Minutes - 13 Nov 2019

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 13 November 2019
Location: Data61, Level 5, 13 Garden Street, Eveleigh
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 1

Download meeting minutes (PDF 200KB)

 

Attendees

  • Andrew Stevens, DSB Chair
  • Peter Giles, CHOICE
  • Joanna Gurry, NBN Co
  • David Havyatt, ECA
  • Ben Johnson, ERM Power
  • Van Le, Xinja
  • Joe Locandro, AEMO
  • Jan Prichard, Origin (via WebEx)
  • Frank Restuccia, Finder
  • Lisa Schutz, Verifier (via WebEx)
  • Aakash Sembey, Simply Energy
  • Ed Shaw, Ausgrid
  • Lauren Solomon, CPRC (via WebEx)
  • Dayle Stevens, AGL
  • Mark Staples, Data61
  • James Bligh, Data61
  • Rob Hanson, Data61 (via WebEx)
  • Terri McLachlan, Data61
  • Michael Palmyre, Data61
  • Louis Taborda, Data61
  • Bruce Cooper, ACCC
  • Ying Chin, OAIC (via WebEx)
  • Daniel McAuliffe, Treasury (via WebEx)
  • Spiz Dimopoulos, Energy Australia
  • Ying Chin, OAIC

 

Chair Introduction

Andrew Stevens welcomed everybody and introduced himself as the Chair of the Data Standards (DSB) for the first meeting of the Advisory Committee for the Data Standards in the Consumer Data Right (CDR) for the second designated sector in energy/electricity.

It was noted that the Advisory Committee meetings are fairly informal, to encourage all members to provide their input and their advice.

It was noted that the Treasury is responsible for legislation and designation of sectors and overall regime management.

It was noted that the Australian Consumer and Competition Commission (ACCC) is the rule maker. The legislation establishes the right, and the rules are determined by the ACCC, and ACCC also have enforcement and other compliance related powers in relation to the Consumer Data Right.

It was noted that the legislation (and as recommended by the Farrell Review into banking), there is a requirement for the establishment of a Data Standards Body and the appointment of the Data Standards Chair. It was noted that Data61 has been appointed as the Data Standards Body and Andrew Stevens has been appointed as the Data Standards Chair.

It was noted it is required that the Chair convene an Advisory Committee to access a broad range of advice from parties who span the sector landscape, and that the newly-established committee has a range of those perspectives.  It was noted that members include Van Le from Xinja because of the interoperability implications across sectors, which is an important part of this regime.

The Chair noted that we are not implementing open energy, and we are not implementing open banking, but instead implementing a Consumer Data Right that is economy-wide in its scope. It was noted that it is the first such Right that has been implemented on a worldwide basis and that there are implications in us being first. It was noted that it is important for us to recognise and to remember as we are operating in the national interest in this committee because this is a significant reform that is about consumers and competition. It was noted that the role of the rule maker and the primary regulator, as enabled by legislation, is the ACCC.

The Chair noted that the reason members are here isn't only because of the organisations they come from, but also because of the skillset and the capabilities and the perspectives they bring. It was noted that there is quite a difference amongst the members of the committee in terms of their backgrounds and experience, and that is by design. It was noted that members are here in an individual capacity, and delegates are not allowed; if you are unable to attend, that is regrettable, but access is provided via WebEx. It was noted that the Chair wants members’ continuity and perspectives, not specifically their organisation's perspective, but rather to connect with the community and to represent those views in an advisory capacity.

It was noted that this is not a governance committee, it is an advisory committee. It was noted that the Data Standards Body has Working Groups who engage with the community in a very open way using GitHub. Those Working Groups, and the Team Leader of those groups will put together Decision Proposals (DPs). For example, there will be DPs for endpoint standards and payload standards for the APIs. Those teams will put together options in the DPs that this committee and the community should consider, and these will be made available on GitHub.  The Chair noted that we have had close to 500 separate contributors to the standards and this is expected to increase.

The Chair noted that people have been reaching out to join the Advisory Committee after the Expressions of Interest period closed, and he has advised them that the best way they can contribute now is directly via the Consumer Data Standards GitHub.

It was noted that following Decision Proposals and feedback in GitHub, the team would put forward a recommended decision that the Chair would review and approve before it is sent to the Advisory Committee for their input. The Committee would then review and provide feedback and following that input the Chair would make a decision in relation to that standard.

The Chair noted that there are numerous review points, and this includes considering how the standards interact with each other. It was noted that in banking, considerations arise from operations and maintenance of the standards that can lead to enhancements, improvements or modifications of the standards.

