©2018-2019 by The GRC Institute - Governance, Risk & Compliance.  ABN: 42862119377

The Data Revolution: The Consumer Data Right

December 5, 2018

 

 

The Consumer Data Right (CDR) is just around the corner.

 

The banking industry will be the first to be affected by CDR with the open banking regime coming into effect from the 1 July next year.

 

In September, the Consumer Data Right (CDR) exposure draft legislation was submitted to the Treasury. At the Office of the Australian Information Commissioner (OAIC) was calling for further clarity around the boundaries and clarity around the principles of the framework.

Yesterday, Treasurer, Josh Frydenberg said that the introduction of the legislation to parliament this week will mark the beginning of a ‘data revolution’ in allowing consumers to access data and give consent for third parties to have access to data being held about them. 

 

“This means people’s actual circumstances can be more accurately taken into account when engaging with product and service providers. It will allow consumers to more easily compare prices, switch between products and providers and have products and services customised to their individual needs,” he said.

 

Frydenberg explained that the CDR regime would be overseen by the Australian Competition and Consumer Commission (ACCC), the OAIC and the Data Standards Body.

 

Are there still challenges?

Early last month the consultation on the Rules Framework was closed and they received 55 submissions for a range of bodies from different industries. Some of the submissions raised questions around some of the more technical details of the regime.  

 

In their submission, the Commonwealth Bank of Australia (CBA) expressed concern that the only small number of consumers would benefit from the regime due to some ‘complex problems that require significant industry consultation.’

 

They were concerned that the rules that related to historical data were not consistent with the that of the policy principles of the incoming CDR regime.

 

The bank also said that there needed to be more consultation on that they define as the intermediary model which includes concern around informed consent and cybersecurity.

 

“While ambitious timeframes for the banking sector presents challenges (and means that many work streams will need to be taken in parallel), Commonwealth Bank strongly supports a cost-benefit analysis being conducted as part of the Regulatory Impact statement for the sector. The ACCC is well placed as a regulator to assist with this analysis and ensure that it informs the ongoing implementation of the CDR regime, through rules.”

 

In their response, Westpac talked about the issue of trust in the CDR regime much the way the banking system itself is dependent on trust. Westpac highlighted that in recent research conducted by the RFI showed that Australian consumers trust their major financial institutions with their data more than other institutions.

 

The member of the big four recommended investment in education to ensure that consumers understand the CDR a bit better.

 

When referring to the open banking regime, they call for a robust regime and framework for when the open banking comes into play next year.

They also highlighted there some challenges around some of the more technical aspects, like around the deleting data.

 

They highlighted few privacy safeguards which they found to be too restrictive.

 

Their submission highlights that the privacy safeguard (PS) four is more astringent than APP4 which requires entities to destroy unsolicited CDR data. They also highlighted how this can conflict with the General Data Protection Regime (GDPR), they suggest that it should be changed to reflect the APP4 which only asks that the data be de-identified.

 

Like CBA, the ANZ also expressed some concern about some of the implementation issues.

 

“Thus, if an operational or legal issue arises as market participants are implementing and participating within the CDR framework which has not been covered by a rule, it may be useful if the Commission were able to release a position on the issue.”

 

In their submission, they expressed concerns about data fields that cannot feasibly be included in the initial version of the CDR rules, they expressed issues around accounts that have more than one account holder.

 

The bank also had questions around reciprocity for the initial phase.

 

“We would note, however, that the Commission’s proposal that accredited data recipients be obliged to share received CDR data with non-accredited data recipients (at the customer’s direction) is a form of reciprocity. We have difficulty understanding how this is feasible for the initial 4 phase of the rules but a form of reciprocity that involves accredited data recipients making ‘equivalent’ data available for transfer at the customer’s request is not.”

 

The government hopes that the CDR will make services more consumer centric.

 

“This reform will implement commitments made by the Government in response to our Review into Open Banking in Australia and the Productivity Commission’s Data Availability and Use Inquiry,” The Treasurer said.

 

Please reload

Suggested Posts
Please reload

Tags
Please reload