4 Points You Must Know About CDR Accreditation
The Australian government is putting in significant efforts to ensure maximum control for consumers with regard to their data. The CDR Accreditation laws now give consumers the right to share their data among service providers of their own choosing. It is an opt-in service that consumers can utilize to decide whether to share their data, how much of it to share, the visibility levels they prefer, and even the purpose of sharing it.
First brought up in the government’s draft of Treasury Laws Amendment Bill 2018, this CDR accreditation has set up a framework to implement CDR laws in Australia. The bill offers a system to designate certain entities and data sets that would be subject to the CDR while leaving most of the details to sector-specific consumer data rules for better functionality.
Here are some essential points you should know about CDR accreditation.
1. Data Transfer Is Conducted by Designated Individuals
The bill is quite clear about who will be required to transfer the consumer data. It can be done by anybody designated by the Treasurer on a sector-to-sector basis. This means that the Treasurer will designate sectors within the economy that will need to respond to the consumer demands and transfer their CDR data accordingly.
The ACCC (Australian Competition and Consumer Commission) will then work on developing certain consumer data regulations to offer further details regarding the following protocols:
- The disclosure, accuracy, and use of the CDR data.
- The storage, security, and deletion of CDR data.
- The accreditation of any data recipients.
- The reporting and record-keeping protocols.
2. Only Accredited Individuals Can Receive Data
To further ensure maximum consumer privacy support, the bill states that only entities who have been accredited by the Data Recipient Accreditor can receive the CDR data.
The bill requires a particular Data Recipient Accreditor (also called DRAs) to be appointed to accredit each person or even business to receive this consumer data. This accreditation is done based on sector-specific regulations that are followed as per the consumer data rules set by ACCC. The bill also demands that an electronic register of accredited parties be set to carry out the following:
- Regulate all accreditations.
- Form legal mechanisms to safeguard data
- Inspire confidence in this data-sharing network
3. CDR Data Is Decided by the Treasurer
Consumers have been confused about exactly what kind of data will be caught as per the CDR laws.
The bill has made a clear statement that ensures that any data specified by the Treasurer qualifies as CDR data. Moreover, to further ensure maximum privacy for consumer data, the bill also hints that any data derived from the qualified CDR data can also (potentially) be a part of this mix.
CDR data can be defined as any information that is a part of the Treasurer’s legislative instrument, including data derived from that information. Consumers and businesses should note that this includes any unclassified or aggregated data that is procured from the CDR data.
4. Almost Anybody Can Be a CDR Consumer
A CDR consumer is defined rather loosely in the bill. The bill states that any person to whom the CDR data relates can be a CDR consumer, provided that they are identified through the data. Additionally, both business and individual consumers should be able to benefit from the consumer right. When we look at the explanatory material, though, we get a clearer picture of the fact that these rules only offer privacy protection to individual consumers and small/ medium-sized businesses.