The Chair noted the primary role of the Advisory Committee is being aware of all the issues that are current and significant in the community and also recommending or providing feedback on decisions in relation to the standards.

The Chair noted that, based on experience in banking standards, members will likely be invited to speak on numerous panels about the Consumer Data Right on Energy.

The Chair noted that the Advisory Committee minutes are adopted at each meeting and then made public on the DSB website. It was noted that the minutes are read all the way up to the Senate and into Parliament, and questions on these have arisen at Senate Economics Committees and other meetings.  It was noted that the minutes do not attribute comments to individual members.

The Chair noted that we invited in the early days in banking, and again now for energy, the agencies to observe and inform the Advisory Committee. It was noted that this has proved very useful, not only as a communication mechanism, but also as a feedback and consultation channel for the agencies. It was noted that the OAIC and the privacy considerations are incredibly important, and that the CDR is not about open and big data, but instead is about small data which is sensitive and personally identifiable.  The Chair welcomed all the agencies representatives.

It was noted that there is no role that is more or less important than others and that the Chair invites the committee to raise controversial topics.  It was noted that whilst we will run a disciplined, constructive process we want feedback and discussion.

Energy Data Standards Advisory Committee (EDSAC) Introduction

The Chair asked for members and observers to introduce themselves.

The Chair took the Terms of Reference in Appendix B of the papers as read.

The Chair noted that one of the big things in this reform is the impact on consent. The CX Lead, with his CX team in the DSB, have done some amazing work examining consent, and interestingly some businesses that are heavy users of data, have been surprised by the implications on consent.

It was noted consent is a very significant part of this regime, because it is the way in which the consumer with the right accesses and exercises that right for certain types of data, for certain purposes, for a defined period of time. The Chair noted the treatment of consent may be as significant as the CDR itself, with the impact it will have on Australian consumers.

Outline of Roles

Commonwealth Department of Treasury (Treasury)

Treasury provided a summary of their role and updates as follows.

It was noted that Treasury are primarily responsible for preparing the legislation for the CDR, and that this is in place.

It was noted that the next step in the process is to turn on a sector. Normally there is a stage called sectoral assessment, where the ACCC assesses a sector for costs and benefits.  It was noted that energy is being done in a slightly different way, because of the amount of work that has already being done.

It was noted that Treasury has been consulting on the data sets and which data holders should be subject to the CDR regime.  It was noted that the consultation has closed, and Treasury received a good range of submissions from stakeholders. It was noted that Treasury expects to publish those submissions in the next week or so and are aiming to have a government in-principal decision on those datasets and data holders before the end of the year.

It was noted that this would not be the final version because as we work through issues in this forum, for example, we might encounter issues with data sets.  It was noted that the banking sector was designated quite recently, and lessons have been learned in that journey.

It was noted that formal consultation on instruments for the energy sector is expected early next year, and then formal instruments to turn on for energy sector are expected before 30th of June next year.  It was noted that although the CDR regime will be turned on then, the sector won’t become subject to obligations and rights under the regime until the rules and the standards are all settled.

The Chair noted that the instrument provides the frame of reference for the rules developed by the ACCC, and the data standards are required to be developed in the context of those rules.

The Chair asked whether Treasury can confirm that the sector will be turned on by June 2020.  Treasury confirmed that the rule-making power and the data standards setting power will be turned on by the 30th of June next year.

The Chair noted that consistent with the experience to date, we are working in an interim capacity in expectation of those things happening.  Treasury noted that there is in fact legally a Data Standards Body, and legally an Advisory Committee, but that the standards in development can't be made in a binding form before the sector is designated.

The Chair noted that the instrument to be consulted on includes “Who will be the data holders”, and “What are the data sets”. Treasury noted that “Who will be the consumer” will be in the ACCC rules.

It was noted that the Treasury is also working on the external dispute resolution arrangement for complaints regarding the CDR Energy sector.  The Australian Financial Complaints Authority (AFCA) is the External Dispute Resolution (EDR) scheme for open banking and Treasury is looking into what arrangements should be put in place for energy.  It was noted that Treasury are having a series of meetings with the State Energy Ombudsmen and AFCA to discuss options and are hoping to have a proposal early in the new year.

One member asked if there is a timeframe for defining the data sets.  It was noted that there will be specific DSB working groups on data sets.

The Chair noted that the work of the Advisory Committee and the data standards informed the rules, which also informed the legislation.  It was noted there will be consultation between rules and standards people in relation to data under the umbrella provided at the designation by the Treasury in relation to datasets and data holders.

