Minutes – 9 Dec 2020
Data Standards Advisory Committee, Meeting Minutes
Date: Wednesday 9 December 2020
Location: Held remotely, via WebEx
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 12
AttendeesOpen allClose all
- Committee Members
- Andrew Stevens, Data Standards Chair
- Jill Berry, Adatree
- Lawrence Gibbs, Origin Energy
- Peter Giles, CHOICE
- Melinda Green, Energy Australia
- Joanna Gurry, NBN Co
- Joe Locandro, AEMO
- Frank Restuccia, Finder
- Lisa Schutz, Verifier
- Aakash Sembey, Simply Energy
- Ed Shaw, Ausgrid
- Dayle Stevens, AGL
- Barry Thomas, DSB
- James Bligh, DSB
- Terri McLachlan, DSB
- Michael Palmyre, DSB
- Mark Verstege, DSB
- Mark Staples, Data61
- Michelle Looi, ACCC
- Jodi Ross, ACCC
- Fiona Walker, ACCC
- Athena Jayaratnam, OAIC
- Aaron Lester, Treasury
- Kate O’Rourke, Treasury
- Jessica Robinson, Treasury
- Philip Schofield, Treasury
- Louise Benjamin, Energy Consumers Australia
- Lauren Solomon, CPRC
The Data Standards Chair opened the meeting and thanked all committee members and observers for attending meeting no 12, the final meeting of the year. He also wanted to wish everyone the best for the season and in particular to thank them for the efforts they’ve made to be a part of this committee and for the role they’ve individually played in the implementation of the Consumer Data Right (CDR) in Australia.
The Chair noted that the CDR Support Portal now has over 300 knowledge articles, guides and FAQs published. This is starting to become a very useful source of information for the participants and the wider community.
The Chair welcomed Kate O’Rourke, the Head of the CDR Division at Treasury and invited her to introduce herself to the committee.
Kate O’Rourke thanked the Chair and took the opportunity to also introduce Jessica Robinson, the Assistant Secretary of the CDR Division at Treasury. She noted that Treasury has always had a small team working on the CDR but with the Government’s decision to transfer some of the responsibilities currently held by the ACCC and the Data Standards Body (DSB) to Treasury, the Treasury Executive decided to create a division and grow the team. This is in recognition of the importance of this reform for the Government and Treasury. This will remain a multi-agency program and they look forward to working closely with colleagues, especially in other sectors.
Jessica Robinson from Treasury noted that she is in the second week of the job but has been in Treasury for a few years. In the last 18 months she has been seconded out to different pieces of work. Most recently she led a task force in Prime Minister & Cabinet (PM&C) on sensitive and critical technologies in critical minerals and before that at the Department of Industry, Resources and Science heading up the Critical Minerals Facilitation Office. She is really excited about the opportunity to bring together a multi-disciplinary team and maximise the opportunity to drive a seamless approach to CDR across the standards and regulation.
The Chair noted that Louise Benjamin from ECA and Lauren Solomon (CPRC) are apologies for this meeting.
The Chair thanked the Committee Members for their comments and feedback on the Minutes from the 11 November 2020 Advisory Committee meeting. The Minutes were taken as read and formally accepted.
The Chair invited Frank Restuccia from Finder to provide an update on the Action Item to report back with data on biometrics increasing uptake of online accounts. The other Action Items were completed.
Frank Restuccia noted that Finder conducted some research on biometrics and mobile app usage. They worked with Qualtrics which is a SaaP company, and produced a Consumer Sentiment Tracker (CST), which is a national representative consumer research study of the Australian public. The survey covers a sample of over 20,000 and is growing by 1,000 every month. See slides at end.
One of the key questions they posed was when comparing phone apps that let you log-in with your fingerprint or Face ID to ones where you need to remember a password or pin code, do you agree or disagree with certain statements for e.g. Apps with fingerprint or Face ID log-in are easier to use (59% agreed); Apps with fingerprint or Face ID log-in are more secure (49% agreed); I would use an app more often that had fingerprint or Face ID log-in (50% agreed); and I would be more likely to download an app where I can log-in with a fingerprint or Face ID (44% agreed). As we move forward a lot of work can happen in the app environment and we need to cater for the fact that there’s not just the one way of working.
