COMPETITION AND CONSUMER AMENDMENT (REVIEW OF EXEMPTIONS TO PRIVACY SAFEGUARDS) REGULATIONS 2023 (F2023L01028) EXPLANATORY STATEMENT

Commonwealth Numbered Regulations - Explanatory Statements

[Index] [Search] [Download] [Related Items] [Help]

COMPETITION AND CONSUMER AMENDMENT (REVIEW OF EXEMPTIONS TO PRIVACY SAFEGUARDS) REGULATIONS 2023 (F2023L01028)

EXPLANATORY STATEMENT

Issued by authority of the Assistant Treasurer and Minister for Financial Services

Competition and Consumer Act 2010

Competition and Consumer Amendment (Review of Exemptions to Privacy Safeguards) Regulations 2023

Subsection 172(1) of the Competition and Consumer Act (the Act) provides that the Governor-General may make regulations prescribing matters required or permitted by the Act to be prescribed, or necessary or convenient to be prescribed for carrying out or giving effect to the Act.

The Competition and Consumer Amendment (Review of Exemptions to Privacy Safeguards) Regulations 2023 (the Amending Regulations) are made in reliance on the 'necessary or convenient' power in subsection 172(1) of the Act.

The purpose of the Amending Regulations is to provide for a mandatory review of regulation 28RA of the Competition and Consumer Regulations 2010 (the Principal Regulations) to be undertaken within 10 years of its commencement. Regulation 28RA provides for the Australian Energy Market Operator's (AEMO) exemptions from the consumer data right (CDR) privacy safeguards.

Regulation 28RA was inserted by the Competition and Consumer Amendment (Consumer Data Right) Regulations 2021 (the 2021 Regulations) and made for the purposes of section 56GE of the Act. Section 56GE allows regulations to exempt persons or classes of persons from, or modify the operation of, Part IVD of the Act, the consumer data rules, and regulations made for the purposes of Part IVD.

The CDR framework is set out in Part IVD of the Act, the consumer data rules, and the data standards. This scheme imposes obligations on participants responsible for collecting, holding, or disclosing CDR data. These obligations include compliance with the privacy safeguards located in Part IVD of the Act. The privacy safeguards are mechanisms which ensure the security and integrity of personal information used and disclosed by CDR entities in the CDR framework. The application of the safeguards depends on whether an entity is accredited, a data holder or both.

The then Minister designated the energy sector as a participating sector in the CDR scheme with the Consumer Data Right (Energy Sector) Designation 2020. As part of that designation, the AEMO was designated as a data holder.

The consumer data rules define AEMO as a 'secondary data holder'. That is, it holds relevant datasets but has no direct relationship to the consumer. As AEMO does not interact with consumers, it is impossible for AEMO to link the data it holds with individual consumers. In practice, this means it is impossible for AEMO to comply with privacy safeguard 1 (open and transparent management of CDR data), privacy safeguard 10 (notifying of the disclosure of CDR data), privacy safeguard 11 (conditions on maintaining quality of CDR data), and privacy safeguard 13 (correction of CDR data).

Instead, consumers (or accredited persons on consumers' behalf) make data requests to 'energy retailers', another type of designated data holder. The retailers acquire that data from AEMO, link it to the consumer and pass it on to them (or to the accredited person).

In recognition of these circumstances and in reliance on section 56GE of the Act, the 2021 Regulations inserted regulation 28RA in the Principal Regulations. Regulation 28RA exempts AEMO from privacy safeguards 1, 10, 11 and 13, and modifies their application so that the appropriate safeguards apply to energy retailers instead.

The Principal Regulations and therefore the 2021 Regulations are exempt from sunsetting under the Legislation (Exemptions and Other Matters) Regulation 2015.

The review required by the Amending Regulations enables consideration of the ongoing need for AEMO's privacy safeguard exemptions in a timeframe consistent with the usual sunsetting period. This reflects the Assistant Treasurer's undertaking to the Senate Standing Committee for the Scrutiny of Delegation Legislation (the Committee).

The Assistant Treasurer's undertaking was to seek to amend the Principal Regulations to require a review of the 2021 Regulations within 10 years of the latter instrument's making. He made this undertaking to the Committee on 12 December 2022.

