The federal government needs to get on the front foot and prepare for Big Tech to try to get involved with the Consumer Data Right scheme in order to mitigate the significant risks associated with this, a government-led committee has said.
The Senate Select Committee on Financial Technology and Regulatory Technology tabled its final report this week, with a significant focus on the Consumer Data Right (CDR) scheme.
The committee, which is chaired by NSW Liberal senator Andrew Bragg, admitted that the rollout of the CDR “has not been as rapid as some in the industry would like”, and made a number of recommendations going forward.
The prospect of Big Tech firms like Google and Facebook becoming accredited in the CDR scheme was raised on several occasions during the inquiry, and the committee said the government needs to act now to “pre-empt” this happening.
The committee recommended the government review whether the existing processes and CDR rules are adequate to ensure there is a level playing field if this does happen, and that privacy is upheld.
The Office of the Australian Information Commissioner (OAIC) told the inquiry that the participation of these companies in the scheme would present significant privacy risks due to the huge amounts of data they already hold, and the potential for this to be combined with other information such as financial services.
“It would be open to accredited data recipients to ask consumers to consent to combine sensitive financial data with the extensive amount of personal information already collected by these large technology companies, to deliver products or services,” the OAIC said.
“This would allow a large non-bank technology company accredited under the CDR to build profiles of individual consumers, and to derive and provide deep and rich insights into those individuals.”
The committee found that the existing privacy safeguards around the scheme only “somewhat” mitigate these risks.
“The committee considers that the giant reach of these companies, as well as their track record of utilising data in ways that may not meet community expectations, make it prudent to give further consideration to what additional rules or safeguards may be required in the event big tech firms seek accreditation under the CDR,” the report said.
“The government needs to preempt any issues in this area by reviewing and publicly reporting on what additional rules or safeguards may be required in the event big tech firms seek accreditation under the CDR.”
The committee also called for the government to ensure better interoperability with the CDR and other similar schemes around the world, and to “vigorously pursue” the establishment of international open banking standards.
It also said the government should look to establish mutual recognition arrangements for accreditation between the CDR and other schemes.