Design Paper: a peer-to-peer data access model in the energy sector

[CDR-API-Stream]

The following public consultation, for the peer-to-peer model for the energy sector, is open for feedback.

We invite all participants in the Consumer Data Right to submit their feedback below as part of this GitHub consultation.

The date of closure of consultation is: 26th of May 2021

Link to the consultation: https://treasury.gov.au/consultation/c2021-168954

Context

This consultation is opened in support of the recent announcement from the Treasury, which proposes design options around rules and standards to implement a peer-to-peer model for the energy sector and on an opt-out data sharing model for joint accounts.

This announcement also includes information relating to a change in the gateway model for the energy sector. The implications of this change in direction are the subject of this consultation.

Design Paper

A design paper is a new consultation approach being trialled that intends to provide an opportunity for simultaneous consultation on the rules, policy, standards and guidelines for a change to the Consumer Data Right. In the past we have worked together to solve implementation questions and challenges by first defining Rules and Standards and then requesting comment. A design paper lets participants comment on the implications of proposed Rules and Standards, before they are defined. Where applicable, a design paper will also include consumer experience mock-ups to demonstrate the implementation and how that may affect existing participant's systems.

Providing Feedback

A design paper will elicit feedback to be consumed by multiple teams. Feedback on the standards can be provided here and the DSB will respond directly as per usual. Rules and policy feedback can also be provided here and the DSB will seek to clarify this feedback and then provide it to the appropriate team for consideration.

To assist the feedback process. We ask that you use the numbered reference assigned to each of the paragraphs in the design paper.

Feedback can also be provided via email to data@treasury.gov.au or to contact@consumerdatastandards.gov.au. As per usual practice email submissions will be made public unless a request is included to keep the submission private. While we appreciate that some submissions may need to be private the fact that they will not be available for community discussion necessarily means we will not be able to give them the same consideration as public feedback.

[CDR-API-Stream]

The following feedback was sent via email to data@treasury.gov.au in addition to be posted here on behalf of Momentum Energy:

Dear Sir/Madam

Peer to Peer Data Access Model in the Energy Sector and ‘Opt-Out’ Joint Account Data Sharing Model

Thank-you for the opportunity to provide a submission in response to the recently released papers covering the Peer to Peer Data Access Model in the Energy Sector and the ‘Opt-Out’ Joint Account Data Sharing Model.

Momentum Energy Pty Ltd (Momentum) is an Australian operated energy retailer, owned by Hydro Tasmania, Australia's largest producer of renewable energy. We pride ourselves on providing competitive pricing, innovation and outstanding customer service to electricity consumers in Victoria, New South Wales, South Australia, Queensland, the ACT and on the Bass Strait Islands. We also retail natural gas to Victorian customers. We offer competitive rates to both residential and business customers along with a range of innovative energy products and services.

It is our understanding that the costs and benefits of the Customer Data Right (CDR) for energy have never been fully quantified. We are also unsure of how many customers will utlise their data right and the frequency of such utilisation. Therefore our responses to the issues raised in these consultation papers are largely based on preserving the privacy and control of customer data for customers and minimising complexity and costs for all parties. We believe that customers will initially be very cautious in their approach to the CDR and building their confidence in the systems and processes is paramount for its future success. In this submission we have only responded to questions which we believe have specific relevance to our business model.

1. Peer to Peer Data Access Model in the Energy Sector

Questions 1 Do you have any comments on the proposed rules as outlined at section 1.2?

Momentum supports the proposal for a peer to peer data access model rather than the previously proposed Australian Energy Market Operator (AEMO) gateway model. A universal approach for the design of the CDR in energy is appropriate as it will maximise interoperability with other sectors in the economy and assist in delivering a least cost long term approach. We also support the principle of only introducing sector specific rules where they are absolutely necessary.

Question 2 Do you agree with the proposed approach to the standards changes as outlined at section 1.3? If not, why not?