On the “easier to use” question the results by generation were: the Baby Boomers weren’t so sure (35% agreed) and would need a lot of education, Generation X (59% agreed) and as they started to go down to the Millennials (74% agreed) and Generation Z (73% agreed) there was an overwhelming response in favour of biometrics.
On the “security” question the results by generation were: the Baby Boomers (35% agreed), Generation X (53% agreed), Millennials (54% agreed) and Generation Z (55% agreed).
On the “more often” question the results by generation were: the Baby Boomers (34% agreed), Generation X (53% agreed), Millennials (56% agreed) and Generation Z (56% agreed).
Finder summed up by saying that the “waterfall authentication” model is a good way of allowing for these different preferences, that we need more CX research on authentication and reiterated that reporting on authentication performance is also important.
One member asked if anyone had done any research on why people are reluctant? They are conscious that in essence this is a prescribed regime across the entire economy and all the downside risk transfer for biometrics is with the citizens.
Another member noted that the Australian Tax Office (ATO) uses biometrics for log-in and they would have done a lot of analysis in regard to that.
The Chair noted that the DSB will follow up on that point and see if the ATO have done any analysis on biometrics for log-in. They will also speak to Phil Schofield as Treasury may be able to assist with this.
ACTION: DSB to follow up with ATO on whether they have done any analysis on biometrics for log-in
Working Group Update
A summary of the Working Groups progress since the last committee meeting was provided in the Committee Papers and was taken as read.
Technical Working Group Update
A further update was provided on the Technical Working Group by James Bligh as follows:
The DSB noted that they are trying to get the full standards swagger for energy published before Christmas. When published, they will open up a consultation on the draft standards as a whole for about 6 weeks.
The DSB wanted to thank Fiona Walker, Michelle Looi and Matt Hose from the ACCC and Luke Wines & Kate Reid from AEMO for all the work they have done this year on the energy standards and rules. They really value the work that went on behind the scenes with the DSB.
The ACCC also noted that they really appreciate all the work and enormous contribution of the DSB to the thinking on energy in the CDR this year.
The Chair noted that the inter working of the agencies has been quite remarkable and we would not be where we are without that, and also having the Advisory Committee meetings which keep us working together is part of the mix so thank you to everyone for that.
One member thanked the DSB for Decision Proposal 140 – Gateway Authentication and Authorisation Mechanisms which they found really useful. They have posted a submission on GitHub and invite members to review the details there. They have requested that the DSB alter the assumption to allow for a co-existing model where retailers can choose to conduct authentication and authorisation themselves, or to outsource it to AEMO.
Consumer Experience Working Group Update
A further update was provided on the CX Working Group by Michael Palmyre as follows:
Over the last month the CX team have done some consumer research and community engagement activities with a lot of focus on version 2 of the rules. They have been working closely with the Australian Competition & Consumer Commission (ACCC) to identify some of those requirements, priorities and timelines emerging so that they can develop Decision Proposals and also guidelines. The last round of research conducted was on disclosure consent and the final report will be available next quarter due to some pressing priorities regarding version 2 of the rules and guidelines. A truncated version of the report will be available shortly.
The DSB noted that the Draft Standards for Authorisation & Authentication Workshop which was held on the 24 November, and as outlined in Decision Proposal 140, was well attended by representatives from the energy and financial sectors – including both data holders (DHs), Accredited Data Recipients (ADRs), industry representatives and government agencies. The workshop artefacts are available on the Miro board which you will find useful if considering a submission to DP140.
The DSB noted that the Consumer Policy Research Engagement (CPRC) Joint Account Report is going through a final review process before being made public in the next couple of days. This can be found on the Community Engagement page.
The DSB noted that they are working closely with the ACCC to identify requirements and timelines for CX items emerging from version 2 rules proposals which include amending consent, separate consent, CX for DH dashboards, disclosure consents and energy data language.