The Amending Regulations implement this undertaking by causing a review of regulation 28RA of the Principal Regulations, which has the same effect as reviewing the 2021 Regulations.

The Act does not specify any conditions that need to be satisfied before the power to make the Amending Regulations may be exercised.

AEMO was consulted on the Amending Regulations and did not express any concerns. Public consultation was not considered to be warranted, reflecting that the Amending Regulations are minor and machinery. They put regulation 28RA in a comparable position to instruments subject to the regular sunsetting regime. The Assistant Treasurer's undertaking and the Committee's response were also published in the Delegated Legislation Monitor 1 of 2023, dated 25 January 2023. 

The Amending Regulations are exempted from sunsetting because of the Principal Regulations' exemption under section 12, table item 16(e), of the Legislation (Exemptions and Other Matters) Regulation 2015. However, the Amending Regulations are repealed at the end of the financial year in which the review falls due.

The Amending Regulations are a legislative instrument for the purposes of the Legislation Act 2003.

The Amending Regulations commenced on the day after they were registered on the Federal Register of Legislation.

Details of the Amending Regulations are set out in Attachment A.

A statement of Compatibility with Human Rights is at Attachment B.

The Office of Impact Analysis (OIA) has been consulted (OIA ref: 23-04723). The OIA agreed that an Impact Analysis is not required. Based on the information provided, the OIA considered the measure is unlikely to have more than a minor regulatory impact.

 

ATTACHMENT A

Details of the Competition and Consumer Amendment (Review of Exemptions to Privacy Safeguards) Regulations 2023

Section 1 - Name

This section provides that the name of the regulations is the Competition and Consumer Amendment (Review of Exemptions to Privacy Safeguards) Regulations 2023 (the Amending Regulations).

Section 2 - Commencement

This section provides that the Amending Regulations commence the day after they have been registered on the Federal Register of Legislation.

Section 3 - Authority

This section provides that the Amending Regulations are made under the Competition and Consumer Act 2010 (the Act).

Section 4 - Schedules

This section provides that each instrument that is specified in a Schedule to this instrument is amended or repealed as set out in the applicable items in the Schedules, and any other item in a Schedule to this instrument has effect according to its terms.

Schedule 1 - Amendments

Item 1 of Schedule 1 amends regulation 28RA of the Competition and Consumer Regulations 2010 to require the Minister to cause a review of the operation of regulation 28RA to be undertaken within 10 years of its commencement (27 November 2021).

Item 1 also requires a report to be provided to the Minister as soon as possible after the review is completed.

There is also a requirement for the Minister to cause the report of the review to be tabled in Parliament within 15 sitting days after the report is given to the Minister.

These amendments are repealed on 30 June 2032, which is the end of the financial year in which the review and its tabling in Parliament fall due.

 

ATTACHMENT B

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Competition and Consumer Amendment (Review of Exemptions to Privacy Safeguards) Regulations 2023

This Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Legislative Instrument

The Amending Regulations provide for a mandatory review of regulation 28RA of the Competition and Consumer Regulations 2010, within 10 years after that regulation commenced. This will mean the Minister must provide for a review of the Australian Energy Market Operator's (AEMO) exemptions from consumer data right (CDR) privacy safeguards 1, 10, 11 and 13.

Regulation 28RA was introduced by the Competition and Consumer Amendment (Consumer Data Right) Regulations 2021. It exempts AEMO from those four privacy safeguard obligations in circumstances where AEMO provides CDR data to an energy retailer. Additionally, where appropriate, it applies privacy safeguard obligations to energy retailers in relation to data received from AEMO as if the retailer were the data holder for that data.

Human rights implications

This Legislative Instrument does not engage any of the applicable rights or freedoms. The Legislative Instrument requires the Minister to cause a review of the regulation that exempts AEMO from privacy safeguards 1, 10, 11 and 13. This is distinguished from the outcome of the review, which could ultimately impact the application of the privacy safeguards.

Conclusion

This Legislative Instrument is compatible with human rights as it does not raise any human rights issues.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback