Question
We understand that we will need to report on the number of product data requests received, once we go live with Get Products and Get Product Detail APIs in July 2020.
Is there any additional reporting expected for Get Products and Get Product Detail Application Programming Interface's (APIs)? Specifically:
- Do we need to report on complaints from CDR consumers (Section 2, fields 2.1-2.9)? If yes, what would be a hypothetical scenario when a CDR consumer would complain about Get Products and Get Product Detail APIs, considering both these APIs don’t expose any CDR consumer data?
- Do we need to report on refusals to disclose CDR data, CDR rules and data standards relied on to refuse disclosure, number of times relied on each of those (Section 4, fields 4.1-4.3)? If yes, what would be an example of such refusal? Is ‘Too many requests by unique identifier’ security policy that is setup through a gateway such as Apigee considered a refusal to disclose CDR data that needs to be reported on?
Answer
We do not expect a data holder to complete items 2.1-2.6 of the reporting form prior to the commencement of the data holder’s obligations relating to consumer data sharing. We do, however, expect data holders to report on the total number of complaints received from other CDR participants in relation to compliance with Part IVD of the Competition and Consumer Act 2010 (Cth), the CDR rules and the binding data standards insofar as those complaints relate to product data requests during the relevant reporting period (item 2.7 of the reporting form). Having said that, we do expect data holders to reasonably manage all complaints they receive, and note that the ACCC is able to consider complaints it receives from the public about PRD data.
We expect data holders to report on refusals to disclose CDR data and the CDR rules or data standards relied on to refuse to disclose that CDR data (items 4.1-4.2 of the reporting form). Item 4.3, which requests the data holder state the number of times it has relied upon the CDR rules or standards cited in response to item 4.2, is an optional reporting item. Under rule 2.5, a data holder may refuse to disclose required product data in response to a request in circumstances (if any) set out in the data standards.
Examples of such circumstances in relation to product data are:
- When the number of requests the data holder is receiving is above their service level thresholds defined in the non-functional requirements section of the data standards.
- There is a valid security reason that prevents sharing PRD data temporarily or for requests considered as suspicious.
Comments
0 comments
Please sign in to leave a comment.