Consumer Data Right (CDR)
Following the announcement of the national Consumer Data Right (CDR) last year and subsequent recommendations of the review into open banking in Australia the Australian Competition and Consumer Commission (ACCC) and Treasury have been undertaking consultation regarding various aspects of the proposed Consumer Data Right and, by implication, its application in Open Banking.
ACCC Chair Rod Sims, speaking at the National Consumer Data Policy Research Centre conference in July 2018 provided this precis of the CDR:
“The government announced the introduction of the consumer data right in November last year. This followed a number of government reviews and inquiries which all recommended expanding consumers’ access to their data. A pivotal report was that of the Productivity Commission which recommended an economy-wide data right for consumers in its report on Data Availability and Use.
In budget week 2017 the Treasurer announced the government’s response to the Open Banking Review. In doing so he confirmed that banking would be the first sector to which the consumer data right would apply, where it will be known as ‘Open Banking’, and that the ACCC would have the lead role in overseeing its implementation.
The CDR will be rolled out sector-by-sector, with Open Banking being followed by energy and telecommunications.
What it is
Via Open Banking the consumer data right will enable customers to safely share data, including transaction and product data, with trusted service providers, if they choose to do so. The ACCC views this as a fundamental competition and consumer reform.
It is important that we begin by defining what the CDR is, and what it is not. The CDR will give consumers the right to safely access data about them, held by businesses, and direct this information be transferred to trusted third parties of their choice. It is essentially a data portability right. This will enable consumers to benefit from the data that businesses hold about them. For example, having portable data will allow consumers to make greater use of product or service comparison sites, and to more easily switch their supplier.
What it isn’t
Importantly, the CDR is not intended to be the one stop shop for regulation and control of consumer data. Privacy rules and frameworks will continue to be the primary tools to address current and emerging privacy issues. Many in this audience will be familiar with the recent introduction of the General Data Protection Regulation or GDPR in Europe or the Australian laws on personal data. The CDR is very different, addressing very different issues.
Robust privacy protection and information security will however be a core feature of the CDR. Ensuring trust and integrity in the CDR system are essential to its success. The Open Banking report made this plain, and we will work very closely with the Office of the Australian Information Commission, or OAIC, to ensure privacy considerations are recognised.
The CDR is also not an obligation to share data with third parties. The Open Banking report is abundantly clear on this – the right is about giving consumers more control, and data sharing is only to occur with the consumer’s express consent. Taking banking as an example, customers may still go on banking the same way without ever participating in Open Banking if they do not wish to.
Open Banking is also not Open Data. Open Banking will be a defined system whereby data holders will share specified data with trusted users, at the customer’s request, with the customer’s consent, and in accordance with uses the customer has specified. In contrast, Open Data is data that is freely available to everyone to access, use and republish as they wish, without restrictions (for example, the Australian Government makes thousands of datasets freely available to the public for download at data.gov.au.
The banking industry is the first to see implementation of the Consumer Data Right, subsequently creating open banking. Open Banking will be implemented in three phases with the major banks aiming to meet the following milestones for data availability:
- July 2019 – credit and debit card, deposit and transaction accounts
- February 2020 – mortgages
- July 2020 – remaining products
The ACCC released the CDR ‘Rules Framework’ in mid-September 2018, stating that the framework will provide, “an understanding of the structure and content of proposed rules that will underpin the implementation of Open Banking, including a phased approach to implementation.”
The regulator then went on to hold a series of consultation ‘roundtables’ during early October in Sydney, Melbourne and online.
The AADL network (through DGA and ADMA) participated in this process. You may recall that we recently reached out to Members seeking input, and that feedback is being incorporated into our submission. The closing date for submission is 12 October 2018 so will share a copy of the submission with you in our next update.
In addition, Treasury previously consulted on the Treasury Laws Amendment (Consumer Data Right) Bill 2018. Submissions in response to the draft bill and explanatory notes closed last month and now additional consultation is being undertaken into the Treasury Laws Amendment (Consumer Data Right) Bill 2018 (second stage), the Designation Instrument for Open Banking and an additional proposals document.
Submissions are also due 12 October; AADL on behalf of the AADL network members will also be making a submission to Treasury and will make that submission available in our next update.
The ACCC has also announced that Data61, the Data Standards Body, has begun ongoing public engagement. Further information regarding work underway on information security, API standards and consumer user experience will be available in due course via a yet to be launched, purpose built website.
CDR consultations are moving at an intense pace. We understand that the timelines are being driven by government but have expressed our concerns regarding the short consultation opportunities.
Given that the CDR has the potential to impact on multiple industry sectors either directly or indirectly it is imperative that all industry sectors monitor the situation closely and help shape the future of Australia’s digital economy. DGA will provide a bridge to information and a voice for members in that active dialogue.
DGA provides regulatory guidance to Members, subscribers and participants. The information provided is general in nature only; it is not comprehensive and does not constitute legal advice. You should obtain legal or other professional advice before acting or relying on this information.