Treasury has prepared a first version of the Privacy Impact Assessment (PIA) for the CDR, in accordance with the Privacy (Australian Government Agencies – Governance) APP Code 2017. The draft PIA is based on the CDR regulatory framework proposed in the Treasury Laws Amendment (Consumer Data Right) Bill 2018. As recommended by the Office of the Australian Information Commissioner (OAIC) in its Guide to undertaking PIAs, extensive consultations have taken place on the privacy risks and concerns associated with introducing consumer data access and portability rights and the approach that is being taken to mitigate those risks. This has occurred as part of, for example:
- the Productivity Commission’s Data Availability and Use Inquiry;
- the Open Banking Review (OBR) and the Government’s consultation on the Final Report of the OBR; and
- consultations on two drafts of the Bill.
The draft PIA documents the outcomes and learnings from these consultations.
The Government is seeking comments on this document by 5pm Friday 18 January 2019, to be considered as part of the development of a revised version.
The revised PIA, incorporating the views of the public as well as key decisions on the Consumer Data Rules and standards, will be completed ahead of the Autumn Parliamentary sitting period.