Consumer data right (CDR)

The following guidance clarifies when two data holders may agree who will respond to product data requests in respect of a white label product and, if they do this, which data holder remains accountable for the obligation under the rules.

Background

In response to stakeholder enquiries, we are providing guidance about product data requests and white label products under the Consumer Data Right Rules.

White label products are typically created and operated by one entity (a white labeller), and branded and retailed to consumers by another entity (a brand owner). In banking, white labelling is particularly common in credit cards and home loans.

Banking white labellers are often authorised deposit-taking institutions (ADIs) and some brand owners in banking are also ADIs. As ADIs, they will be subject to data holder obligations under the Consumer Data Right Rules, though when those obligations commence may differ. Other brand owners are non-ADIs like supermarkets or airlines who will not have data holder obligations under the Consumer Data Right Rules unless they choose to become accredited.

Our approach below assumes there will be a data holder, but we note that in some limited circumstances where there is no ADI, there may be no data holder with an obligation to respond to a product data request.

Responding to product data requests

Where there is a single data holder involved in providing a white label product (whether that is the white labeller or the brand owner), the ACCC expects the data holder to respond to product data requests in relation to the product.

Where there are two data holders involved in providing a white label product (for example, where a brand owner bank distributes a credit card on behalf of a white labeller bank) the ACCC expects the data holder that has the contractual relationship with the consumer to respond to product data requests. We understand that the data holder that has the contractual relationship with the consumer is generally the white labeller.  The other data holder may also respond to product data requests. However, in the interests of avoiding unnecessary duplication, we do not propose to treat this as mandatory.

The data holder that has the contractual relationship with the consumer (e.g. the white labeller) may agree with the other data holder (e.g. the brand owner) that the brand owner will perform that obligation on behalf of the white labeller.  In this example the white labeller, as the data holder that has the contractual relationship with the consumer, remains accountable for the performance of the obligation by the brand owner.

Product data to be disclosed

For products such as credit cards that have an exemption from the regulatory obligation to provide a Product Disclosure Statement under the Corporations Act, the ACCC interprets the reference to ‘product disclosure statement’ in Rule 2.4 as covering equivalent or similar pre-contractual disclosures required by law.

Next steps

The ACCC understands there is a wide variety of white label arrangements in the banking sector and beyond. We are open to discussing any aspect of the guidance above with stakeholders for whom this may pose compliance issues, especially those with complex white labelling arrangements.

This guidance relates to product data requests only. It does not affect consumer data request obligations in respect of white label products.

We intend to engage with key stakeholder groups regarding our approach to consumer data requests in the coming months. Interested stakeholders may also approach the ACCC to provide comments on the guidance or seek a discussion via the Consumer Data Right inbox at ACCC-CDR@accc.gov.au.

Thank you to all those who provided us with submissions to the minor amendments to the Rules. We look forward to receiving your submissions to our consultation on the future expansion of the Rules.