Back to list

What will the new Consumer Data Rights (CDR) mean to you and your business?

Tuesday 10, Mar 2020

The CDR intends to improve the ability of Australian consumers to compare and switch between products and services and encourage competition between businesses.  Consumers will be able to access data on their own consumption of goods and services and direct custodians of their data to share it with accredited third parties. The CDR has significant regulatory requirements to be met, particularly with ensuring consumer privacy

The CDR is a co-regulatory model with the Australian Competition and Consumer Commission (ACCC) and Australian Information Commissioner (OAIC). ACCC is currently in consultation with the banking sector around the Rules and implementation roll out. New opportunities for consumers and business, come with new risks to be considered and managed.

Key considerations for SOCAP members:

  • Understand what the ACCC rules will mean to your organisation
  • Consider the implications of holding consumer data. 
  • Be aware of the strict rules for what you will need to tell consumers upfront.
  • Review your consent processes: if consumers are sharing information through the CDR, valid consent is needed
  • How will you ensure organisational compliance?
  • If you are an ADI, apply to ACCC to be an accredited data recipient - in readiness for consumers on the move
  • Be ready to respond to consumer queries and complaints, potentially on all parts of the CDR.

While the Data Standards Body (currently CSIRO’s Data61) is not a regulator of the CDR it has developed the standards that underpin the transfer of CDR data between participants. The ACCC role doesn’t include approving the technical data standards, rather it includes developing the rules and an accreditation scheme to govern CDR implementation and ensuring participant compliance. Extensive engagement will continue throughout roll out of the CDR.  

Internal dispute resolution and eternal dispute resolution for participants is also covered by the CDR rules. For the CDR in the banking sector, participants must comply with ASIC’s Regulatory Guide 165 and be a member of the Australian Financial Complaints Authority (AFCA).  
For more information or to receive updates on CDR work for open banking and energy, visit the ACCC website.