Guidelines for business on how to safeguard consumers’ privacy under the Consumer Data Right (CDR) system have been released by the Office of the Australian Information Commissioner (OAIC).
Australian Information and Privacy Commissioner, Angelene Falk said the guidelines aimed to help businesses participating in the CDR system to understand their privacy obligations.
“Strong privacy protections have been built into the CDR system, which strengthens consumers’ rights to control and use their data and enables greater competition, consumer benefits and economic growth,” Ms Falk said.
“Data can only be shared at the consumer’s request, for a specific purpose and for a limited time period,” she said.
“Consumers also have the right to ask for their data to be deleted if the business no longer needs it.”
Ms Falk said the CDR system would initially be implemented in the banking sector from July and would allow consumers to safely transfer their data to accredited recipients to assist in comparing services.
She said it would then be extended to other sectors of the economy, starting with energy and telecommunications.
“The CDR Privacy Safeguard Guidelines set out how businesses must protect consumers’ data under the new Consumer Data Right,” Ms Falk said.
“They build on Australia’s existing privacy framework and provide detailed guidance for businesses handling consumers’ data in the new system to ensure it is protected.”
She said the OAIC would regulate and enforce the privacy aspects of the CDR system and handle consumer complaints in relation to it.
Ms Falk said the guidelines had been finalised following consultation with industry, the Australian Competition and Consumer Commission (ACCC) and other stakeholders.
