On 26 November 2017, the Australian Government announced the introduction of a consumer data right (CDR) in Australia. The CDR will give consumers greater access to and control over their data. It will improve consumers’ ability to compare and switch between products and services, and will encourage competition between service providers, leading not only to better prices for customers but also more innovative products and services.
The Government determined that the CDR will first apply to the banking sector, followed by the energy sector. The telecommunications sector is currently proposed to follow.
The introduction of CDR in the banking sector will provide consumers with access to, and the ability to safely transfer, their banking data to trusted parties.
The CDR will be introduced into the banking sector in phases. Consumer data relating to credit and debit cards, deposit accounts and transaction accounts will be made available from 1 July 2020. Consumer data relating to mortgage and personal loan data will be able to be shared after 1 November 2020.
This timetable was announced by the ACCC on 20 December 2019. Prior to this announcement, CDR in the banking sector was due to commence in February 2020. The phasing timetable that was published by the ACCC on 2 September 2019 is being updated to reflect the adjusted timetable. The table is currently out of date and ACCC staff will revise the table in early 2020.
As the lead CDR regulator, the ACCC has been given a number of new roles including:
- making the CDR Rules
- accrediting potential data recipients
- establishing and maintaining a Register of Accredited Persons
- monitoring compliance and taking enforcement action where necessary
- recommending future sectors to which the CDR should apply
- communicating with and educating consumers and other stakeholders about their rights and obligations under the CDR.
The ACCC will work with the Office of the Australian Information Commissioner (OAIC) and the Data Standards Body (DSB) in the development and implementation of the CDR.
The OAIC are the primary complaints handler under the CDR scheme. The OAIC will have a range of investigative and enforcement powers to handle privacy complaints and carry out other regulatory activities with respect to privacy. The OAIC have released a draft version of the Privacy Safeguard Guidelines.
The ACCC, OAIC and DSB have and will continue to consult extensively with industry, consumer and privacy groups, and government bodies as the CDR rolls out.
Subscribe to updates
Sign up to the ACCC’s consumer data right newsletter to receive updates on our consumer data right work for open banking and energy.
For a full list of media releases, speeches and newsletters about the consumer data right, see: