How much customer data should firms be forced to share?
A key issue is the balance between competition benefits and scope to innovate
Australia is on the cusp of a new era where consumers will be granted the right to access and share data about themselves and their transactions as captured by businesses they deal with, such as banks, electricity retailers, and phone and internet service providers.
Known as a consumer data right (CDR), it has the potential to facilitate consumer choice and so boost competition. However, there is debate about how much customer data these businesses should be forced to share, with concerns that allowing access and sharing of too much data could hinder innovation.
From February 2020, Australia’s Big Four banks will have to provide customers with electronic data about their transactions using credit and debit cards, deposit and transaction accounts, mortgages, and details customers have provided about themselves. Retail electricity and telecommunications accounts will follow later.
Data portability – a new right conferred upon individuals to have data about them and their transactions made available to them in a convenient electronic format – is being created in different ways in different countries.
In Europe, the right to access data is broader (economy wide), much less specified (and therefore open to interpretation and resistance) and available only to individuals.
In Australia the CDR will confer on customers of any size (not just individuals or consumers) a right to access specific data relating to particular categories of transactions conducted by them with particular regulated businesses.
Data types and categories that must be made available by regulated businesses are defined in the rules, with the result that there will be little wiggle room for the creation of roadblocks or argument over interpretation of the rules.
'It is not a human right at all, so it is not conferred only upon individuals'
PETER LEONARD
Limited conception
Peter Leonard, a data commercialisation consultant and a Professor of Practice at UNSW Business School, outlines the differences:
“The European data portability right is a broad right directly derived from European thinking on fundamental human rights, particularly a conception that each human should have better control of personal data that relates to that human,” says Leonard.
“The European law – the General Data Protection Regulation, or GDPR – doesn’t spell out this theoretical underpinning, but it is clear that data portability is enjoyed only by humans.
“By contrast, the Australian version of data portability – the CDR – will be available for all customers of any type or size, but only for transaction types and particular businesses with industry sectors if and when the Australian Treasurer decides that the CDR should come into operation.
“It is not a human right at all, so it is not conferred only upon individuals. Indeed, its conception in Australia had little to do with data privacy of individuals at all, or consumers. It is a customer right.
“The Australian Treasurer decides which businesses in which sectors are to be regulated, if and when and in relation to what data types. The principal regulator, the Australian Competition and Consumer Commission (ACCC), provides advice to the Treasurer and designs and administers the machinery to make the CDR happen. The courts have little role to play.”
Leonard says because of this limited (albeit important) conception of the Australian CDR, pressure may continue to build for creation of a broader data portability right like the European right.
He expects debate in Australia around data portability as a privacy right to gain traction, regardless of implementation of the Australian CDR.
Reshaping markets
For consumers – and for promoting competition – data portability is important in two ways.
“If the customer can take their data somewhere else, they then can remove that data from the control of the organisation they’re taking it from and gain control of their data, potentially as currency to deal with a new provider,” says Leonard, whose career as a business lawyer has focused on advising data-driven businesses.
Customers will be able to supply their data to another provider to see if the provider can offer a better deal. Second, their data itself will have value and they can use this to bargain with organisations.
According to Leonard, this has the potential to make intermediaries – those businesses and websites that receive and analyse customer data – powerful businesses in their own right.
An important consideration is how much governments and the competition regulator – in Australia’s case the ACCC – want to influence markets and competition.
“The big question lurking here is, will the competition commission use its newfound discretions to try and reshape markets the way that it would like those markets to look?” says Leonard.
“Or will it see itself as the faithful servant of the consumer, enabling the consumer to move data and then leave the markets to sort themselves out as they will in free markets?”
For instance, when the open banking regime comes into full force, there is the question of how many different businesses will be accredited to receive customer data from the banks.
“The way that you define the obligations and requirements and accreditation criteria that an accredited data recipient must meet will be critical in determining the extent to which the consumer data right reshapes what competition looks like, and who may become competitors to the businesses that are required by the CDR rules to make available customer data,” Leonard says.
'The easiest way to create stickiness and loyalty is to reward loyalty but also to reward it in a way that isn’t terribly portable'
ROB NICHOLLS
Value-added data
Another significant issue is whether enhanced or value-added data should be subject to the CDR. This data goes beyond transaction data and other basic information about customers, and can be insights, behavioural factors and other inferences about the customer drawn from their transaction data and other information available to a business.
Leonard suggests that it is important to get the balance right in determining what value-added data is subject to the CDR, because getting that balance wrong can reduce a business’ incentive to innovate.
While the open banking regime was originally conceived as one in which only basic data, such as customer-volunteered information and transaction data, was to be portable, Leonard notes the government is now planning to leave the decision about which data to include, and which data to exclude, to the relevant minister, as advised by the ACCC.
“You shouldn’t extend the right to include significantly value-added data because the value-add is precisely where the innovation can and often will happen,” he says.
Rob Nicholls, a senior lecturer in the school of taxation and business law at UNSW Business School, agrees about the importance of data-driven innovation, describing it as “probably the biggest potential source of growth arguably in services driving the Australian economy”.
But Nicholls also sees the CDR as a development with the potential to significantly spur competition.
If Coles supermarkets, for instance, had to release data about their customers’ loyalty schemes transactions and behaviours to Aldi, then the level of competitiveness between those providers may change quite a lot.
“At the moment, what any business tries to do is to create stickiness to their goods and services. The easiest way to create stickiness and loyalty is to reward loyalty but also to reward it in a way that isn’t terribly portable,” he says.
Nirvana target
Nicholls is interested in finding a balance between the competition benefits that data portability would bring against allowing so much data to be accessible that it has a chilling effect on innovation.
On the one hand, allowing companies to tightly hold on to their data can create a winner-takes-all or a winner-takes-most scenario in the digital economy – for instance, where Facebook won out over social media rival Myspace.
Against this is the risk that if companies cannot hold on to their value-added data, then products and services become more-or-less the same, also reducing competition.
“They’re commodities, so there’s not very much product differentiation. When there’s not much product differentiation, there’s not much price differentiation,” says Nicholls.
He sums up what is at stake: “The risk of over-intervention is you get commodification. The risk of under-intervention is you get a monopoly. Broadly, both of those aren’t great outcomes for businesses, but somewhere in between is a vibrantly competitive sector which innovates to compete and produces great new services and [that's the] nirvana target.”