of another, and these will need to be carefully managed.
3. Increased levels of data sharing will provide opportunities for technology providers that can facilitate the sharing process
A number of industries have expressed concern that increased levels of data sharing may also lead to increased data security risks, particularly if not all participants in the sharing framework meet the same level of data security compliance. For example, some in the financial services industry have queried the appropriateness of allowing consumers to compel banks to provide important transactional data to start-ups who may not be properly equipped to safeguard that information, which could potentially be used by fraudsters and other wrong-doers. Clearly technology will have an important role to play in whatever arrangements different industries devise for managing their new data sharing obligations, including by applying an appropriate level of data security. This will be a clear opportunity for technology providers that are able to leverage expertise in systems integration, use of data sharing technologies (including development and implementation of data sharing APIs), and cyber security in order to help industry participants transition to a new open data landscape.
The Commission’s report contemplates a revolution in the way that data is used and managed within the Australian economy, and it is a revolution that the Commission wants to happen quickly. The report’s recommended implementation plan sets out a series of immediate actions for Government to take, as well as actions that should be completed within the next year – this includes development of an initial draft of the Data Sharing and Release Act, with a goal for that legislation to be passed by the middle of 2018.
If the Government commits to this ambitious timeframe, industry will need to work fast to keep pace with these changes.