One member noted that for a customer experience such as one-touch switching between energy providers to be effective, one of the barriers is having to deal with transfer of direct debits, by turning them off at one provider and moving them to another. So possibly the datasets should include direct debit authorities or enough information to enable that to occur. Treasury noted that the consultation paper had a section on billing data and raised suggestions regarding payments, receipts, and arrangements for making payments.

One observer noted that the CDR is mostly a right in relation to getting access to data. It's not yet a right that enables consumers to do actions, so we can't change direct debits, or initiate payments, so the actual act of doing switching will not be covered.

One observer noted that the CDR rules refer to voluntary data, and the standards refer to extensibility and that while the purpose of the CDR regime is to compel sharing of read-only data at the moment, the regime allows data holders over and above that to use their investment to do other things that are not compelled, at their own volition.

The Chair noted that it is helpful to envision some use cases, as there is a spectrum of implementation priority that starts at comply and finishes at compete. The question is, where will your organisation view itself in that spectrum?

The Chair noted that in banking, initially we were dealing with policy, regulatory, and government relations people, and that moved swiftly towards strategy and product management people, and then to IT implementation people. Some of the reality of implementing the CDR in banking is that banks had not architected their systems to provide a two second response time for customer data. Systems were architected for information security only. The standards say that the data must be made available at the same or less response time as the normal interactions of the customer and are quite demanding.

The Chair noted that if your organisations adopt a compliance mentality, the CDR will appear non-beneficial to you, but that if you adopt a compete mentality, then the regime could be very beneficial.  It was noted that it will certainly be beneficial to consumers and that use cases are important. The Chair noted that price comparison services already exist, but what is next beyond price comparison in terms of use cases? These use cases will be very helpful for the consumer experience research that we will do, but also as a frame of reference for members approaching their work, advice, and contributions.

One member noted that there will be a narrow data set in the first iteration, but that for the second iteration of data in the energy space there will be more dynamic data, and we should think about use cases for that second set of data as well.

The Chair noted in regards to versioning and road mapping there will be a day one version and there will be later versions. It was noted that rules on data sets, customer types, and convergence of product types, have to be considered in our work. It was noted that in the banking sector it was very helpful that people raised those opinions and thoughts early, because it meant that we could accommodate options to help to future-proof the standards.

One member noted that this is important in managing things, because new data will be created with smart grids with new technologies. The member noted that even industry doesn’t know what the data is yet but does know that there will be new data created for different use cases.

The Chair noted that for example in banking, mortgages are included for July 2020, and the standards to support that are already in place and published. It was noted that we have tried to stay ahead of the implementation timetable in our architectural and design decisions. In some cases, we move towards a mandatory standard but with options to implement things that will apply in the future.  It was noted that those thoughts and ideas are very important in the standards process and that we know this it is also valuable to the ACCC and their rule making.

The ACCC noted that there needs to be a balance between a regime that is simple enough to be implemented in a timely manner and a regime that is future-proof. Versioning is a natural way to develop rules and standards over-time; this is the approach being adopted in the banking sector and is likely to be appropriate also for energy.

One member noted that one of the challenges for the committee is to think about the overall design principles at the economy level.  It was noted that we need to make the right design choices, and these can be iterated, but if they are foundationally wrong, they can’t be fixed.

Treasury noted that from a regime point of view, we need high-level design principles to apply across sectors.  It was noted that a lot of that is at the standards level, like the CX work.  It was noted that this committee can hopefully talk about this.

One member noted that the consumer experience for the consent process in Open Banking is clunky, and that there are tiers of friction.  It was noted that as we work across sectors, we need to build a different quality of consent into the standards.  It was noted that we need to do some design thinking around the future state.

One member noted that we need to be cognisant of areas of vertical integration and operations in place across sectors that might inhibit the commonality in the CDR regime. One of the critical success factors will be to unwind some of those legislative constraints.  It was noted that example constraints in banking are with APRA, in energy with NEC and the national energy legislation. These constraints can affect what data is allowed to be shared. It was noted that their needs to be a stream of work to understand legislative constraints that inhibit that.

One member noted in the context in energy, in a conflict of law situation, that changes to the Competition and Consumer Act, to require the provision of the CDR would trump those other restrictions.

Treasury noted that there has been a lot of work done in the banking sector about what is possible, and how the CDR interacts with existing legislation, and that Treasury are looking at what else needs to be amended in the energy sector.  It was noted that in some ways the CDR can provide the authorisation to do things or to override other legislation, but we need to be cognizant about the existing restrictions.

Treasury noted that ACCC, the Department of Environment of Energy and Treasury are looking at the National Electricity Rules and Law in the energy sector.

