Published on the 13/11/2018 | Written by Jonathan Cotton

Inside Australia’s ambitious consumer data standard…

Currently Australians have little control over how their data is used, but all that’s about to change: Now a year after its commission, the Consumer Data Right Rules Framework has been released. But what does it mean for business?

The Consumer Data Right finds its origin in last year’s Review into Open Banking in Australia. Following that review the Government decided to create a ‘Consumer Data Right’ to tackle some of the ramifications of the introduction of open banking platforms and ‘to give Australians greater control over their data, empowering customers to choose to share their data’.

Simply put the Consumer Data Right (CDR) provides individuals (and individual businesses) with a right to access specified data related to them when held by businesses and to direct that the information to trusted and accredited third parties.

“There are some potentially significant imposts which could have substantial compliance cost and data innovation impacts.” 

To encourage new opportunities for fintech startups, consumers (mainly millenials – more on that in a bit) and foot-dragging banks, the Federal Government will create legislation which, once in place, will see certain sectors forced to make a range of customer data available in a machine-readable format.

And it’s about a whole lot more than banking. The idea is that once implemented in the banking sector (phasing in July 2019), the framework will be extended to the energy and telecommunications sectors, and then rolled out economy-wide on a sector-by-sector basis.

The ACCC is charged with developing the rules and governing the implementation of the CDR, as well as approving technical standards and taking enforcement action to ensure compliance by participants. Data61 has been appointed as the interim standards body. Complaints will be received by The Office of the Australian Information Commissioner.

The framework has been released to allow organisations – starting with those banks – a chance to come to terms with the new requirements.

It’s a positive step, but also a big one, and one which will likely have ramifications that reach far beyond finance.

“The introduction of a Consumer Data Right in Australia is a fundamental competition and consumer reform,” says ACCC Chairman Rod Sims. “This new right will improve consumers’ ability to compare and switch between goods and services on offer.

“We expect the scheme to encourage competition between service providers, leading not only to better prices for customers but also more innovation of products and services.”

But is the populace ready? Early research from Accenture found that two-thirds of Australian consumers are unwilling to share their financial data with non-banking organisations. But opinions can change quickly: The survey also found that younger consumers are far more willing than older ones to share their data with third-party providers, and eight times more likely than baby boomers to say they would use social media or an online merchant to initiate payment transactions – 58 percent of millennials and Gen Zers, compared with just seven percent of baby boomers.

So there’s will there, but what could go wrong as Australia seeks to radically rebalance the relationship between consumer and businesses?

That’s a question not yet fully addressed. For example, according to the letter of the report, CDR data that companies are potentially obligated to share includes information that a company has augmented with it’s own customer data. Are these insights then up for grabs? And can such data holders charge a fee for sharing? And who decides?

What about compliance costs? Will the required development of APIs and mechanisms for receiving and complying with customer requests be offset somehow? There was talk of a levy – is that still a possibility?

And how does the CDR integrate with the EU’s GDPR? Are there unintended consequences that could result? And what about the privacy issues?

“While the mantra of the new CDR is all about consumer choice and competition, there are some potentially significant imposts which could have substantial compliance cost impacts on the data providers and could impact on data innovation,” says Arvind Dixit, partner at law firm Corrs Chambers Westgarth.

“Organisations will need to be set up so that they can properly deal with the requirements of the [CDR’s] Privacy Safeguards,” he says. “This may necessitate keeping CDR data segregated from other business data so that the specific requirements of the Privacy Safeguards can be complied with. If an organisation is also subject to the EU General Data Protection Regulation (GDPR), this could potentially mean having three sets of segregated data which cannot be mixed.”

Read the ACCC’s Consumer Data Right Rules Framework.