We believe that the standards and rules should allow for customer metering data to be provided by either AEMO or a retailer with retailers having the right to choose where the data is to be sourced following a customer request.

Questions 3 & 4 Would you support a staged approach to the application of CDR rules as outlined in section 1.4? Why/why not? Do you support a threshold for mandatory participation in CDR? What number of customer connections would be a suitable threshold?

Momentum supports a staged approach to the application of CDR rules due to:

• The CDR for energy being primarily focussed on delivering better switching opportunities for customers that have failed to engage effectively in the market and are on higher priced standing offers . First tier retailers service the majority of standing offer customers and therefore are likely have more customers who will benefit from access to data via the CDR.
• The acceptance or take up of the energy CDR facility is largely unknown, but based on the initial response to the CDR for banking, it is likely to be very low so it would be uneconomic to impose the system costs of the CDR onto smaller retailers in the short term. Moreover the recovery of these unquantified system costs may never occur and they would impose an additional hurdle to market entry for new retailers.
• Retailers can choose to opt in early if they believe the CDR for energy is delivering positive opportunities.

Momentum suggests that the phased approach should be as follows:

Phase 1 - AER (EME) and DELWP (VEC) in order to provide ready access to data for third party ADRs so that customer product offerings can be managed more effectively and efficiently by these ADRs. Phase 2 - AEMO and first tier retailers Origin, AGL, and Energy Australia. Phase 3 - Second tier retailers with in excess of 500K customers. Phase 4 - All remaining retailers.

The second half of this feedback referenced the Joint Account Opt Out model and is submitted there.

[commbankoss]

Commonwealth Bank supports the peer-to-peer approach proposed in the design paper, which aligns to the model used in the application of the CDR to the banking sector. This will lead to a more consistent participant and consumer experience. It will also enable the ecosystem to leverage the experience gained to date in implementing Open Banking, thereby mitigating possible security and integration challenges.

[SarahSilbertAGL]

AGL appreciates the opportunity to provide feedback on the issues raised in the Peer-to-peer access model in the energy sector paper (P2P paper). We welcome and are supportive of Treasury’s decision to move to a P2P model from the gateway model as this aligns with the position AGL has advocated for since the outset of the CDR consultation. As previously discussed with Treasury, we consider the P2P model the best model for the energy sector and for cross sectional functionality, with further reasons considered in our position below. We look forward to working with Treasury on developing the rules and standards framework of the P2P model that results in the most cost-effective solutions and drives a simple and easy to access energy CDR regime for consumers.

We offer the following comments in relation to some of the questions raised in the P2P paper:

Question 1: Rules considerations

• As an overarching comment, AGL supports the P2P model as it best aligns with how consent and data is currently managed by energy retailers who, unlike AEMO, have a direct relationship with the customer. As recognised in the P2P paper, retailers are subject to strict requirements with handling customer information and data both under the energy legislative framework, including their compliance obligations, and under the Privacy Act 1988 obligations in collecting, using, and disclosing personal information. Accordingly, the P2P model maintains the control over customer information by retailers and reduces the potential risks for unauthorised disclosure of customers’ personal information.

• We support the view that, in due course, the P2P model will potentially allow greater efficiencies for retailers with the aim to reduce CDR implementation costs through leveraging the platform to other energy sectors (gas) and markets (Western Australia) and allowing extensibility to other industry sectors for multiproduct offerings, such as telco.

• The retailer as central repository for handling customer data requests from the accredited data recipient (ADR) and authenticating the customer’s identity and obtaining their consent to the data disclosure (as opposed to AEMO) is logical from a data flows perspective and from a customer point of view as it is consistent with customers’ experiences, understanding of consent management, dashboard access and complaint resolution.

• However, flowing from this, it is important that in the development of the CDR rules retailers are not responsible or liable for any data provided by AEMO in the following contexts:

• in point 26 of the P2P paper, we understand that AEMO will not be responsible for authorisation nor required to verify a valid authorisation is in place in disclosing requested CDR data to a retailer. However, we recommend that any data disclosure by AEMO to a retailer which is not associated with a valid authorisation, due to AEMO’s error or otherwise, should be recognised in the CDR rules as AEMO’s responsibility and provision made for AEMO to be accountable for unauthorised disclosures or conversely, expressly state retailers are not responsible.

