RETURN TO MAIN BLOG
The Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC) have officially unveiled the Compliance and Enforcement Policy for the Consumer Data Right (CDR) regulatory framework. This policy will support the implementation of the Consumer Data Right, set to commence in July 2020, aiming to enhance consumer access to and control over their personal data.
The policy emphasizes core principles including accountability, efficiency, fairness, proportionality, and transparency. It outlines several methods the ACCC and OAIC will employ to monitor and ensure adherence to the CDR, such as engaging with stakeholders, leveraging external dispute resolution mechanisms, requiring mandatory reports from data holders and accredited data recipients, and conducting audits and assessments.
Key issues identified as priority concerns by the ACCC and OAIC include misleading or deceptive behaviors, invalid consent during data collection, inadequate security measures, refusal by data holders to fulfill legitimate consumer data requests, and improper use or disclosure of consumer information. These actions are considered highly detrimental to consumers and are likely to prompt regulatory intervention.
Enforcement strategies detailed in the policy range from administrative resolutions, like voluntary agreements to rectify non-compliance, to more severe measures such as ACCC-issued infringement notices, court-enforceable undertakings, suspension or revocation of accreditations, OAIC determinations and declarations, and legal proceedings. These actions may lead to penalties, injunctions, and other legal orders.