book a virtual meeting Search Search
brisbane

one eagle – waterfront brisbane
level 30, 1 eagle street
brisbane qld 4000
+61 7 3235 0400

dandenong

40-42 scott st,
dandenong vic 3175
+61 3 9794 2600

melbourne

level 7, 600 bourke st,
melbourne vic 3000
+61 3 8615 9900

sydney

grosvenor place
level 11, 225 george st,
sydney nsw 2000
+61 2 8298 9533

hello. we’re glad you’re
getting in touch.

Fill in form below, or simply call us on 1800 888 966

consumer data right formally commences in the banking sector

14 February 2020
jason kaye greta walters
Read Time 3 mins reading time

The Australian Competition and Consumer Commission (ACCC) has released the final Competition and Consumer (Consumer Data Right) Rules (the Rules), which will underpin the roll-out of the Consumer Data Right (CDR) regime in Australia.

The Rules address both the general rights of consumers to request CDR data, and the obligations imposed on data holders in responding to such requests. They also contain specific guidance on how the CDR provisions will be implemented initially across the banking sector.

what is the CDR, and why do we have it?

In late 2017, the Federal Government announced its plan to introduce a CDR in Australia, with a view to providing Australians with greater access to and control over their own data. Described as a “data portability right”, it is intended to enable consumers to direct companies that hold their personal data to share it with third parties of the individual’s choice.

Interestingly, it is not only individual consumers who will be able to exercise this right, but also business consumers. This is an important aspect as it means that businesses will be better equipped to access their data and share it with trusted recipients (e.g. comparison websites or competing service providers), which will support their ability to negotiate better deals and gain access to more competitive pricing for services.   Importantly, this is quite a departure from Australia’s current Privacy regime, which applies only to the personal information held about identified or identifiable individuals.

The CDR has been established through amendments to the Competition and Consumer Act 2010 and the Privacy Act 1998.  The ACCC is taking the role of lead Regulator in this regime.  If you are interested in learning more about the rationale behind introducing the CDR in Australia, please see our previous article published in June 2019 where we discussed the release of the draft Rules.

what is the timeline for implementing the CDR?

The CDR will be rolled out in phases in specific industry sectors.

Firstly, the CDR will be implemented in the banking sector over a two-year period. This was originally due to commence in February 2020, but has since been delayed to mid-2020.

Following the implementation of the CDR in the banking sector, it will subsequently be rolled out in the energy and telecommunication sectors.

what data will be shared in the banking sector?

The Rules mandate the four major banks (ANZ, Westpac, Commonwealth Bank and NAB) to share “product reference data” with accredited data recipients. Product reference data includes interest rates, fees, charges, and eligibility criteria for credit card and mortgage products. Practically, this has little effect, as the four major banks commenced sharing product reference data from July 2019 on a voluntary basis.

The release of the final version of the Rules confirmed further consumer data sharing obligations in the banking sector, including:

  • consumer data relating to credit and debit cards, deposit accounts and transaction accounts, which must be made available by major banks from 1 July 2020; and
  • mortgage and personal loan data, which must be made available by the major banks from 1 November 2020.

In contrast, the mandatory consumer data sharing obligations for non-major Authorised Deposit-taking Institutions (ADIs) are planned to come into effect in July 2021.  Currently, the ACCC is seeking views from industry for the commencement of consumer data sharing by the non-major ADIs until 21 February 2020.

If you are involved in the banking sector (whether as a financier, tech or service provider, or intended data recipient) we can assist you in complying with your obligations under the Rules. Alternatively, if you are a business interested in knowing more about its rights under the CDR, please do not hesitate to contact a member of our Trade team.

The information contained in this article is general in nature and cannot be relied on as legal advice nor does it create an engagement. Please contact one of our lawyers listed above for advice about your specific situation.

stay up to date with our news & insights

consumer data right formally commences in the banking sector

14 February 2020
jason kaye greta walters

The Australian Competition and Consumer Commission (ACCC) has released the final Competition and Consumer (Consumer Data Right) Rules (the Rules), which will underpin the roll-out of the Consumer Data Right (CDR) regime in Australia.

The Rules address both the general rights of consumers to request CDR data, and the obligations imposed on data holders in responding to such requests. They also contain specific guidance on how the CDR provisions will be implemented initially across the banking sector.

what is the CDR, and why do we have it?

In late 2017, the Federal Government announced its plan to introduce a CDR in Australia, with a view to providing Australians with greater access to and control over their own data. Described as a “data portability right”, it is intended to enable consumers to direct companies that hold their personal data to share it with third parties of the individual’s choice.

Interestingly, it is not only individual consumers who will be able to exercise this right, but also business consumers. This is an important aspect as it means that businesses will be better equipped to access their data and share it with trusted recipients (e.g. comparison websites or competing service providers), which will support their ability to negotiate better deals and gain access to more competitive pricing for services.   Importantly, this is quite a departure from Australia’s current Privacy regime, which applies only to the personal information held about identified or identifiable individuals.

The CDR has been established through amendments to the Competition and Consumer Act 2010 and the Privacy Act 1998.  The ACCC is taking the role of lead Regulator in this regime.  If you are interested in learning more about the rationale behind introducing the CDR in Australia, please see our previous article published in June 2019 where we discussed the release of the draft Rules.

what is the timeline for implementing the CDR?

The CDR will be rolled out in phases in specific industry sectors.

Firstly, the CDR will be implemented in the banking sector over a two-year period. This was originally due to commence in February 2020, but has since been delayed to mid-2020.

Following the implementation of the CDR in the banking sector, it will subsequently be rolled out in the energy and telecommunication sectors.

what data will be shared in the banking sector?

The Rules mandate the four major banks (ANZ, Westpac, Commonwealth Bank and NAB) to share “product reference data” with accredited data recipients. Product reference data includes interest rates, fees, charges, and eligibility criteria for credit card and mortgage products. Practically, this has little effect, as the four major banks commenced sharing product reference data from July 2019 on a voluntary basis.

The release of the final version of the Rules confirmed further consumer data sharing obligations in the banking sector, including:

  • consumer data relating to credit and debit cards, deposit accounts and transaction accounts, which must be made available by major banks from 1 July 2020; and
  • mortgage and personal loan data, which must be made available by the major banks from 1 November 2020.

In contrast, the mandatory consumer data sharing obligations for non-major Authorised Deposit-taking Institutions (ADIs) are planned to come into effect in July 2021.  Currently, the ACCC is seeking views from industry for the commencement of consumer data sharing by the non-major ADIs until 21 February 2020.

If you are involved in the banking sector (whether as a financier, tech or service provider, or intended data recipient) we can assist you in complying with your obligations under the Rules. Alternatively, if you are a business interested in knowing more about its rights under the CDR, please do not hesitate to contact a member of our Trade team.