Australia needs to be a maker, rather than just a taker, of data technology if we are to keep up with the pace of digital innovation internationally.  Data-driven technologies will provide our nation with significant public benefits, but for us to fully exploit these benefits we need a regulatory landscape that makes Australia an attractive jurisdiction for businesses to invest in and launch these products. 

To that end, we need a new government institution responsible for developing the regulatory framework for data in Australia – an institution that is focused on encouraging innovation and building consumer trust rather than “big stick” enforcement.  In our view, it is not appropriate or feasible to expect existing regulators like the ACCC or the Privacy Commissioner to continue to deal with data issues themselves. It would be naïve to think that legal principles, regulatory institutions and enforcement approaches developed for an off-line environment can be applied to disruptive technologies without themselves being disrupted.

Why our current system stifles innovation

Businesses developing data-dependent products or strategies must currently factor a high level of regulatory uncertainty into their plans.  There are many areas of law that cover data issues – competition law, consumer protection and privacy laws for example – but the ways these laws regulate data lacks specificity and the laws are not necessarily consistent.  Many businesses simply have no way of knowing whether a product or strategy will pose a problem until after a regulator takes action against it or one of its competitors.  In our experience this is occurring increasingly frequently as regulators tend to take a “go ahead, but we’re watching” approach that reserves their position and makes it harder for businesses to move forward with confidence.  

We cannot know for certain what chilling effect these circumstances have had on the Australian economy to date, but the risk going forward will be even greater as the pace of development globally accelerates.  With our economy reporting its worst result in decades for the last quarter, we should be working to avoid any unnecessary restrictions on growth, innovation and appropriate uses of data.

Could a new institution be the solution?

The current situation is not the fault of existing regulators, or perhaps anyone’s “fault”.  However, it is clear that Australia lacks a single coherent data regulatory framework that encompasses and reconciles competition law, consumer protection and privacy regulation. 

The question then is who can create this framework?

We say that a new institution is needed to get the balance right between innovation and regulation.  The new institution should have 3 essential characteristics:

  1. The institution’s goal should be to set data policy, draft legislation and provide detailed and practical guidance to businesses on how to implement their digital and open-commerce visions.  
  2. The ACCC, the OAIC, ASIC, APRA, the Productivity Commission and other regulators should be consulted in this next stage of development, but they should not be the bodies that lead it. 
  3. The new institution should not have enforcement functions – businesses should feel comfortable working with this institution to assist in the creation of data policy by sharing information and ideas without having to fear that this engagement might lead to costly investigations or enforcement action.  However, the institution’s focus would be on producing tangible outcomes in the form of data policy and draft legislation. Its output would also include guidance for existing regulators to ensure that they enforce the new regulations consistently.

What has the UK done?

In the UK, the Centre for Data Ethics and Innovation (CDEI) is an independent advisory body with a broad mandate to advise the UK government on how to maximise the benefits of data-driven technology.  But it’s more than a ‘spruiker’ of new technologies – core to its purpose is to ensure business embraces the critical importance of consumer trust in data-driven technologies to their success.  The CDEI also provides a centralised ‘centre of excellence’ within the UK Government on AI and digital issues on which other regulators when addressing digital issues in their jurisdictions. It’s still early days, but we think the UK is on the right track with the CDEI and there is much an Australian institution could take on.

Time is of the essence

There are other regulatory reforms on the horizon that, if not executed correctly, threaten to have a disproportionate, stifling impact on data innovation in Australia.  For example, the ACCC has been pushing for a general prohibition on “unfair practices”.  Given the broad scope of this prohibition and its potential chilling effect on data-driven innovation, the new institution should account for “fairness” in creating a regulatory framework that not only gives business confidence and transparency over what’s “fair”, but also guides the ACCC in its enforcement activity. 

To make all of this happen we need industry and technology experts, business and experienced regulators to come together quickly to think deeply about what is at stake, set policy, draft legislation and provide clear guidance on how to balance innovation with trust and safety.  A new data institution would be the best vehicle to achieve that goal and allow public benefits to flow from greater data-driven innovation.