• Further to points 23 and 27, we recommend that the rules also address that if AEMO has not disclosed the CDR data it holds to the retailer following a valid request, the retailer will not be responsible to the customer for any failure on AEMO’s part to provide the data requested by the retailer. Following from this, the rules need to be clear in what circumstances AEMO can refuse to provide relevant information requested by a retailer following a valid consumer data request.

• As set out in point 31, whilst we understand the limited role AEMO will have with regards to customer data as a ‘secondary data holder’ and the inability to attribute this data to an individual customer, we recommend:

1. the CDR rules make clear that AEMO be responsible for the handling of the data they are in control of and any misuse, inadvertent disclosure, or error with handling this data be the sole responsibility of AEMO; and
2. any customer complaint because of AEMO’s disclosure or non-disclosure, however arising, will be handled by and be the responsibility of AEMO, not retailers, which may require AEMO to be a party to some external dispute resolution process.

• Again, as set out in point 33, we recommend that the CDR rules acknowledge that the retailer has no control or responsibility over the content of the data provided by AEMO following a valid CDR request, although as detailed in the P2P paper, once received the retailer must handle the data in accordance with any privacy safeguard obligations.

• As set out in point 22, the rules will require AEMO to provide an online service that is able to receive and respond to CDR data requests from retailers. AGL recommends that the CDR rules and standards require that the online service supports the business-to-consumer style interactions (B2C) of CDR to ensure consistency of service behaviour and the end-to-end consumer experience between consumers, ADR’s, retailer DH and AEMO. Unlike the current business-to-business (B2B) system offered by AEMO for market interactions, it is pivotal that the online service presents data in a format ready for consumption by end users (consumers) without the need for retailers to in any way “manage the data sets”, such as translating, mediating, converting or caching the results. In effect the retailer is acting as a mailbox only for the AEMO data to be forwarded to the ADR.

• As discussed in point 20, we agree that the CDR rules should support economy-wide provisions to promote interoperability and extensibility of the P2P model into other sectors beyond energy and acknowledge:

1. With the Federal Government’s recent budget allocation and commitment to CDR, this ability to leverage the current P2P platform for retailers with multiproduct offerings into other sectors they may operate in currently or in the future, such as telco, is pivotal and allows for substantial cost savings.
2. This will also support the development of white label products providing accessibility for retailers to purchase ‘off the shelf’ platforms which are usually a cost-effective solution.
3. However, any sector-specific rules developed should be carefully considered and formulated based on sector feedback to reduce the requirement to craft bespoke IT solutions which may appear straight forward, but inevitability can create substantial costs in both fulfilling and maintaining as CDR evolves.

• We support the privacy impact assessment to be undertaken as detailed in point 34 in consideration of the issues raised through the Treasury’s consultation.

• We seek clarification on the issue of metering data and whether retailers will be able to provide this data set following a validated consumer data request if the retailer has the requested information and chooses to do so, rather than requesting this data from AEMO. Under the current model, AEMO is only authorised to provide this data set and it appears any change to include retailers requires amendment to the relevant designation instrument. However, with the move to the P2P model confirmed, AGL recommends that an amendment to include retailers be implemented to further facilitate and promote the CDR regime for customers. This change will allow greater flexibility and responsiveness to consumer data requests if a retailer can respond directly with the metering data they already hold, rather than seeking this data from AEMO. If Treasury would like to discuss further, we are happy to elaborate on this point.

• Also, as a general comment, we recommend that in the development of CDR and drafting of energy rules that consumers’ ability to understand and interpret the benefits of CDR is kept at the forefront of the discussion, to enable this, easy to understand, intuitive, plain English language needs to be adopted and technical speak minimised.

