The changing face of data availability and use: 3 key factors to consider in the tech sector - Lexology

"Three key factors to consider for this sector will be:

1. The imperative to mobilise as an industry to respond to these developments

The Commission’s report recommends an industry-led approach to managing proposed new consumer rights over data. The report suggests an expansive default definition of “consumer data” (i.e. data held by a service provider that a consumer would have rights to access and transfer to third parties, including potential competitors of the service provider), but indicates that a different and potentially narrower definition could be formulated by industry agreement on a sector by sector basis (subject to general oversight by the ACCC).

The technical processes by which consumer data can be accessed and transferred in response to a consumer request may also be defined by industry agreement. This approach recognises that it may not be possible to apply a one-size-fits-all approach to complex data management issues. However, it will only be effective to the extent that there are industry bodies in place that are capable of facilitating an appropriate industry-level agreement. While there may be obvious bodies to play this role for certain segments of the technology industry, such as the CommsAlliance for telecommunications providers, it may be more challenging for others in this diverse sector (from online bookmakers, to providers of wearable technology, to social media operators and others) to develop a coordinated approach.

2. There will be complex interactions with the existing regulatory regime

As flagged above, the Commission proposes that the new data sharing framework would sit alongside existing legislation addressing privacy and other data management issues. This includes legislation of general application, such as the Privacy Act, as well as more targeted legislation that deals only with certain industry sectors, such as the Telecommunications Act and other legislation that imposes specific information handling obligations on telecommunications providers. This may lead to areas of overlap and complex compliance issues for entities that operate in these areas. For example, a telecommunications provider may need to manage different, but overlapping data access and handling requirements across at least three different legislative regimes. There may potentially be instances when compliance with one regime could result in a breach of another, and these will need to be carefully managed.

3. Increased levels of data sharing will provide opportunities for technology providers that can facilitate the sharing process

A number of industries have expressed concern that increased levels of data sharing may also lead to increased data security risks, particularly if not all participants in the sharing framework meet the same level of data security compliance. For example, some in the financial services industry have queried the appropriateness of allowing consumers to compel banks to provide important transactional data to start-ups who may not be properly equipped to safeguard that information, which could potentially be used by fraudsters and other wrong-doers. Clearly technology will have an important role to play in whatever arrangements different industries devise for managing their new data sharing obligations, including by applying an appropriate level of data security. This will be a clear opportunity for technology providers that are able to leverage expertise in systems integration, use of data sharing technologies (including development and implementation of data sharing APIs), and cyber security in order to help industry participants transition to a new open data landscape.

The Commission’s report contemplates a revolution in the way that data is used and managed within the Australian economy, and it is a revolution that the Commission wants to happen quickly. The report’s recommended implementation plan sets out a series of immediate actions for Government to take, as well as actions that should be completed within the next year – this includes development of an initial draft of the Data Sharing and Release Act, with a goal for that legislation to be passed by the middle of 2018."