The Chairman observed that existing restrictions relate to operational data more than consumer data.

One member noted that one of the learnings from open banking internationally is that usually 12 to 18 months after implementation there is disagreement on its relative success or otherwise.  It was noted this is partly due to success factors or criteria not being set out at the beginning. The member proposed that we consider measures of success of the CDR in context of the energy sector and ideally frame this in terms of consumer and customer outcomes.

One member asked in regards to measuring the performance of sharing arrangements, how do we measure which ones are being taken up by different segments of the community? The Chair noted that the UK regime monitors the response time on APIs, which is a traditional measure but very operational in nature.

One member noted that we need to consider digital inclusion to enable older people or those with different levels of digital literacy to participate in the opportunity.

The Chair asked Treasury whether there are any materials released in relation to success criteria or expected outcomes?  Treasury noted that there have been a number of materials including speeches where the government has set out the objectives they are seeking to achieve from the CDR.

The Chair noted that included in the papers as Appendix A, are the Principles proposed in the Farrell Review around customer focus, promoting competition, encouraging innovation and efficient and fair.  It was noted that the Farrell review recommended a CDR not just open banking, and those principles are standing the test of time.

ACTION:  Treasury to come back at the next Committee meeting with information on success criteria and expected outcomes to use as a frame of reference for our work.

One member noted that in terms of benchmarking, open banking and energy are not apples to apple, and what we have in energy is similar to the US’s “The Green Button”.  It was noted that there are lots of learnings from that, which could add value to defining success factors of the CDR for energy. It was noted that one of the biggest issues in America, is that different states adopted different approaches, and the first thing for us is that the CDR is that it should be national.  It was noted that a key problem with Green Button was on authentication and provisioning of the data.  It was noted that this could be one of our success factors.

One member noted that at the recent Energy Consumer Australia Conference, Michael Murray the President of Mission Data presented.  It was noted that that they would share the presentation link with the committee.

ACTION:  Member to provide the presentation link for circulation to the committee.

Treasury noted that it may be useful to arrange a meeting via VC with Michael Murray and some members of the committee.

ACCC noted that the situation in Australia is that data holders are obliged to provide information in a format that conforms with DSB standards, which is very different to the situation in the US.

Australian Consumer and Competition Commission (ACCC)

The ACCC provided a summary of the role of ACCC and updates as follows:

ACCC noted that they have a number of functions including making the rules, accrediting entities to be data recipients, maintaining a register of data recipients and data holders, education, compliance, and enforcement of the rules.

It was noted that the main function and most relevant for this committee will be the development of the rules.  It was noted that in the energy sector, the ACCC has started some of that thinking and has announced their view of the data access model and benefits of using AEMO as a gateway in the energy sector. It was noted that energy is a very different industry because there is a large number of small retailers and distributors as well as AEMO.

It was noted that an important early decision for the ACCC is how consent and authorisation would be managed in the energy sector and that this could be quite different to the banking sector. It was noted that the form of the designation instrument would inform the draft rules.

The Chair asked ACCC whether there will be separate rules for energy or will there be modifications to the CDR rules which exist to cope with the differences in energy.

ACCC noted that they designed the rules as they currently stand to have a common set of rules with a schedule that applies to banking, and that the ACCC expects that there will similarly be a separate energy schedule.

It was noted that ACCC will publish some policy consultation papers and perhaps draft rules in the first part of next year.  It was noted that even if Treasury turns on the ability to make rules on by 30 July, the rules will not be finalised at this time.

It was noted in regards to accreditation of data recipients, if you can demonstrate that you have the right IT security provisions, dispute resolution, and insurance, etc, the ACCC will register you as a data recipient.  It was noted that the ACCC also needs to put data holders on the register as they need to have a public/private key pair to participate in CDR.

It was noted that one of the things that the register will need to do, that it doesn’t currently do for banking, is deal with tiered accreditation.  It was noted that there is currently a single tier, and that if you are accredited to get banking data this will allow you to also get energy data.

It was noted that once someone is accredited, before the ACCC will put them on the register, there is an onboarding component which is currently underway with the banks which tests that their APIs work internally, that they recognise the register, and also ecosystem wide testing to make sure that everyone can talk to each other.  It was noted that this is currently a manual process and the ACCC will need to make it more automated, and the ACCC has plans to do so in the first half of next year.

It was noted that the ACCC shares the education function with others in the ecosystem (DSB, Treasury & OAIC) and people will start to see more communication generally in the coming months, with the precise timing dependent upon timing of implementation.

It was noted that the ACCC shares the compliance and enforcement function with OAIC in relation to privacy.  It was noted that a compliance and enforcement policy will be published in the coming months.