[SarahSilbertAGL]

Further to AGL's response to the P2P paper set out above, AGL provides the following comments in relation to 1.3 Standards consideration:

• AGL supports the intent around the development of appropriate security standards between retailer DH and AEMO as noted in point 36a.

• As set out in our response to Question 1 above, we seek confirmation if retailers will be co-data providers for metering data together with AEMO. If so, this will require technical standards considerations and may impact non-functional requirements referred to in point 36c.

We look forward to participating further in this discussion through the technical standards working groups.

[SarahSilbertAGL]

Further to AGL's response to the P2P paper set out above, AGL provides the following comments in relation to Section 2: Customer Accounts:

• As acknowledged in the P2P paper, most small use energy customers (being residential and some small businesses) have only one account with a retailer, however, a customer may be supplied multiple services/contracts under that account. Further, each energy retailer may handle ‘accounts’ differently depending on their customer management systems. Another challenge with customer accounts in the energy sector is retailers allow flexibility for customers to customise their accounts to reflect their own requirements, for example, grouping multiple sites and/or NMI’s around their preferences for billing arrangements. This is further complicated for business customers which can have multiple layers.

• In this sense, the term ‘accounts’ in energy is a different concept from banking where across that sector it has universal application and it is usual that customers may hold multiple accounts which can be clearly differentiated, such as mortgage, offset, savings accounts. As a result, universal application of this concept in the energy sector is not possible. If an energy customer has multiple accounts, it will be difficult to determine an equivalent naming convention to banking to enable the customer to distinguish between their accounts.

• As suggested in the P2P paper, NMI’s are a technical term used by the industry and not a term generally understood by customers, referring to meter number may be more easily identifiable for customers. Depending on the customer segment, the site address may be an easily identifiable element for customers, particularly in a single service scenario, for instance a customer can distinguish between an electricity account for their residential home and their 2nd ‘holiday’ house. If a customer has multiple contracts at a site with one retailer, for example, electricity, gas, and telco at a residential home, then selecting the ‘service’ at a site may be a more appropriate designation which will also allow cross sectional application.

• Following from this, as set out in the 2.2 Energy P2P model wire frame, we understand that if the customer only has one ‘account’, then the account selection step is not required to be built. However, for customers with more than one ‘account’ we recommend that Treasury further consults with the energy industry to determine an industry wide accepted identifier, and to ensure if standards are tailored for the sector they are fit for purpose, so retailers do not incur unnecessary costs to satisfy requirements which will not be appropriately utilised by customers. These requirements will also be influenced by which consumers can access CDR as different standards may be appropriate for different customer segments, such as residential, small business and large commercial and industrial customers.

[PratibhaOrigin]

Origin Energy appreciates the opportunity to provide input into the development of a Peer-to-Peer (P2P) Data Access Model in the energy sector.

In principle, we support the move to a P2P Model. We believe that it will allow for greater privacy and data security protections of consumer data and appears less complex than the manner in which the Gateway model which was being developed and consulted on in DP 140. Origin did not support AEMO (ie the Gateway) being the master of consumer consent.

However, the effectiveness of this is dependent on the development of optimal and efficient rules and standards – this includes the development of standards for the exchange of data between retailers and AEMO.

There are a number of outstanding questions and comments in relation to the operation of the P2P model. These include: • The most efficient and cost-effective data holder for meter data. This is whether AEMO continues as a sole provider of meter data or whether retailers can take on a dual role of providing meter data. Origin supports the later option – if retailers hold the relevant meter data – they should be able to provide the meter data that is held in their systems;

• Whether AEMO or the DSB are responsible for developing data transfer standards for the exchange of data such as DER, NMI standing data and meter data if necessary. Given that retailers will be relying on AEMO to provide the data as a ‘secondary data holder’, there should be service level requirements on AEMO;

• Scope of consumers to be included as an ‘eligible consumer’ for energy CDR. The size of the consumer will be critical to both the rules and standards development. Large consumer accounts are complex and solutions will vary depending on how consumers are defined. This has not been addressed in the Design Papers;

