Consumer Data Right (CDR) — Australia? What’s it all about?

Manglu Balasubramanian

Open Banking is an initiative that has been billed as a disruption/opportunity in the last few years. A number of countries across the globe have introduced legislation and/or regulations to mandate the banks to “Open up their data”.

There are numerous articles and white papers on what Open Banking is and how it has been realized in various parts of the world (such as UK).

Open Banking Ecosystem (in the UK)- Consumers, Banks and TPPs

The focus for Open Banking in the UK and other countries has been the Banking/Financial industry (as the name suggests). They were focussed on unlocking the data held at Banks and make them available to TPPs (in particular Fintechs) with the consent of customers to promote innovation and competition in the Banking industry.

CDR Ecosystem (in Australia) — Consumers, Data Holders, and ADRs

Australia has taken a significantly different approach. The focus is not on a single industry/sector. The legislation is referred to as Consumer Data Right (CDR) which intends to open up the data held by banks, energy, telcos, and other sectors. Business/Organizations such as Banks, energy retailers, etc that hold consumer data are referred to as Data Holders. Entities /Businesses that are eligible (and accredited) to consume the data (referred to as CDR data) from Data Holders are referred to as Accredited Data Recipient (ADRs).

This model empowers consumers to access better products and services across multiple industries by leveraging the services of ADRs.

What are the organizations and Departments behind CDR?

Organizations/people that are behind the CDR Regime and their primary roles

1. Australian Competition and Consumer Commission (ACCC)

ACCC is the primary regulatory body for CDR.

Their responsibility includes:

• Developing the rules governing the implementation of the CDR in banking and in subsequent sectors
• Overseeing an accreditation scheme for data holders
• Approving technical standards
• Ensure compliance by participants
• Creation and maintenance of a register of ADRs and data holders

2. Data Standard Body (DSB)

DSB is responsible for developing technical standards relating to data transfer security, and consumer experience (CX).

CSIRO’s Data61 has been appointed as the Data Standards Body. The technical standards are published as Consumer Data Standards (CDS).

3. Office of the Australian Information Commissioner (OAIC)

OAIC is responsible for privacy protections related to CDR. The Privacy safeguard guidelines are available here. Their responsibility includes investigation of individual and small business consumer complaints regarding the handling of CDR data.

CDR Timelines

Simplified View of the CDR Timeline

The picture above represents the timelines that are valid at the time this article is published. Refer to the CDR rollout link for the latest information in this space.

What’s next?

In the next set of articles in this series, let’s explore how the CDR scheme benefits consumers, Data Holders, and ADRs. We will explore them with the help of a few different personas.

Personas that we will use to better understand CDR

See you in a couple of weeks when we hear from Jim about his views on what’s in it (CDR) for me?

Finally

I want to thank my colleagues Xin Chen, Randima Niroshini, Satyendra Nandipati, and Tapan Verma for their review and feedback comments. I had been on the CDR journey for the last 15+ months and these are the folks that make this a good and fun-filled learning journey.

Thank you for reading.

References:

1. Consumer Data Right
2. Getting Started with CDR
3. CDR How it works?
4. CDR Rollout timelines
5. Current CDR Providers