In regard to the 2020 summaries of the Technical and CX actives and outputs, the Chair wanted to acknowledge the enormous amount of work, not only in volume but in value, that the teams have done over the journey in 2020. The richness of the standards and guidelines has been a significant contributor to where we are in the CDR today.
The Chair noted that there are elements of the CPRC report that are quite confronting, but the CDR implementation would be weaker for not having these sorts of inputs in our process. The research, feedback and recommendations are very helpful in our standard setting process and indeed the whole regime. He would encourage all members to keep their eyes out for this report.
A summary of stakeholder engagement including upcoming workshops, weekly meetings and maintenance iteration cycle was provided in the Committee Papers and was taken as read.
Barry Thomas from the DSB provided a further update on the Agenda Item “Service Provider Directory” as follows.
The DSB noted that they have built the Service Provider Directory (SPD) into the CDR Support Portal with the intent to go live next Monday (14 Dec 2020). They would like to give members the opportunity to provide feedback and comments due to the degree of sensitivity. The DSB can not been seen to be in a position where they are supporting any providers or making a warranty that services a fit for purpose, they’ve just providing a “yellow pages” type function. They have asked members who are interested on viewing the SPD to reach out to Jarryd Judd directly.
ACTION: Interested members to reach out to the DSB to view the Service Provider Directory and provide feedback.
Issues raised by Members
Melinda Green from Energy Australia presented on the ‘inclusion of large customers in the CDR’.
EA noted that they have been interested in all consultations, but they noticed that not many people have been talking about large customers and the use of the CDR. They have sent a submission to the ACCC, and they think some further consideration is needed before we potentially move forward and assume that it will be useful for all customers.
EA noted that from an energy perspective, large electricity customers consist of commercial and industrial customers who use more than 160MWh pa (although energy regulations define different thresholds per state); large customers may be one single site or up to a thousand or more small, medium and/or large sites; large customer sites are often aggregated for the purpose of setting up an electricity contract; the contracts may set up by state or by business entity or in some other way.
EA noted that one of the main use cases for the CDR is to help customers get the best deal.
EA noted that the larger customers are offered increasingly bespoke and complex pricing and it is often set up via a tender process by a specialised purchasing manager who is dedicated to electricity. Some customers may have a mixture – small sites may be aggregated or sold businesses or residential plans etc. Add-ons and services are also common.
One member noted they are a massive consumer of power and they have some large contracts that are bespoke, so they understand the complexity. They noted that AGL and Origin are sellers of NBN as a retail service and also Telstra is entering the power market so there is a lot of convergence in the types of services that some of the energy companies are pursuing and vice versa with the Telcos. Calling out the CDR is a great enabler for the consumers but you have to have some way to put principles into place on how we would enable it for medium businesses upwards and have allowances for how we are going to navigate that market as it is quite different.
EA noted that if large customers’ data was available through the CDR, no prices would be available on Energy Made Easy or Victorian Energy Compare. There are no plans to have that information available, and it would be a concern for those customers as they don’t really want their current prices known as it could give their competitors an advantage.
EA noted that meter data would be available through Australian Energy Market Operator (AEMO) in the same way as for small customers. Often meter readings are more frequent (15-min and will soon move to 5-min readings). The billing data has a lot more categories compared to the smaller customer bills. If made available via CDR, there will need to be a standardised way to show these costs.
EA noted that defining which sites belongs to a large customer will be tricky.
One member noted that a source of complexity in CDR for a Carrier Network Infrastructure (CNI) customer is just trying to get the groupings for logical billing versus who gets the pricing versus who is responsible for payment and then all the terms. Secondly, it is a big data problem because all of a sudden 5-minute reads, arbitrages, spot prices go well beyond the traditional mechanics of what you see in a consumer-based type environment.
EA noted that the compelling reason for why large customers would use the CDR could be energy efficiency reasons or companies may want to assist large customers with understanding their energy profiles etc. Large customers typically only shop around at the end of their contract or when the wholesale market falls significantly, they may extend their current contract and get early access to lower prices.
