Updated: Consumers should gain more control of their data, Productivity Commission recommends

The Australian Productivity Commission is calling for a revolution of the country’s data policy framework to give consumers more control of information collected about them by businesses and governments.

In its draft report on Data Availability and Use, the commission recommends introducing a Comprehensive Right to give consumers more control over data collected about them, including the ability to direct data holders to transfer information to a third party of their choice, make edits and corrections, gain a digital copy, as well as opt out of data collecting activities. The Right would apply across both the public and private sector.

The recommendation is just one in a number of far-reaching changes being proposed to open up data access and availability.

In its key findings, the Commission said the extraordinary growth in data generation and usability had “enabled a kaleidoscope of new business models, products and insights to emerge”, which have benefitted not only corporate organisations, but also governments and individuals.

But changes to the way businesses and governments manage people’s data are urgently needed if Australia is to truly reap the benefits of data as an asset, it stated.

To do this, the Commission has recommended a new Data Sharing and Release Act, a National Data Custodian, and accredited release authorities by sector that can streamline access to curated data sets. It also said consumers needed more control over their data, over and above existing Privacy laws.

“Surprising though it may be to many, individuals have no rights to ownership of the data that is collected about them,” Productivity Commission chair, Peter Harris, said. “Data is increasingly an asset, and when you create an asset you should have the ability to use it, or not, at your choice.”

Under the proposed Comprehensive Right, consumers could tell data holders, such as doctors, banks or insurance companies, to transfer a copy of their information to a third party. This right would also extend to businesses acting as purchasers.

“This will give people and businesses who want to be active consumers, genuine control over their data, and will allow innovative businesses and governments the chance to offer those consumers better services,” Harris said. “It will increase competition, and give businesses and governments strong incentives to handle data better.”

According to the report, the lack of trust and barriers preventing the sharing and release of data are stymieing the use and value of Australia’s data, and the country is missing out as a result.

These include opportunities in improved health care, safer and more efficient infrastructure and machinery maintenance, enhanced supply chain logistics, and more tailored financial and energy market products because of its current data framework. The report points to Australia falling behind other countries, such as the UK and New Zealand, directly because of data access.

“Increased access to data can facilitate the development of ground-breaking new products and services that fundamentally transform everyday life,” the report stated. “The potential value of data is tremendous, but so too is the scope for Australia to forgo much of this value under the misconception that denial of access would minimise risks.”

Off the back of the findings, Harris said denying access as a way of minimise risk around data breaches was no longer a good enough reason to prevent data sharing.

“The risks from the proposed reforms are no greater than the risks today that are managed by any consumer who chooses to click a mouse and buy or subscribe to a product,” he said. “And the same advice applies: Be very choosey about who you share your data with.”

The reforms suggest providing permission to Australian Government agencies to share and release data, subject to strong, streamlined safeguards. To help with this, a National Data Custodian would be established with responsibility for accrediting data sharing and release, including a suite of national interest datasets.

The types of risks for individuals identified by the report if data access was more open include discrimination, loss of control over the boundaries around the ‘you’ that the world sees, reputational damage or embarrassment, identity fraud, other criminal misuse of the data and commercial harm.

“That these risks exist is undeniable, but it is important not to fall victim to fear,” the report stated. “Risks of identification can increase with the linkage of separate pieces of data about an individual. Matching data across individuals can also reveal more information about the activities and associations of those individuals.

“But many of them are able to be managed with the right policies and processes. The likelihood of unintended or inappropriate release needs to be carefully considered alongside the likelihood of any genuine harm or costs to the individuals or organisations concerned. Systems and processes can and should be developed to identify, assess, manage and mitigate risks related not just to data release and sharing, but also data collection and storage. Where it is not possible to reduce risks to an acceptable level, the approach being advocated by the Commission would not support release of the data.”

The inquiry and report into Australia’s public and private sector data use comes off the back of the 2014 Financial System Inquiry (the Murray Inquiry), which recommended a review of the benefits and costs of increasing the availability of data and improving its use. More than 210 submissions were received.

“The substantive argument in favour of making data more available is that opportunities to use it are largely unknown until the data sources themselves are better known, and until data users have been able to undertake discovery of data,” the draft report stated.

“Marginal changes to existing structures and legislation will not suffice. The Commission is proposing reforms to data availability and use, aimed at moving from a system based on risk aversion and avoidance, to one based on transparency and confidence in data processes.”

Consumer control versus choice: ADMA

ADMA CEO, Jodie Sangster, welcomed the Commission’s recommendations related to governments opening up access to data, noting that open data access generally drives innovation.

“It’s intended to allow organisations and companies to use data to derive insight and innovate around products and services, and it’s a really good step forward,” she said.

But Sangster was concerned about the potential levels of bureaucracy that could be introduced through a new government department established to manage data transparency and access, as well as the potential compliance issues for businesses.

“It’s too early to see how that will play out, but we have to have open government departments that work in a flexible way and provide access that isn’t caught up in red tape,” she told CMO.

“The sentiment is right, but do we need to have a whole other government department? Yes, we need exploration to understand what data should and shouldn’t be available and have frameworks around that. But could it be the existing Commission and agencies can deliver that? This needs to be pressure tested. What we don’t want is a new government department that ties this up in red tape.”

There are also plenty of implications for business that now need to be thought through, Sangster continued, not least of which is adherence to any regulated data access policy.

“For example, government can designate certain data sets that should be available in the public interest, which has never happened before, and businesses will be obliged to provide those. But we’ll need lot more detail before we can get to that,” he said.

From a consumer engagement perspective, Sangster said it’s clear brands that embrace privacy and consumer choice are the brands that win. But while agreeing consumers should have a level of control about the types of data used to engage with them, and an ability to opt out, she warned against putting all the onus on understanding and responding to open data access on the end individual.

“What we don’t want is for all of it to fall on the consumer, a middle ground needs to be met,” Sangster said. “Control is possibly not the right word, it’s choice.What consumers really need is transparency and choice.”

The Productivity Commission will be holding public inquiries on 21 November in Melbourne and 28 November in Sydney to discuss the draft report, and final submissions are due by 12 December.

The final report is due to be submitted to the Australian Government in March 2017.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+:google.com/+CmoAu