The ACCC has amended the Consumer Data Right Rules to permit accredited intermediaries to collect data on behalf of third party data recipients, with consumer consent.

These amended rules mean accredited businesses can now ask other accredited businesses to obtain consumer data on their behalf, and are intended to facilitate greater participation in the Consumer Data Right by fintech firms.

The changed rules will, for example, allow an accredited business to use outsourced IT infrastructure and software of an accredited intermediary to connect to data holders’ APIs, rather than have to build their own.

“This is the first in a series of measures to reduce the time and cost to enter and operate in the Consumer Data Right ecosystem,” ACCC Commissioner Sarah Court said.

“The rule changes also make it easier for businesses who currently rely on outsourced services to join the Consumer Data Right, and reflect our ongoing goal of facilitating a wide range of business arrangements within the Consumer Data Right.”

“All businesses being accredited by the ACCC go through a rigorous process to ensure they meet appropriate security requirements. These amendments do not change those rigorous controls,” Ms Court said.

“We are pleased by the interest already shown from businesses who want to join the Consumer Data Right.”

“We look forward to more and more businesses joining the Consumer Data Right ecosystem, and delivering increased competition and innovation for consumers and the wider Australian economy,” Ms Court said.

New Rules consultation announced

The ACCC has also this week announced consultation on proposed new consumer data rules. This includes proposals for new levels of accreditation, expanding the Consumer Data Right to business customers and a range of other measures. Details of the consultation and guidance on how to participate in the consultation process have been published in the CDR newsletter and on the ACCC website.


The ACCC made the Competition and Consumer (Consumer Data Right) Amendment Rules (No. 2) 2020 in February.

The intermediaries rules have been made following consent from the Treasurer and will come into effect on 2 October 2020.

These amendments expand the provisions that relate to use of outsourced service providers.

Consumers will be informed during the consent process if an intermediary provider may collect their CDR data, and must be shown the provider’s name and accreditation number.

The ACCC is progressing enhancements to the Consumer Data Right Register to accommodate the amendments, which will be available to new and existing accredited data recipients from November 2020. The amendments do not impose additional build requirements for banks as data holders.