EA noted that in terms of the data sharing arrangements, one of the key benefits is that we are moving into the data economy, large customers should be part of that too. Commercial arrangements can be set up to exchange this information. CDR does this but in a slightly different way and will this be beneficial for ADRs and large customers. There are also potentially some overheads because of the accreditation and set up.
EA noted that it is not clear to some customers whether CDR will be beneficial to them and it is something we need to think through because if large customers and other companies who would be ADRs for large customers are not coming forward saying they want this, there is a risk that we set it up to manage the complexity of large customers and it will not be used.
EA noted that they want the best for all customers, but they see complexities in setting up the CDR for large customers and this may slow down the delivery of benefits for small customers. They are also not certain that large customers will gain the same benefits from the CDR as small customers. They believe there should be a detailed consideration of the impacts and benefits of setting up large customers in the CDR and suggest a later introduction for large customers and potentially only including the smaller large customers (up to 500 MWh pa).
The Chair noted that one issue that has come up in the consultation process is how we present and then compare the data when a lot of the contracts and arrangements etc are bespoke and therefore different. There are inferences that people could make for cost structures on the data if shared and also the parent child relationship of all the entities and bank accounts.
The Chair also noted that the discussions today are large, and the sharing of data bilateral. The question is the cost and benefit of making it multilateral potentially through standardisation. He asked EA if they have any data on the customer’s view on the use of CDR in their contractual and procurement arrangements?
EA noted that they are already sharing that data with brokers and consultants, but it is just what is done with the data. They would be cautious but if it is just used for the purposes as it is today, they don’t think they would have any great concerns. There would be value if there is a company at the parent level who has different electricity contracts with different retailers potentially across different states or if gas were to come in. Bringing it all together in CDR is less of a benefit in energy than it might be for banking.
One member noted that large commercial and industrial customers have offsets and feed-in tariffs because of their renewable energy. You will have nets offs where they have large solar panels on their warehouses, or they may have other credits etc. They noted when looking at the total packages there is a degree of complexity. Banking does not have people selling money back to the banks versus in energy, the way renewables are going in. That is why the data will not increase threefold it will increase 10 x fold as you have to do ins and outs of your renewables and net it – which the banks don’t necessarily do.
The Chair noted that the mortgage offset account is exactly what has just been described. There are also deposit, credit and loan accounts where the parallels are a lot closer than you think. We are talking about the complexity of providing the right, not the value to the customer. It would be very interesting to look at the value to the customers in this cohort as it would be unique.
One member noted that it would also be very applicable to the idea of offsets and credits for consumers as well. They noted that their background is product development in banking from retail up to institutional. Their comparison is what about institutional banking products, are they actually brought into the CDR for sharing?
ACCC noted that large customers are an example of an issue that’s going to be a cross sectoral issue for the CDR but also a good example of an issue that will likely need some modifications or adjustment for particular sectors taking into account the way large consumers consume the relevant product and services in a particular sector. Institutional customers are in scope (Scott Farrell’s first Open Banking Review recommended that all banking customers should be in scope). What carves out some institutional customers or the products they use, are the requirements that they have acquired a publicly offered product, and that is where the bespoke highly negotiated arrangements come into play.
ACCC have also given the banks some guidance in terms of implementation, which will be relevant for them in the context of bringing business customers in scope which is expected in finalising version 2 of the rules. That is because they operate a number of different digital channels; the primary retail channel; a primary business channel; and in addition, there may also be a specific channel for institutional customers. The ACCC considers it would be appropriate for a data holder to meet its obligations to its eligible consumers under the Rules by leveraging both its primary retail and primary business digital banking channels.
In energy there is a different set of issues because you have a homogenous product “energy” and there are different considerations that come into play to what is the appropriate adjusted approach for large customers. It is currently under active consideration by the ACCC.
