This article was written by Kendra Fouracre, Lauren Murphy and Kai Nash.
The Consumer Data Right (CDR) is coming to the energy industry. When it arrives, it has the power to fundamentally change the way the energy industry manage and control consumer data.
Last week there were two important announcements that put the wheels in motion for the design and implementation of the Consumer Data Right in energy.
This alert will set out not only what these announcements mean for CDR in energy but also what to expect going forward and how your organisation can ensure that you are prepared for CDR.
Taking a step back - CDR regulatory framework:
The two announcements last week are the first two steps in the journey towards designing and implementing CDR in energy, however it is important to understand how the CDR regulatory framework applies to energy more broadly.
What's the process - CDR design and implementation:
1. Data Access Model
The ACCC announced in its Position Paper published on Friday that the AEMO gateway model is the preferred access model for CDR in energy. As the name suggests, the AEMO gateway model will facilitate the transfer of data between data holders and data recipients (and ADRs) through AEMO's data holdings.
The gateway model (set out in the diagram below) will require:
- AEMO to build a gateway through which AEMO (on behalf of energy data holders) provides CDR data to accredited data recipients.
- Data holders to build web-based APIs that enable 'on demand' provision of various energy data sets.
Last week, Treasury also announced the Priority Energy Datasets Consultation. This consultation will be the basis for determining the priority datasets that will be subject to the Treasurer's designation instrument pursuant to s56AC of the Treasury Laws Amendment (Consumer Data Right) Act 2019.
As a starting point Treasury has proposed the following datasets be considered as priority datasets (depicted below):
- National Metering Identifier standing data field
- Metering data
- Customer provided data
- Billing data
- Retail product data
- Distributed Energy Resource register data
- What datasets should be designated in the energy sector to support basic energy retail product comparison and switching use cases?
- What datasets are required to support more advanced use cases, such as, whether consumers should adopt smart meters, solar panels, battery storage, and/or more energy efficient appliances?
- What other datasets should be designated in the energy sector to support use cases not identified in this document?
Treasury is currently accepting submissions on the consultation (closing on 26 September 2019).
3. Authorisation and authentication
The ACCC noted in its Position Paper that it will need to consider (as an immediate next step) how the gateway model can contribute to the most appropriate authorisation and authentication models for the sharing of energy consumer data. The ACCC also states "The gateway could be used to either conduct or co-ordinate the authentication and authorisation process, by providing a centralised platform that can be used for this purpose. That is, where more than one party holds the data this is being sort, the gateway could direct the consumers current retailer to conduct the authorisation process, ensuring that the sharing of all relevant data is authorised through a single process."
The ACCC has noted that it recognised the concerns raised by stakeholders and will publicly consult on the proposed authorisation and authentication framework. It is important to understand how authorisation and authentication is currently dealt with in your organisation and also to consider the cost of compliance and liability associated with potential industry-wide standards.
4. ACCC Register - data recipients and holders
As part of the broader CDR regime, the ACCC is developing an eco-system-wide Register of accredited data recipients (ADRs) and Data Holders being the entities which hold data within the scope of the CDR across CDR industries. This acts as a "white list" ensuring that only registered entities can get access to data holder information. The Register will represent the source of truth for those entities to discover information about each other and to safely transfer consumer data from Data Holders to ADRs. While the accreditation requirements are yet to be finalised, example criteria have been set out in the Open Banking Draft Rules.
As with the CDR Rules, the development of the Register will need to accommodate a gateway as the data access model for energy consumer data sets. The ACCC and Treasury will both consult on developing the Register to deal with these issues alongside the Data Standards Body (currently Data61).
Interested organisations can register to receive updates on CDR directly from the ACCC as they become available, including in relation to the Register. The ACCC has recently called for expressions of interest for organisations to participate in CDR testing as an ADR or Data Holder. The eligibility criteria and registration details are available on the ACCC website here. Expressions of interest to participate in CDR testing closed on 6 September 2019.
What's the timeframe – revised timeframe for CDR in energy
The timeframe of CDR in energy has been pushed back.
The ACCC states in their Position Paper that they recognise that the first half of 2020 is no longer an achievable time frame considering consultation is required on the scope and content of the initial designation instrument, and the preferred data access model will necessitate some changes to NEM regulatory frameworks.
As such the ACCC has stated that it will work with the energy industry and AEMO on a range of issues, including IT readiness, prior to recommending a revised implementation timetable. The ACCC intends to release an energy CDR implementation timetable to stakeholders later in 2019.
How do you prepare – getting ready for CDR in energy
The passing of the legislation means that the Consumer Data Right cannot be ignored. It is finally part of Australian law. However, it is important that the CDR be seen as more than just an issue for legal compliance teams – we encourage engaging with product development, data strategy and backend technology teams to ensure that your organisation can not only get in front of the potential challenges of the CDR regime but also embrace the potential opportunities it has to offer. CDR is much more than a question of compliance. Instead, this is a question of taking the opportunity to engage with customers differently. This opportunity should drive competitiveness and innovation within, and between, businesses and sectors.
There are some initial critical questions for organisation to consider:
1. If you were required to comply as a data-holder, how would you provide data in a standardized way?
This question is particularly relevant to Retailers and Distributors (named by the ACCC as example data holders). Are you ready for this? How are your datasets structured and how do your current systems measure up to the proposed model? What will it likely cost you to collate and share your data? If your organisation does not have the digital capability or readiness to move early on the implementation, consider what steps need to be taken.
2. What data are you willing to share and what data would you not want to share? Should you opt-in as a data-holder?
If you are not subject to the Consumer Data Right, but you wish to receive access to data from an organisation that is, you may have to share any equivalent consumer data you hold to get it. Have you started considering whether you are prepared to share data with others to receive equivalent data from them?
3. What opportunities does access to third party data present? Should you consider accreditation to receive data?
Consider potential innovations or projects in your pipeline that require data and how they could be enhanced with access to data from other industries or third parties. Also consider the practices and procedures that currently govern privacy and data in your organisation. In Australia, most privacy laws are underpinned by the Australian Privacy Principles (APPs) within the Privacy Act 1988 (Cth). The CDR Regime introduces a number of additional Privacy Safeguards which provide equivalent or stronger protections for consumers. The Privacy Safeguards provide heightened restrictions on the use, protection and disclosure of consumer data in an effort to facilitate increased transparency and trust in the system.
4. How are you protecting your customer data – and how would you expect others to?
It is likely that CDR will be bring additional privacy challenges as well as a suite of new obligations and protections that organisations will need to comply with. It is important to understand the practical safeguards you have in place for the data you hold, and whether they match industry standards and customer expectations. Consumer trust is hard to build, but easy to lose. Key to maintaining trust among customers is ensuring that your use of data complies not only with the law, but also with customer expectations. All organisations must be prepared to engage in a new conversation with their customers about how their data may be used and how also it will be protected against misuse. This will help to educate customers while giving them confidence that their data is in safe hands. This should in turn facilitate future innovative data projects.
- Advertising & Marketing
- Competition & Antitrust
- Consumer Protection
- Data Protection & Privacy
- Digital Commerce
- Electricity, Renewables and Energy Transition
- Electricity, Renewables and Energy Transition
- Energy, Resources & Infrastructure
- International Trade
- Telecommunications, Media, Entertainment & Technology