Consumers should have a “comprehensive right” to control more of their personal data, under new information laws proposed by the Productivity Commission.
In a new draft report, the government research and advisory body suggests that Australians should have a right to access government and business data about themselves, as part of their right to pass their personal data collected by one company onto another.
This would include data collected by hospitals, Facebook, customer loyalty programs, banks and the Australian Securities and Investments Commission.
“Right now consumers think they own their own data,” said commission chairman Peter Harris at the launch of the report on Wednesday.
“Well, they don’t, and only in a very limited way can they control the data.”
Consumers would also get a right to demand that information no longer be collected on them, as well as the ability to have inaccurate information corrected.
It also recommends the government find ways to improve access and use of data.
“Even trying to find what data sets the government holds is a work for Sherlock Holmes,” said Harris.
Lisa Schutz, founder of Verifier, which empowers consumers to share data between organisations without compromising their user credentials including passwords, thinks the draft report is a big step forward for Australia.
“It’s about time as a country we started using our data better. I totally agree that increasing data usage does not increase data risk and believe we need to punch above our weight in the smart use of data,” she told Business Insider.
However Schutz thinks there is still risk involved and it requires big investment to help agencies handle it properly.
“The report acknowledges the risks (and the desire for) privacy and confidentiality but says they are solvable however, I do not agree they can be solved without big investment and enforced standards,” she says.
“We can’t allow too much discretion on personally identifiable data because frankly people are not well educated about the risks they are taking.
“The biggest risk and the policy sleeper is the handling of de-identified data because the risk is that, while it looks safer, there are plenty of examples of where data can get re-identified.
“Even worse, the idea of abolishing the requirement to delete linked data sets created for research purposes will create plenty of unexploded land mines.
“Evidence would suggest data is never as well protected as it should be. A case in point in recent times would be the hack of Blood Bank donor histories.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.