ACCC noted that the recent submission and presentation today from EA has been extremely useful and they have spent a lot of time over the last few weeks thinking through the issues about large customers which have been quite complex. It is one of the issues they need to do further consultation on when they publish the draft rules. In relation to the aggregation of sites, they made the decision early on not to address that in the Minimum Viable Product (MVP) for the initial energy CDR as it is such a complex issue. For many large customers, accessing at least the AEMO data sets could provide value add. There has been feedback from potential ADRs and representatives from the small to medium enterprises end of the large customer spectrum that it could be quite useful. They need to do further consultation both at the rules and standards level with respect to retailer data sets and the extent to which those data sets involve too many bespoke issues.
ACCC also recognises that any threshold for determining who are the large customers that may not benefit from the CDR is going to have a degree of arbitrariness and that’s something that they put out for consultation with the draft rules. To the extent that there is a threshold, they are mindful that it may need to be accompanied by the possibility of retailers seeking exemptions if they are one of those small handful of retailers that only services the very largest customers and the cost of the build they would need to do to bring on the CDR would outweigh the benefits if those customers don’t regard the CDR as relevant to them.
ACCC noted that they also had some engagement, which has been really useful, with the Energy Users’ Association of Australia, as the representative of large customers and they have provided some very useful feedback which is shaping their thinking at this point.
One member noted from an ADR point of view, there should be obligations to share the data from the retailer to the top as everyone in the ecosystem is going to wear costs for this and they would like to see as much data shared as possible.
Jodi Ross from the ACCC provided a general update as follows:
ACCC noted that the framework team is looking to settle the key aspects of policy positions for version 3 of the rules to accommodate energy into the CDR. They are looking to settle those high-level positions with Commissioners before the Christmas shutdown so the drafting of those rules can continue over January with a view to releasing the draft rules for consultation in February. This will happen prior to the transition of function from the ACCC to Treasury, and if that legislation passes by February, that date would be 28th February 2021.
ACCC noted they are working very closely with Treasury with version 3 of the rules and they have some Treasury staff seconded to their team to assist with the process. Once the transfer occurs, ACCC staff will be transferring to Treasury to continue that set of rules.
ACCC noted that drafting is underway on a number of issues including an economy wide approach to accommodating gateways in the rules. They think some further decisions on policy issues may be needed once the DSB has concluded consultation on authentication and authorisation in the context of the gateway model for energy.
ACCC noted they have a number of issues being finalised for the draft rules in relation to phasing, eligible customers and internal dispute resolution etc. Once those issues are resolved, the rules will be finalised, with the proposed transfer of functions, by the Treasurer on the advice from Treasury.
ACCC noted that, in regard to version 2 of the rules, they remain on track for that version of the rules to be made by the end of the year. The ACCC has provided their advice and recommendations to the Treasurer for his consideration. Given those issues are currently with the Government for consideration they are not able to comment further on the precise details of that package.
One member asked about the economy wide piece, they are interested in what the process is on that. In regard to biometrics, are those patterns on authorisation and authentication a part of that? They do have a problem with the transfer of risk to the citizen, and also with adopting biometrics at an economy wide level without thinking it through.
ACCC noted that from the perspective of the rules, taking a cross sectoral approach is very much at the forefront of their thinking as they develop the next version of the rules. The ACCC team is in discussion with Treasury on areas where they think the rules can be changed to have a more cross-sectoral approach. In terms of authorisation and authentication, that is not something that is dealt with in a prescriptive way in the rules and is appropriately left to the standards. The rules have a cross sectoral approach in regard to consent and authorisation, those are common rules, but the data holders must offer the authorisation process in accordance with the standards.
The Chair noted that consistency of approach economy wide is very front of mind and is central to what we are doing. In regard to biometrics, they are looking at the issue of biometrics and how that could work but he doesn’t see this as a new thing.
Kate O’Rourke from Treasury provided a general update as follows:
Treasury noted that in regard to the Legislation which effects the transfer of the responsibilities, that passed the House of Representatives yesterday (8 Dec 2020) and is scheduled for debate in the Senate today. They noted that they are not sure if it will make it through the Senate and in terms of the transfer, they’ve set a future date in any case, and it will not have any immediate impact whether it’s passed this year or not.