• It is unclear whether retailers will have any role with regards to generic product data. Retailers will not be the data holder for this data, but it is unclear whether the ADR will go directly to Energy Made Easy or Victoria Compare or whether retailers will have any role with authentication. The Design Paper does not appear to address this issue; and

• We agree that consumers should be able to select which accounts that they provide consent to share. Energy consumers could have multiple accounts (ie same consumer has a residential and a separate business account or the same consumer has a separate electricity and gas account). The term ‘account’ may be an appropriate term that could be applied across sectors, however, technically it may need to be defined differently for energy in standards. It will need to be determined whether account is defined by NMI/MIRN, account number, site ID, consumer ID or some other relevant means to the energy sector. Origin would be keen to have further discussions with the DSB on this issue.

Further details with regards to the above issues, can be found in our detailed response to the Treasury Design Paper.

It is noted that the DSB developed several wireframes to assist with the visualisation of how the rules and standards would appear in systems. We appreciate and thank the DSB for this assistance. Specific comments on the wireframes for the P2P Model are set out below.

1) Wireframe - 2.2 Energy | P2P Model

• Step 2a - Can a consumer select more than one data holder? We understand that this is vanilla scenario example, however we are unclear how it will work for multiple properties or multiple Data Holder scenarios? OR is it always only one data holder at a time?

• Step 3 – We request clarification of the term ‘sharing period’? Is it possible that the ADR will default the sharing period to 12 months as they are unsure how long the consumer has been active with the retailer? Or does it allow the ADR to request just 6 months of data (ie they include the dates which the consumer has supplied of being with the retailer)? Or does it mean going forward, ADR can request consumer’s data anytime within this period?

• Step 6 – Is it the retailer (or the Data Holder) to determine which field of information that they will use to authenticate the consumer? That is, the retailer could use phone number, email address, date of birth or any other field? We also seek confirmation that authentication for energy will be online only. We do not support offline authentication.

• Step 9 – Previous energy rules consultations suggested that there may be additional consent or authorisation requirements for sensitive data. Sensitive data referring to concessions, direct debt details or hardship information. Is sensitive data categories still being considered and it yes, how will they be added to the authorisation flow?

• Step 10 - Between step 10 and 11, does there need to be additional steps where a data holder sends the confirmation email to the consumer notifying that they have authorized to share data from XX data cluster (including AEMO specific data clusters) for YY period with an ADR?

• Step 13 - If a consumer has three properties with a data holder - 1) wants to share Data set 1 and 2 for account 1 (property 1) 2) wants to share ONLY Data set 1 for account 2 (property 2) 3) wants to share no details from account 3 (property 3) Is this an option under CX? OR is it the case that the consumer authorises the DH to share data with the ADR for all selected accounts for the same period of time? We seek clarity around these options.

• Step 13 – Extending from previous comment, for cross-sector, is it assumed all the data clusters will be applicable for all accounts across all sectors?

2) Wireframe - Cross-sector | Electricity and Gas accounts with the same provider (hypothetical)

• Step 3 – What if the authorisation field is different between electricity and gas? That is, the consumer has an electricity and gas account, but they have been entered into at separate times. One account may have one mobile number and the other account a different account number. What will happen if the authorisation for the 2 accounts do not match? Also, when different data holders use different portals to authorise – how will this operate?

• Step 4 - Does it depend on the ADR sending the request as well? What happens if an ADR is accredited only for a specific sector and not both – will the Data Holder portal still shows cross- sector accounts for selection?

• Step 5 - From a cross-sector perspective, is it an assumption that data clusters will be uniform and applicable across all sectors? Or will the data cluster selection be specific and unique for each account?

• Step 8 – We seek confirmation of this step - Are the two portals supposed to be in sync and talking to each other every time a change is made on one side (ADR or DH)? How does it currently work for banking? For example, if a consumer updates (withdraws) CDR consent for a data set on an ADR’s portal, does this information flow to the DH on an instantaneous basis? or is there a delay in this information flowing to the DH or it depends on a consumer updating authorisation explicitly on DH portal as well?

