The Australian Government Treasury has released for industry consultation, draft amendments to the Consumer Data Right rules and regulations made under the Competition and Consumer Act 2010 (Cth), seeking to expand the Consumer Data Right regime into the energy sector.
The consultation period for the draft amendments runs until 13 September 2021. Until that time, clients in the energy sector will be able to have their say as to the proposed amendments, as well as the manner of implementation of the CDR in the energy sector.
For our clients in the energy sector, preparing for compliance with the CDR regime will require significant IT and regulatory efforts.
The Australian Government Treasury has released for industry consultation, an exposure draft of proposed amendments to the existing Consumer Data Right Rules (Draft Rules) made under the Competition and Consumer Act 2010 (Cth) (Act), which seek to expand the Consumer Data Right regime (CDR) beyond the banking sector (known as Open Banking), and into the energy sector. In tandem, Treasury has also released an exposure draft of proposed amendments to the Competition and Consumer Amendment (Consumer Data Right) Regulations 2021 (Draft Regulations), as well as a number of requests for market consultation, seeking industry views as to the regulatory impact and anticipated cost of implementing the CDR in the energy sector.
This release represents the next stage in the Australian Government’s planned multi-industry roll-out of the CDR, now that Open Banking in the banking sector is well under way.
The road so far
After the commencement of the roll out of the CDR in the banking sector, the Australian Government announced its intention to include energy data in the CDR in May 2018, and in June 2020, Treasury released the Consumer Data Right (Energy Sector) Designation 2020 (Designation), establishing the energy sector as ‘next in line’ to be subject to the CDR. The Designation identified certain data sets as those that will be subject to the regime and that can be shared between relevant parties once the CDR is implemented.
Then, in July 2020, the Australian Competition and Consumer Commission (ACCC) invited stakeholder input on the preliminary positions taken by the ACCC in the current set of CDR Rules applying to the banking sector, to be leveraged as the basis for drafting the CDR rules for the energy sector.
CDR in the energy sector
The implementation of the CDR in the energy sector aims to give consumers more control over the sharing of data held by the Australian Energy Market Operator (AEMO) and energy retailers. A consumer may authorise the sharing of their data to themselves, or Accredited Data Recipients (ADRs), which will enable that consumer to more-easily switch between providers, obtain the best energy deals, better manage their energy use and make informed decisions about personal energy investment.
The regime would facilitate the sharing of certain specified data sets, including:
- consumers’ National Electricity Market electricity connections, including meter type, location, network tariffs and whether the consumer uses solar panel power generation or battery storage;
- information about the consumer themselves, including name, entity type and contact details;
- records in relation to a consumer’s account, including records of bills issued and payment received and payment arrangements;
- tariff data (both of the kind that would, and would not, identify the relevant consumer); and
- metering data related to energy consumption.
The aim is for the CDR to foster industry competition and innovation in the delivery of energy services and the development of new retail products.
Amendments to the Rules
The Draft Rules will:
- establish a ‘peer-to-peer’ data access model for ‘data holders’ (such as energy retailers and the AEMO) where:
- customers may get their data from the data holder, or may nominate an ADR to get it for them, by making a request to their energy retailer; and
- the retailer will be responsible for collecting and disclosing all of the data to the customer or its nominated ADR, even if some of that data is held by the AEMO, or another party holding data relevant to the request;
- outline the circumstances in which a consumer will be eligible to make or initiate a data request, define the energy data sets that may be shared and align the internal dispute resolution requirements for data holders with the existing energy sector requirements under national energy legislation;
- describe the types of data that must be disclosed by the data holder in response to a consumer request (required consumer data), and the types of data that may be, but are not required to be disclosed by the data holder in response to a consumer request (voluntary consumer data); and
- outline the staged approach to the implementation of the CDR in the energy sector and provide indicative deadlines for each stage, being 1 October 2022 and 1 October 2023.
Part IVD of the Act sets out the privacy safeguards applicable to ADRs, data holders and (in the case of the banking sector) gateways, in relation to their handling and provision of data, which safeguards exist to protect the privacy of consumers and their data. The Draft Regulations propose to:
- exempt the AEMO from certain privacy safeguard obligations under the Act; and
- confer privacy safeguard obligations on retailers who receive data from the AEMO in connection with a consumer request.
This is because the AEMO has developed its own procedures that govern the privacy and integrity of the data it holds, and so it will not be subject to further privacy safeguard obligations under in the Act. Conversely, energy retailers will be subject to these obligations because they provide information from the AEMO to their customers, even though they do not collect or maintain that information.
What does this mean for our clients?
The consultation period for the Draft Rules and Draft Regulations runs until 13 September 2021. Until that time, clients in the energy sector will be able to have their say as to the proposed amendments, as well as the manner of implementation of the CDR in the energy sector.
Beyond the consultation period, for our clients in the energy sector, preparing for compliance with the CDR regime will require significant IT and regulatory efforts – we have seen that this has already been the case with clients in the banking sector.
Clients may need to:
- assess the type and extent of consumer data that they hold;
- perform a ‘readiness assessment’ of their technology landscape, including examining the need to bolster their existing data security measures and privacy controls;
- implement access and authentication controls in order to enable third party access to relevant data; and
- assess and implement required to changes to existing business processes and policy frameworks related to customer data.
All of this requires significant time, effort and investment that needs to be planned for now.
Clients may also wish to examine opportunities in the market in respect of collaboration with existing entities, with a view to creating the best regime-compliant customer experience.
How can DLA Piper help?
Having assisted clients in the banking sector in respect of the implementation of the Open Banking regime, DLA Piper is well-placed to assist with submissions you may wish to make during the consultation period, taking in to account some real-world issues arising with implementation. We can also work with your team to understand and deal with the technical and regulatory challenges that you will likely face as you begin to navigate the high seas of CDR implementation.
Make no mistake, the technology, business process implementation, training and staffing effort to implement this regime is significant. It shouldn’t be viewed simply as a regulatory burden, but as an opportunity to grow your customer base and as an essential and key part of your strategy to retain the customers you already have. Please contact us for more information as to how we may help you and your business.