Greetings from Sydney!

While our friends and colleagues in the northern hemisphere have been enjoying their well-deserved summer holidays, privacy professionals here in Australia’s winter climes have been busy keeping up with a number of local developments in privacy and data protection. Once fully implemented, these developments are expected to result in a significant shift in the way in which data is shared, used and regulated in Australia.  

Back in September 2017, I wrote about the Australian Productivity Commission’s report into Data Availability and Use, some of the recommendations made in the report and their likely impact upon Australia’s data privacy landscape if accepted. Moving ahead to 2018, the Australian government has recently announced it will be spending $65 million over four years to introduce a range of measures to implement these recommendations, including:

• Establishing a national data commissioner to oversee a simpler, more efficient data sharing and release framework.
• Creating a new Consumer Data Right (to be called the CDR), giving individuals greater transparency and control over their data.
• Enacting a new legislative framework to enable better use of data across the economy.

On 9 Aug., the government also announced the appointment of Deborah Anton as the new interim national data commissioner for Australia. In her role, Anton is responsible for “implementing a simpler, public data sharing and release framework to unlock the benefits of data and improve social and economic outcomes for Australians while maintaining appropriate data safeguards.” Key to this framework is the introduction of the new CDR.

The CDR provides individuals and businesses with “a right to efficiently and conveniently access specified data in relation to them held by businesses; and to authorize secure access to this data by trusted and accredited third parties.” The CDR will apply to Australia’s banking, telecommunications and energy industries.

On 15 Aug., the Exposure Draft of the CDR Bill was released for public submission. Once enacted, the CDR will provide access to a broader range of information within the above-mentioned industries than is currently provided for under APP12 of the Privacy Act 1988, including data relating to individual consumers and business consumers, as well as products.

As the CDR covers both competition and consumer matters, as well as privacy and confidentiality concerning the use, disclosure and storage of data, it will be regulated jointly by the Australian Competition & Consumer Commission and the Office of the Australian Information Commissioner.

The OAIC has significantly increased its workforce in order to manage the expected additional workload arising from matters related to the CDR, which will commence operation 1 July 2019. Following the retirement in late March of Timothy Pilgrim as Australia’s information commissioner and privacy commissioner, the government also last week announced the appointment of Angelene Falk as the new commissioner overseeing this expanded workforce, effective 16 Aug.

Grappling with the seismic shift that has occurred in privacy and data protection both locally in Australia, as well as abroad, will be the theme of this years’ iappANZ Summit, which will be held at Federation Square in Melbourne 1 and 2 Nov. 2018. At the Summit, we will be exploring emerging trends in privacy regulation, media, technology and innovation and hearing from both local and international privacy thought leaders on these matters.

In other news, this week’s Asia-Pacific Dashboard Digest contains a number of interesting articles across the region. Following the issuing of implementing rules and regulations of the Data Privacy Act of 2012 in the Philippines back in August 2016, their National Privacy Commission has wasted no time in investigating various privacy breaches and also increasing the awareness of Filipino citizens of their own data privacy and security.

Happy reading …