On 15 August 2018, the Government released an exposure draft of the Treasury Laws Amendment (Consumer Data Right) Bill 2018. The draft legislation seeks to create a new consumer data right (CDR), which will allow consumers to access or direct the transfer of certain personal data held by companies. The CDR reflects commitments made by the Government stemming from recommendations of the 2017 Review into Open Banking in Australia.

The CDR as contemplated in the draft legislation, provides consumers a right to access and to some extent, control their own data. Furthermore, the draft legislation's Explanatory Memorandum explains that 'data that has been derived from CDR data, such as financial reports compiled from transaction data, may also be transferred by a CDR consumer out of the CDR system'. This potentially broadens the scope of data that the CDR may apply to.

Notably, key elements of the CDR will be governed by a new set of Consumer Data Rules. These rules will be determined by the Australian Competition and Consumer Commission (ACCC), and will cover matters relating to the disclosure, use, accuracy, storage, security or deletion of data, the accreditation of data recipients, and reporting and record keeping. Consultation for these Rules opened on 12 September 2018 and will continue until 12 October 2018.

Additionally, an "instrument of designation" provides for the creation of a Data Standards Body, which will cover the types of data the scheme will apply to and how the data will be made available to consumers. The Office of the Australian Information Commissioner will also assist the ACCC in handling the CDR complaints process.

The CDR will first apply in the banking sector before being rolled out across the energy and telecommunication sectors. More information about the Bill can be found here, and Baker McKenzie's Client Alert on the Bill may be accessed here.