Consumer Data Rights participants could face penalties that would range from administrative resolutions to penalties and injunctions for non-compliance of the government’s new policy on consumer data.
The Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC) have teamed up to release the Compliance and Enforcement Policy for the Consumer Data Right.
The policy is designed to help clarify the regulatory obligations data holders must adhere to once this is introduced in July this year.
In the policy, the ACCC and OAIC have outlined the approach they have adopted to encourage compliance with, and address breaches of, the Consumer Data Right regulatory framework.
Sarah Court, ACCC commissioner, said the Consumer Data Right is an important reform that will give consumers greater access to and control over their data.
“With this important reform come significant and serious safeguards,” Court said. “It is the responsibility of each Consumer Data Right participant to be fully aware of their regulatory obligations or face scrutiny by the ACCC and the OAIC.”
The ACCC and OAIC’s risk-based approach to compliance and enforcement focuses on building consumer confidence in the security and integrity of the Consumer Data Right system.
“My office and the ACCC will work in partnership to monitor and actively enforce participants’ compliance with their regulatory obligations, including the privacy safeguards,” said Angelene Falk, Australian Information commissioner and Privacy commissioner.
“A strong regulatory framework is in place to protect privacy and build public confidence in the Consumer Data Right, and the Compliance and Enforcement Policy released today provides increased certainty about how we will uphold these consumer protections.”
Penalties for breaches of the Consumer Data Right legislation, including Privacy Safeguards, Consumer Data Right Rules and Data Standards include:
- Administrative resolutions, whereby a business provides a voluntary written commitment to address a non-compliance issue
- Infringement notices and court-enforceable undertakings
- Suspension or revocation of accreditation by the ACCC (as the accreditor)
- Determination and declarations, using the OAIC’s power to make a determination Following an investigation, to either dismiss or substantiate a breach of a Privacy Safeguard or Rule relating to the privacy or confidentiality of Consumer Data Right data
- Court proceedings (which may result in penalties, injunctions and other orders).
The consumer watchdog said they and OAIC will regularly review the Compliance and Enforcement Policy so that it continues to reflect best practice regulation and evolves with the Consumer Data Right regime.
“Economic reforms like the Consumer Data Right which build consumer confidence in the use of their personal information and encourage innovation will be critical to our recovery after the COVID-19 outbreak,” Falk said.