Every click, scroll and purchase you make creates data. This information, which often has little physical presence beyond the hum of warehouse data centres, is increasingly valuable.

You're the reason it exists, so shouldn't you control it?

The Consumer Data Right (CDR), which begins to come online mid-year, aims to give Australians more agency to access and control parts of their personal information.

The government calls it a "game changer", but critics fear that without careful consideration, it could have serious privacy implications, among other concerns.

After the bumpy rollout of another ambitious digital project, My Health Record, some are advising caution.

What is the Consumer Data Right?

Think about your home loan rate or a record of your transactions held by a bank, or even usage data from an electricity company.

The CDR should provide you, as an individual or business, a means of accessing that information and moving it to a third party of your choice — another bank, for example, to see if you can get a better deal.

Linda Przhedetsky, a policy and campaigns adviser with Choice, called it a "data portability right".

"It gives consumers the ability to access their data about products and services in a convenient format," she explained.

When introducing the bill in Parliament, Treasurer Josh Frydenberg said the CDR would "support better price comparison services … and promote more convenient switching between products and providers".

While you can already ask for your data under Australia's privacy rules, ideally the CDR will provide a standardised and safe way to port it elsewhere, according to Lauren Solomon, chief executive of the Consumer Policy Research Centre.

It's hard to understand where your data is going and what it's being used for. ( News Video )

Who will run it?

When the Treasurer decides a sector of the economy like the power companies should roll out the CDR, the Australian Competition and Consumer Commission (ACCC) will work out the fine print.

The Office of the Australian Information Commissioner, however, will be in charge of handling complaints if your data is misused.

When is this happening?

Also known as open banking, Australia's four major banks will make product data about things like credit cards available under the CDR from July 1 (this deadline is being criticised as too soon by some groups, but more on that later.)

Personal banking information will come online in early 2020.

Energy and telecommunications are up next, with others to be named in the future.

Currently, the Senate Standing Committee on Economics is examining the bill and will report soon.

How will consumers be protected?

As with any new law, there are concerns about unintended consequences — especially for vulnerable groups.

Choice, for instance, wants to ensure the bill protects Australians from unfair price discrimination and problematic targeting by marketers and advertisers using CDR-obtained data.

Consider a scenario where a third party provides credit card comparisons using banking data released through the CDR.

If that provider's parent company offered other services, such as payday lending, it would be important that CDR data is not also used to market payday loans to high-risk customers.

The CDR does have privacy safeguards built in: the use of CDR data for direct marketing is not allowed, for example, unless consented to by the CDR consumer.

But groups such as Choice want more specific protections against practices that could exploit customers.

After all, we already "consent" to a lot when we use online services, and click "accept" on terms and conditions without reading them.

"Telling people how data is used or will be used will not stop unscrupulous practices, so the system should prevent poor practices before they emerge," Ms Przhedetsky said.

A Treasury spokesperson said CDR's standard of consent will be "express, informed, current, clear, specific, unbundled and time-limited" — a process it will test before personal information is made shareable in February 2020.

On the other hand, Peter Leonard of the Law Council of Australia warned the legislative rules shouldn't be so onerous to implement that the system never gets off the ground.

What matters is how the CDR will operate in practice in each sector, he suggested.

He pointed out that energy data might be considered less sensitive than banking data, and may need a different level of protection.

"We're trying to design a Swiss army knife — legislation that does everything for every sector," he said.

"The risk to consumers in each sector is markedly different."

How could this affect privacy?

The CDR is not the only change we can expect when it comes to local data and privacy rules.

As the CDR is being developed, the competition regulator is taking a close look at Facebook and Google and their effect on Australia's economy.

It has suggested changes to our privacy laws may be needed, such as a right to delete your data.

The Government is also working towards legislation that will allow more public sector data to be shared.

The Consumer Policy Research Centre's Ms Solomon is concerned that without wholesale change to federal privacy laws and data protection, Australia's approach will be "unsustainable or piecemeal".

The UK, for example, recently introduced open banking — an approach that's being closely followed by the CDR.

But that country also has the General Data Protection Regulation, which gives consumers in the European Union a high level of agency and control over their information.

Critics who think the CDR is being rushed have pointed out that Europe's General Data Protection Regulation took several years to negotiate. In contrast, Australia formally committed to the CDR only in 2018.

"We're really supportive of the CDR being implemented, if it gives consumers genuine control and choice and empowerment," Ms Solomon said.