What’s the issue?
The Consumer Data Right (CDR) is about mobilising consumer transaction data (not just consumer data) in the banking, energy and telecommunications sectors. It will allow service providers in this industry to provide this data to competitors at the request of consumers and businesses.
The CDR legislation, which passed the Australian parliament on 1 August 2019, is inspired, in part, by the General Data Protection Regulation’s data mobility requirements introduced in the EU in 2018.
The banking sector is first off the blocks with energy and telco industries to follow.
The really interesting point to note about CDR data is that it captures more than just personal information. CDR data will capture customer data, customer name, contact details, account details, transaction data (including opening and closing balances and dates of transactions), and product data.
The CDR is designed to improve the flow of information in the economy and encourage the development of products that are customised to individual needs. The hope is that this will drive data driven growth and create a stronger economy.
Why is it important?
The CDR is important because it will be a legal requirement for service providers in affected industries and consumers and businesses will come to expect it.
The penalties are serious being up to AUD$420,000 for individuals (or AUD$2.1 million for businesses) and may be imposed for misleading conduct relating to the transfer of CDR data or breaches of the new Privacy Safeguards.
How can businesses get ready to not only comply but perform data transfers?
The CDR was supposed to take effect from July 2019 and the banks are pushing ahead with the pilot phase even though the commencement date has been delayed.
Australia’s big four banks, which dominate 80 per cent of the market, will have a huge impact on how open banking will look for Australia through their participation in the pilot program.
The legislation was passed by the Senate on 1 August 2019, however formal implementation is expected to begin in February 2020 which will require banks to make product and consumer data for mortgage accounts available.
If the Australian Competition and Consumer Commission is confident in the framework at this point, the banks will be required to publicly share consumer data about credit and debit cards, deposit accounts and transaction accounts, paving the way for the open banking regime.
So what next? Those in the banking, energy and telco sectors should prepare by:
Authors: Lisa Fitzgerald & Madison Tonkes
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.