[SelenaLiuEA]

Good afternoon everyone, Please see attached submission from EnergyAustralia. EnergyAustralia CDR P2P submission 26 March 2021 FINAL.pdf

[CDR-API-Stream]

In response to the submissions from @SarahSilbertAGL:

The rules specific feedback will be collated and passed to the Treasury rules team for consideration. There were, however, a number of comments specifically related to the need to separate responsibility for data between retailers and AEMO. These will also be taken into consideration when amending the non-functional requirements section of the standards to facilitate the introduction of the concept of a secondary data holder.

In response to specific feedback:

• As set out in point 22, the rules will require AEMO to provide an online service that is able to receive and respond to CDR data requests from retailers. AGL recommends that the CDR rules and standards require that the online service supports the business-to-consumer style interactions (B2C) of CDR to ensure consistency of service behaviour and the end-to-end consumer experience between consumers, ADR’s, retailer DH and AEMO. Unlike the current business-to-business (B2B) system offered by AEMO for market interactions, it is pivotal that the online service presents data in a format ready for consumption by end users (consumers) without the need for retailers to in any way “manage the data sets”, such as translating, mediating, converting or caching the results. In effect the retailer is acting as a mailbox only for the AEMO data to be forwarded to the ADR.

This is helpful feedback and could be used as a general principle for the development of standards between primary and secondary data holders or between designated gateways and data holders. This will be incorporated into the consultations on the end points to be exposed by AEMO to support the P2P model.

• As discussed in point 20, we agree that the CDR rules should support economy-wide provisions to promote interoperability and extensibility of the P2P model into other sectors beyond energy and acknowledge:

1. With the Federal Government’s recent budget allocation and commitment to CDR, this ability to leverage the current P2P platform for retailers with multiproduct offerings into other sectors they may operate in currently or in the future, such as telco, is pivotal and allows for substantial cost savings.
2. This will also support the development of white label products providing accessibility for retailers to purchase ‘off the shelf’ platforms which are usually a cost-effective solution.
3. However, any sector-specific rules developed should be carefully considered and formulated based on sector feedback to reduce the requirement to craft bespoke IT solutions which may appear straight forward, but inevitability can create substantial costs in both fulfilling and maintaining as CDR evolves.

This is helpful feedback for the standards as we adopt the second sector. The possibility of multi-sector data holders and the need to reduce implementation costs by limiting bespoke builds will need to be considered in subsequent technical consultations.

• Also, as a general comment, we recommend that in the development of CDR and drafting of energy rules that consumers’ ability to understand and interpret the benefits of CDR is kept at the forefront of the discussion, to enable this, easy to understand, intuitive, plain English language needs to be adopted and technical speak minimised.

This is certainly the intent of the CX standards and aligns with the standards for the development of both technical and CX standards.

[CDR-API-Stream]

In response to additional feedback from @SarahSilbertAGL:

• AGL supports the intent around the development of appropriate security standards between retailer DH and AEMO as noted in point 36a.

Thank you for this feedback.

• As set out in our response to Question 1 above, we seek confirmation if retailers will be co-data providers for metering data together with AEMO. If so, this will require technical standards considerations and may impact non-functional requirements referred to in point 36c.

This is essentially driven by the designation instrument so can only be commented on by the policy teams within Treasury. From a standards perspective, the standards will be developed to align to the rules and the designation instrument.

[CDR-API-Stream]

In response to the standards specific feedback from @PratibhaOrigin:

However, the effectiveness of this is dependent on the development of optimal and efficient rules and standards – this includes the development of standards for the exchange of data between retailers and AEMO.

The DSB concurs with this statement. Feedback on what would be considered optimal and efficient by the existing participants of the energy sector would be welcome in upcoming consultations.