It was noted that the ACCC has previously indicated that it would look to commence CDR in the energy sector in the second half of 2021 – having regard to anticipated implementation timing in the banking sector.

The Chair noted that for the idea of comply and compete, the accreditation process gets data recipient onto the ecosystem, but for impact to consumers, this is a voluntary regime in that it provides a right for consumers to do something but no compulsion for them to share data.  It was noted that in the work committee members do outside of this group, in discussion with others they should remind them that there are both data holders and data recipients in the regime.

One member asked if the energy sector moves ahead with some issues, whether that can influence the whole CDR rather than have a dependency on banking.  The Chair noted that in the conformance testing regime that will apply to energy data holders and recipients, it will also include accredited data receipts from banking. ACCC noted that the intention is to design a system that operates across sectors.

One observer noted that from a standards perspective, the standards are broken down into common aspects and banking aspects.  It was noted that until we do the next sector, the line we have drawn between common and sector-specific, we don’t yet know if that is right.  It was noted that for the rules and the standards, we will have to finesse that line and the more that moves into common, the better.

Office of the Australian Information Commissioner (OAIC)

OAIC provided a summary of the role of OAIC and updates as follows:

OAIC noted that whilst they are in the development phase for the roll out of the CDR into energy, OAIC’s main role is to advise Treasury, ACCC and the Data Standards Body on the privacy aspects of the scheme.  It was noted that OAIC would specifically advise Treasury as to the Designation Instrument, and the ACCC on energy specific rules and the Data Standards Body on the CX guidelines and standards.

It was noted that OAIC will be the primary complaint handler for complaints from individuals and small business consumers.

It was noted that OAIC also have a role to educate consumers, data holders, the designated gateway, and data recipients on their rights and obligations and also handle enquiries.

It was noted that OAIC are currently consulting on the Draft CDR Privacy Safeguard Guidelines and that the consultation has been live since 16 October 2019 and is closing on 20 November 2019 and OAIC welcomes feedback on that consultation.

Data Standards Body

The DSB provided a summary of the role of DSB and updates as follows:

The DSB’s role is to assist the Chair and to create the content for the standards, but that the DSB does not make them binding data standards. That is done by the Chair with the authority provided by the rules.  It was noted that the DSB works as transparently as possible, with open working groups on GitHub.

It was noted in regards to the Decision Proposal (DP) process, and the fact that we have versions of standards, you can see examples of how we work via GitHub.

It was noted that we also have an education role, and part of our audience is not just consumers but also the technical audiences that are implementing our standards.  This includes example software releases, reference implementations, reference tools and suites for the development community.  It was noted that the example software releases that are provided are for technical education purposes and are not designed for operational implementation and have no warranties.

It was noted that the DSB is also increasingly starting to think about scaling this technical education better for the larger number of organisations that have to implement our standards.

One observer noted that the definition of what we consider consumer data for inclusion in the standards is in the Designation Instrument.  It was noted that in banking, pricing information is not consumer data, as it doesn’t relate to an account, but it is still designated.  In energy, if network status is not designated it could still be an extension and be voluntary done.

It was noted that the DSB is very aware of the importance of the cross-sector nature of the regime. While there are a lot of sector-specific issues, for example that might impact authorisation standards established in the regime, nonetheless while standing up the standards for energy, the DSB is also trying to develop as much commonality as possible, first for consumers, and then for data recipients and finally for data holders.

The Chair noted that we have three common members between the two advisory committees and have a banking perspective in the energy committee as well.  It was noted that the DSB wants these channels between the Advisory Groups.

ACCC noted that they have used the banking advisory committee as a good way to get informal feedback and consultation.

Ways of Working

Draft Principles of EDSAC Engagement

The Chair noted that in regards to the draft principles of the EDSAC section of the papers he will take it as read.

Draft Rules of Engagement

The Chair noted that in regards to the draft Rules of Engagement section of the papers he will take it as read.

Meetings

The Chair noted that in regards to the Meetings section of the papers he will take it as read.

Publication of Minutes

The Chair noted that in regards to the publication of minutes section of the papers he will take it as read.

Principles proposed in CDR Working Groups

The Chair noted that in regards to the Principles proposed in CDR Working Groups he will take it as read.

Meeting Schedule

The Chair advised that the next meeting will be held on Wednesday 11 December 2019 from 10am to 12pm at AEMO’s offices in Melbourne.

Other Business

There was no other business raised.

Closing and Next Steps

The Chair thanked the Committee Members and Observers for attending the meeting.

Meeting closed at 12:01 PM