This year has been a remarkable year for Australia’s Consumer Data Right (CDR), with developments aimed at new functionality, new coverage, extended participation, improved operation, and simplified consents.
The CDR already empowers Australian banking and energy customers to share their data with those they choose, applying to 114 banking brands and the country’s three largest energy providers. With new innovative use cases already emerging, this year’s developments should further expand CDR’s application and usability.
This article summarises the top five developments of 2023: embracing action initiation, empowering Open Finance, enabling broader participation, improving consent frameworks, and examining screen scraping.
Initially, the CDR enabled only ‘read access’ functionality for customers to consent to their data being shared with accredited third parties. However, shortly after its commencement, it was decided that it should be extended to include action initiation. This introduces an expansive ‘write access’, allowing customers to authorise actions to be initiated on their behalf, such as making payments, moving funds between accounts, opening or closing accounts, switching providers, or updating details across multiple accounts.
This year saw the action initiation legislation receive bipartisan support in the Australian Senate Committee so that only the logistical process for passing the legislation remains before action initiation is in the law. This will be a critical pivot for the CDR and present significant new opportunities for participants. Although further consultation and Ministerial declarations are required to ‘turn on’ action initiation for particular actions and data holders, when effective, it will enable customers to use the CDR to authorise others to take actions on their accounts (in banking, and beyond banking too).
The CDR already applies to all Australian banks and most of their customers’ accounts, including mortgages, credit card accounts, loans, and deposit accounts. It is not limited to the biggest banks or payment accounts. In this way, the CDR is already more ‘Open Finance’ than just ‘Open Banking’.
This year saw the extension of the CDR to further empower Open Finance with the inclusion of non-bank lending. This empowers data-sharing by customers of corporations who provide finance as part of their business activities, including non-banks who offer or supply goods or services in connection with taking deposits, making advances of money, leasing goods, and purchasing payment facilities. It also includes Buy Now, Pay Later products.
This inclusion is intended to further improve financial outcomes for individual and business customers and further encourage innovation in the fintech sector.
The CDR enables a customer to share their data with accredited entities, other entities that are sponsored by, or which represent, accredited entities, outsourced service providers, and particular ‘trusted advisors’ of the customer (such as accountants, lawyers, and financial advisors). Some refinements were made to these requirements in 2023 to enable more efficient participation and more are forthcoming.
More significantly, participation in the CDR was further broadened this year by establishing a process to enable business customers to share their business data with recipients outside of the CDR ecosystem, such as bookkeepers, consultants, and software providers. It is expected that this expansion will increase small business participation in the CDR and enable collaboration between accredited entities and accounting platforms, particularly those that serve small businesses.
The CDR already requires that a customer’s consent to data sharing be express, clear, and specific. This requirement has been incorporated into the mandatory standards applicable to the CDR. However, to support a better consumer experience while maintaining key consumer protections the government has been exploring opportunities to simplify the consent rules and standards.
Key proposals have been made by the Government to enable recipients of customer data to:
bundle customer consents where it is reasonably required for the service requested by the customer,
pre-select or clearly indicate datasets, specified uses, and consent durations where their selection is essential for the service by the customer, and
de-identify customer data at any time if the customer has provided a de-identification consent.
These proposals are part of a consent consultation which is extensive and detailed. Further changes of this nature can be expected in the future too.
Few topics have been as controversial as screen scraping. Whilst screen scraping cannot be used for sharing data under CDR, it is not otherwise prohibited. However, two reviews for the Government have recommended that its prohibition be considered once the CDR becomes a viable alternative.
Progress has now reached a formal consultation stage, to gather evidence on the extent of screen scraping’s use, the risks involved, the compatibility with the CDR, and overseas regulation. Whilst the consultation does not make any proposals, the government has given clear messages that the CDR is a safer alternative for customers to share their data and that consumer protection is a primary concern.
These are not this year’s only changes to the CDR. Steps have also been taken to improve data quality, customer dashboard functionality, and authentication uplifts. All of these developments are expected to deepen the place of the CDR in Australia’s digital economy and create space for further use cases to grow so that practical benefits are provided to Australian customers. The current agenda suggests that these developments will continue, demonstrating the importance of an innovative, productive, integrated, and competitive data ecosystem in Australia’s future. There are more exciting developments ahead for Australia’s Consumer Data Right so that it can make a real, lasting difference for customers.
This editorial piece was first published in the Open Finance Report 2023. We encourage you to download the report and find out the latest trends and developments in the world of Open Banking and Open Finance, as the road to Open Data continues.
Dr. Scott Farrell is now a Strategic Counsel in the Sydney office of King & Wood Mallesons, having been a senior partner for many years. Scott has led the Australian Government reviews which designed and developed Australia’s Consumer Data Right and now advises international governments and regulators on these frameworks. Scott is an Adjunct Professor at UNSW Sydney Law School.
Max Allan is a Partner in the Sydney office of King & Wood Mallesons. Max advises public and private sector clients on financial markets and systems matters, including on new legal and regulatory frameworks such as the Consumer Data Right. Max frequently participates in financial markets and systems law reform and has been deeply involved in the design and development of the CDR since its creation.
King & Wood Mallesons is the top-tier international law firm, from Asia, for the world. Underpinned by world-class capability, with over 3000 lawyers in 32 global locations, we draw from our Western and Eastern perspectives to deliver incisive counsel. We work with the industry-makers, nation-builders, and market-disrupters to drive growth and power innovation.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now