Whether AEMO or the DSB are responsible for developing data transfer standards for the exchange of data such as DER, NMI standing data and meter data if necessary. Given that retailers will be relying on AEMO to provide the data as a ‘secondary data holder’, there should be service level requirements on AEMO;

It is understood that this will be done by standard CDR standards development processes. The DSB will provide advice to the Data Standards Chair who has the authority to make binding standards.

• It is unclear whether retailers will have any role with regards to generic product data. Retailers will not be the data holder for this data, but it is unclear whether the ADR will go directly to Energy Made Easy or Victoria Compare or whether retailers will have any role with authentication. The Design Paper does not appear to address this issue; and

The design paper does not address this as this is not an area of the designation that is impacted by the P2P model change. Generic product data will be delivered to ADRs by EME and VEC using data provided to them by retailers as per the current designation instrument for the energy sector.

• We agree that consumers should be able to select which accounts that they provide consent to share. Energy consumers could have multiple accounts (ie same consumer has a residential and a separate business account or the same consumer has a separate electricity and gas account). The term ‘account’ may be an appropriate term that could be applied across sectors, however, technically it may need to be defined differently for energy in standards. It will need to be determined whether account is defined by NMI/MIRN, account number, site ID, consumer ID or some other relevant means to the energy sector. Origin would be keen to have further discussions with the DSB on this issue.

This is helpful feedback and aligns with feedback from other contributors.

It is noted that the DSB developed several wireframes to assist with the visualisation of how the rules and standards would appear in systems. We appreciate and thank the DSB for this assistance. Specific comments on the wireframes for the P2P Model are set out below.

Thank you for this detailed feedback. It has been noted by the CX team. Questions that can be immediately addressed are responded to below.

1) Wireframe - 2.2 Energy | P2P Model

• Step 2a - Can a consumer select more than one data holder? We understand that this is vanilla scenario example, however we are unclear how it will work for multiple properties or multiple Data Holder scenarios? OR is it always only one data holder at a time?

The authorisation part of the consent flow can only be exercised per data holder as the data holder needs to authenticate the user and complete authorisation separately.

• Step 3 – We request clarification of the term ‘sharing period’? Is it possible that the ADR will default the sharing period to 12 months as they are unsure how long the consumer has been active with the retailer? Or does it allow the ADR to request just 6 months of data (ie they include the dates which the consumer has supplied of being with the retailer)? Or does it mean going forward, ADR can request consumer’s data anytime within this period?

While the ADR can request a sharing duration of the consumer it is required that the consumer can elect how long they are comfortable sharing during.

• Step 6 – Is it the retailer (or the Data Holder) to determine which field of information that they will use to authenticate the consumer? That is, the retailer could use phone number, email address, date of birth or any other field? We also seek confirmation that authentication for energy will be online only. We do not support offline authentication.

Yes. The standards currently require that the authentication process will uniquely identify a consumer and the expectation of the rules is that all eligible consumers can be authenticated but, within constraints of this nature, there is latitude for the data holder how authentication is done due to the variation that exists with existing authentication processes.

• Step 9 – Previous energy rules consultations suggested that there may be additional consent or authorisation requirements for sensitive data. Sensitive data referring to concessions, direct debt details or hardship information. Is sensitive data categories still being considered and it yes, how will they be added to the authorisation flow?

The consideration for these has been to move them to a separate, dedicated scope, so the consumer has direct control of the sharing of these fields. This is currently addressed in the draft energy standards.

• Step 10 - Between step 10 and 11, does there need to be additional steps where a data holder sends the confirmation email to the consumer notifying that they have authorized to share data from XX data cluster (including AEMO specific data clusters) for YY period with an ADR?

We will take this question on notice.

• Step 13 - If a consumer has three properties with a data holder -

1. wants to share Data set 1 and 2 for account 1 (property 1)
2. wants to share ONLY Data set 1 for account 2 (property 2)
3. wants to share no details from account 3 (property 3) Is this an option under CX? OR is it the case that the consumer authorises the DH to share data with the ADR for all selected accounts for the same period of time? We seek clarity around these options.