Treasury note that in regard to the Inquiry into Future Directions of the CDR Report, that is still being considered by the Treasurer. They are not able to provide an update at this stage on the timing of when it will be released.
Philip Schofield from Treasury seeks the views from the committee on the CDR Rules Design Review Consultation Paper which was included in the papers as Appendix A as follows:
Treasury noted that Government has tasked them with undertaking a CDR Rules Design Review to consider to what extent, if any, the CDR rules might be grown or reshaped to ensure they are applicable across sectors, keeping the use of sector-specific rules to a minimum.
Treasury noted that the goal is to ensure that new sectors can be brought into CDR relatively quickly through reuse of existing rules, helping also to minimise implementation costs, especially for participants spanning multiple sectors.
Treasury asked with the rules that we have on hand, what might we do to grow and or reshape the rules to achieve that goal of a faster and cheaper implementation? With that in mind, in the rules review they are focussed on a number of review themes i). universality (considers how readily the rules can be applied across multiple sectors and identifying which rules are appropriate to make or keep sector-specific) ii). Prescription (considers the balance struck between principles-based and prescription for the rules, and whether that balance is appropriate) and iii). Simplicity (considers the level of complexity of structure and expression for the rules, whether there is the potential to simplify them in any way and, if so, whether attempting to simplify them would deliver any material benefits).
Treasury noted that considering the three review themes i). do you believe any changes should be made to the CDR Rules to better enable them to be reused across new sectors to achieve the goal of faster and cheaper implementation and ii). had they observed any interactions between the rules and the legislation, standards or guidance that help or constrain the extent to which the rules can be applied across multiple sectors?
Treasury would like to get the committee’s thoughts on growing and reshaping the rules to achieve that objective. They are also very happy to take thoughts and comments offline.
ACTION: Members to provide additional responses to the questions directly to Phil Schofield (Philip.Schofield@TREASURY.GOV.AU)
One member noted that if they have the model where AEMO for example is providing a lot of the services around the transmission between different parties for energy, it would be really great to see that arrangement and capability leveraged for some of the other sectors. We are starting to see some energy companies selling telecommunications services and vice versa and the more standardisation we get across everything, the better.
One member noted that with the Telcos getting into energy and vice versa, enhancing some data attributes without having to build multiple gateways and models has to be a more cost-effective way. With payment gateways, it doesn’t matter what industry you are in, you can use a centralised payment gateway. There shouldn’t be multiple gateways in these circumstances.
Another member noted that they agree with the need for efficiency and to scale up economy wide, but they question the gateway model. They question any assumption that the gateway model is the appropriate way to scale up.
One member noted that they are still trying to grapple with how we make it as standardised as possible, but some things are not known. The gateway model is not clear to them on how it will work, and their concerns are around how that provides privacy and security to the customer’s data.
One member noted that when talking about standardising implementation economy wide, adding a gateway into it complicates things – it is non-standard to start with for that 2nd sector – is it going to be a once off? They suggested a workshop with Treasury might be useful to answer some of their questions.
One member noted that the ATO model for biometrics is a really good resource in terms of a model. They chose the SuperStream gateway model but when they did the single tax payroll, they ditched the gateway model and moved to a direct model. The member assumes that they probably realised that they could conceptualise a framework for the intermediary role and not mandate it. In regard to privacy, gateways are great, but they do add a risk both in terms of single point of failure and a trust issue.
One member noted that these are fairly complex questions, and could Treasury email the questions to the committee to be reviewed and they will respond accordingly?
The Chair asked Treasury if they could formalise that in the CDR Division and to request input from members on those questions.
The Chair advised that the next meeting will be held remotely on Wednesday 10 February 2021 from 10am to 12:00pm.
The Chair would like to wish everyone a happy and safe holiday season and new year and looks forward to working together in 2021 on the CDR regime.
Closing and Next Steps
The Chair thanked the Committee Members and Observers for attending the meeting.
Meeting closed at 11:40