Key Points

• Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes.
• The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards.
• There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework.
• We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors.
• We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).

中文翻译：

---

个人数据在智能环境中的范围不断扩大，并为规范新兴数字技术提供了可能的途径

关键点

• 全球政策制定者将数据可移植性权利视为刺激竞争性数字经济的重大法律创新。这些权利使消费者和企业可以无缝地接收和传输数据，以实现商业化和提高效率。
• 新近实施的澳大利亚消费者数据权（CDR）提供了信息隐私与竞争法之间复杂关系的一个有启发性的例子，这对数据可移植性计划至关重要。CDR通过实施强制性API标准，授予消费者和企业对澳大利亚银行，能源和电信行业中消费者数据的访问和转移权利。
• CDR的核心有三个策略载体，它们与澳大利亚，英国和欧盟以前的数据可移植性发展并行。它们是CDR方案，隐私和安全保护以及总体监管框架所涵盖的受监管数据的类型。
• 我们认为CDR及其前身主要将数据可移植性作为竞争法的一种手段。但是，尽管CDR的一般政策意图很明确，但我们认为，该方案显示出信息隐私法在其运作过程中的不确定作用。决策者如何考虑这三个政策载体中固有的信息隐私法问题，存在明显的不确定性。
• 我们认为，CDR可能会带来受监管数据的定义性问题，重复的隐私和安全保护以及概念上具有挑战性的监管框架。总之，我们提出了可能的解决方案，这些解决方案将有助于CDR在澳大利亚更广泛的信息隐私法律框架内的运作，该框架受1988年《隐私法》（联邦）管辖，也将与《通用数据保护条例》（GDPR）更好地保持一致。