ACCC releases Consumer Data Right draft framework for comment
- 12 September, 2018 14:43
The ACCC is calling for industry and public feedback on developing rules supporting Australia’s Consumer Data Right (CDR), a regulatory framework enabling consumers to share their personal data with trusted service providers.
CDR is a construct based on giving consumers the ability to take control of personal data, such as information on transaction and product history, and share it with service providers of their choice. Its initial application will be in banking sector under the ‘Open banking’ regime.
Over time, sectors such as energy and telecommunications will also fall under the CDR reform.
Officially opening up the submissions process today, ACCC commissioner, Sarah Court, said it is important consumers, businesses and stakeholders have transparency over the ACCC’s approach in setting up detailed rules around CDR.
“The overarching principle the ACCC will take is to implement the Consumer Data Right in a way that provides benefits to consumers, without compromising data security,” she said. “The CDR will be a major change in the way consumers can use their data and consulting the views of consumers and businesses is a top priority for the ACCC.”
First unveiled in November by the Federal Government, the launch of the CDR was prompted by the Productivity Commission’s recommendation for a data right for consumers in its report, Data Availability in Use.
In its May Federal Budget, the Government announced it was outlaying $44.6 million over four years to get CDR off the ground. The ACCC was put in charge of determining costs and benefits as well as developing the rules governing the data right and contents of standards.
The intention is for the four major banks to make data available on credit and debit card, deposit and transaction accounts by 1 July 2019, and mortgages by 1 February 2020. According to the proposed rules framework, the rest of the banking fraternity, as well as small subsidiary businesses owned by the big four, will have an additional 12 months to get on-board.
Under the proposed rules, the CDR will enable consumers to direct a data holder to share their data with either an accredited data recipient they have provided their consent to, or the consumer directly; and that a data holder will also make certain generic product data available. A consumer’s express and informed consent will be required for any such data exchange.
The ACCC also proposes data sharing must occur via an API, and that in the first instance at least, data sharing is not subject to fees. Initially, CDR will be restricted to current customers and not encompass prior customer data.
In addition, the draft legislation states data resulting from ‘material enhancement by the application of insights, analytics or transformation by the data holder’ is not within the scope of the Open Banking framework and that its scope is for digital-based data sets only.
At a minimum, customer data available will include customer name, contact details, account number, payee lists and direct debit authorisation, account-level information and account-level contact details and any unique identifiers associated these data sets. Transaction data, meanwhile, includes opening and closing balances, transaction dates, relevant identifiers, amounts, any descriptions about a transaction by either consumer or data holder, and other category information. Product data then includes type, name, pricing, fees and charges, features and benefits, terms and conditions and customer eligibility criteria.
In a speech detailing both the CDR as well as the Government’s ongoing Digital Platforms Inquiry into the potentially detrimental impact of next-generation digital platform giants on Australia’s media and advertising competition, ACCC chair, Rod Sims, said the two intertwined issues are about ensuring both businesses and consumers benefit from increased application of data in products and services.
“Big data is one of the defining megatrends affecting our present and shaping our future,” Sims said at the recent Consumer Data Conference. “We live in a world in which the importance and value of data has increased significantly for businesses, allowing them to target their consumers in ways that were previously unheard of, and the volume of data that is routinely harvested has become almost incomprehensible.
“The genie is out of the bottle, now we have to decide what to do with it.”
The deadline for submissions on CDR rules is 12 October, with publication of the drafted rules then due to be put forward as legislation in December. CSIRO’s Data 61 unit is working with the ACCC to develop the technical standards supporting data transfer and use.