In providing services to consumers, businesses such as banks, power and telecommunications companies collect a wide range of customer and product data, including a customer’s account history, transaction records and product usage information.
Earlier this year the Government introduced the Customer and Product Data Bill (Bill). Its purpose being to unlock the potential of customer and product data to create new products and services that benefit consumers, and to lower prices through opening up markets to increased competition.
The Bill’s explanatory note states, “The purpose of the Bill is to establish an economy-wide framework to enable greater access to, and sharing of, customer and product data between businesses.” This ‘Consumer Data Right’ would give consumers (individuals and businesses) in designated sectors greater control over their data and its use. For example, a customer may wish to share their power usage information with a price comparison service. Giving consumers the power to direct a service provider to share their information with a trusted third party would make it easier to shop around. Research in New Zealand and the United Kingdom suggests that consumers could make significant savings each year by simply switching banking, electricity or mobile plan providers.
Businesses that hold designated customer data (data holders) would be required to put in place systems and processes to make requested information available in a standard machine-readable format. Businesses would also have to make information about their products available, which will make product comparison and switching easier. However, not all data would be required to be disclosed. Requests for product data not ordinarily publicly available, and information which if disclosed would adversely affect the security, integrity, or stability of the data holder’s information and communication technology systems, could be refused.
The Bill would be applied one sector at a time, with the Minister of Commerce and Consumer Affairs responsible for recommending the designation of sectors to which the Bill would apply. For each sector, the designation would specify the type of data and functionality to be made available to the customer, and with the customer’s authorisation to accredited third parties. This detail would be delegated to secondary legislation, enabling a more tailored approach to regulating different sectors of the economy. The Bill sets out that the first sector to be designated would be the banking sector.
The Bill provides for additional safeguards around the privacy of individuals and confidentiality of customer information; which will complement the existing protections under the Privacy Act 2020. The Bill also sets out an accreditation regime for third parties that access data, to check and certify that they are trustworthy, competent and secure. Only accredited third parties will be able to request customer data from data holders or request actions on behalf of customers.
Minor infringement offences, including failing to comply with disclosure requirements can result in fines of up to $20,000. However, for failing to verify customers before providing data, fines of up to $2.5 million can apply.
The Bill is expected to progress through to the Select Committee with public submissions invited.