The scopes and sharing duration are common for a single authorised consent and apply to all associated accounts. If separate scopes are required for different accounts then this would be serviced by an ADR through the creation of multiple concurrent consents.

• Step 13 – Extending from previous comment, for cross-sector, is it assumed all the data clusters will be applicable for all accounts across all sectors?

No. There will be no requirement for retailers to support banking data clusters or for banks to support energy sector data clusters.

The requirements for specific data holders to support specific data clusters is driven by the designation instruments. If a specific organisation meets the data holder criteria for multiple designations (for instance, a bank that is also an energy retailer) then it is understood that data clusters for each of the applicable designations will need to be supported.

2) Wireframe - Cross-sector | Electricity and Gas accounts with the same provider (hypothetical)

• Step 3 – What if the authorisation field is different between electricity and gas? That is, the consumer has an electricity and gas account, but they have been entered into at separate times. One account may have one mobile number and the other account a different account number. What will happen if the authorisation for the 2 accounts do not match? Also, when different data holders use different portals to authorise – how will this operate?

As we are at the consultation stage for the energy sector with regards to the concept of account (that is one of the subjects of this consultation) this hypothetical can not yet be definitively answered. Scenarios of this type, however, will be very helpful to test solutions as they emerge in future consultations.

• Step 4 - Does it depend on the ADR sending the request as well? What happens if an ADR is accredited only for a specific sector and not both – will the Data Holder portal still shows cross- sector accounts for selection?

There is currently no specific guidance on these questions. This will be worked out in subsequent consultations.

• Step 5 - From a cross-sector perspective, is it an assumption that data clusters will be uniform and applicable across all sectors? Or will the data cluster selection be specific and unique for each account?

Data clusters will be consistent wherever applicable. Only the customer data cluster is currently designated for both energy and banking sectors.

• Step 8 – We seek confirmation of this step - Are the two portals supposed to be in sync and talking to each other every time a change is made on one side (ADR or DH)? How does it currently work for banking? For example, if a consumer updates (withdraws) CDR consent for a data set on an ADR’s portal, does this information flow to the DH on an instantaneous basis? or is there a delay in this information flowing to the DH or it depends on a consumer updating authorisation explicitly on DH portal as well?

The only change that is currently supported via dashboards is revocation. When a revocation occurs the other party must be notified. This is required by the rules and supported in a cross-sectoral manner in the current standards.

[CDR-API-Stream]

Thanks for all of the feedback. This consultation is now labelled as feedback closed but we will leave this thread open in case there are any clarifications or responses to the feedback given by the DSB above.

[evtricity]

Having reviewed the design paper: a peer-to-peer data access model in the energy sector #177, I have the following comments:

How will the peer-to-peer model support the simple authentication model for historical energy usage and export data?

Accessing consumption and export data will likely be the highest volume usage of the CDR for energy but the peer-to peer data access model does not recognise the need for that feature to be implemented with a lower level of authentication as is supported through existing manual process (meter data requests through network operators and automated meter data acquisition used by Energy Made Easy and Victorian Energy compare). This requirement for low authentication was proposed by multiple submissions including:

• Accurassi
• Energy Consumers Australia
• Finder
• Green Energy Trading
• Make It Cheaper
• Nectr
• Public Interest Advocacy Centre
• St Vincent de Paul Society Victoria
• WATTever

There is no reference to how this will be supported in the peer-to-peer model so it appears that the request from the majority of comparators (who made submissions previously) and who are potential ADRs will not be supported. With all due respect if these features aren't supported this will directly impact the number of ADRs who will leverage the CDR due to the higher costs and consumer complexity inherent in the strong authentication approach. This will directly impact consumers who will have less choice in the service providers who offer comparisons using meter data from the CDR.

As a more general comment, the CDR looks increasingly expensive and complex for potential ADRs like us (WATTever) to implement as time goes by.