Consumer Data right effective today

July 1, 2020 |

The 1st July 2020 is the commencement of the Consumer Data Right.  Under the legislation consumers an request their banks to share data for deposit and transaction accounts as well as credit and debit cards.  As of today there are two accredited data recipients however a further 39 providers have started the process.  Data from home, personal and investment loans and joint accounts will commence on 1 November.

The regulatory structure is interesting.  There are two regulators who will be responsible for regulation, the ACCC and the OAIC.  They come from two ends of the spectrum.  The ACCC is a good regulator by Australian standards while the OAIC is a dreadful regulator by any standards.  The ACCC is run by a thoughtful and insightful chairman, I can’t recall who runs the OAIC.  The Compliance and Enforcement Policy is found here.

The Information Commissioner issued a press release regarding the Commissioner’s privacy regulation.  It provides:

Businesses offering services under the Consumer Data Right (CDR) which starts today are required to meet strict privacy and security obligations so consumers can share their data with confidence.

The Office of the Australian Information Commissioner (OAIC) is responsible for regulating privacy under the CDR system, which begins in the banking sector from 1 July 2020.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said ensuring CDR providers understand and comply with the privacy safeguards is a key priority for the OAIC.

“The start of the Consumer Data Right in the banking sector today is an important step forward in giving consumers more choice and control over their data,” Commissioner Falk said.

“This reform introduces significant changes to information sharing practices, encourages competition and innovation, and is designed to safeguard consumer privacy.

“By providing a secure and convenient way to transfer data to an accredited provider of their choice, it will allow consumers to access a new service or find a better deal.”

Commissioner Falk said the OAIC will assess and enforce compliance with the privacy safeguards and handle consumer complaints from individuals and small business.

“Strong privacy and accountability measures are built into the system and will be enforced by the OAIC and the Australian Competition and Consumer Commission,” Ms Falk said.

CDR data holders and accredited data recipients can access a range of guidance and advice on the OAIC website to help them comply with their obligations to consumers.

This includes the CDR Privacy Safeguard Guidelines and a new CDR Regulatory Action Policy which explains the OAIC’s powers and how it will exercise them.

A joint Compliance and Enforcement Policy outlines how the OAIC and ACCC will exercise their co-regulatory powers and encourage compliance with the Consumer Data Right Rules and legislation, including the Privacy Safeguards, and Consumer Data Standards developed by the Data Standards Body, CSIRO’s Data61.

Information for consumers about their privacy rights under the Consumer Data Right system is also available at

The guidelines are found here.

Leave a Reply