Consumer data right

ING Bank pays penalties for alleged breaches of Consumer Data Right Rules

ING Bank (Australia) Limited has paid penalties totalling $53,280 for allegedly failing to comply with Consumer Data Right (CDR) Rules and making a false or misleading representation to consumers, after the ACCC issued it with four infringement notices.

The ACCC alleges that ING Bank missed three important legislated deadlines and made a misleading statement to consumers on its website about the reliability and security of its CDR service.

iSignthis refused Consumer Data Right accreditation

The ACCC has refused Consumer Data Right (CDR) accreditation to iSignthis Australia Pty Ltd (iSignthis), as the ACCC was not satisfied iSignthis would be able to comply with the obligations of an accredited data recipient under the CDR Rules.

“We refused to accredit iSignthis because we were not satisfied on the material before us about iSignthis’s data security protections, insurance and whether it is a fit and proper person to be accredited,” ACCC Commissioner Peter Crone said.

ACCC launches CDR Sandbox to assist participant design, build & testing

The ACCC has this week launched the Consumer Data Right (CDR) sandbox, a free tool that enables existing and potential CDR participants to better test and improve their CDR solutions, reducing time and cost in the process of becoming an active CDR participant or updating their CDR offering.

The CDR Sandbox is a hosted environment that behaves and functions like the actual CDR ecosystem. The Sandbox will allow participants to set up their own software solutions and communicate with the existing mock solutions and other participants within a secure testing environment.

Bank of Queensland pays penalty for alleged breach of Consumer Data Right Rules

Bank of Queensland Ltd has paid a penalty of $133,200 after the ACCC issued it with an infringement notice for allegedly breaching the Consumer Data Right (CDR) Rules by failing to provide a service enabling consumers’ data to be shared.

The CDR is an economy-wide data sharing program that enables Australians to leverage the data businesses hold about them for their own benefit. The CDR was first rolled out to banking in July 2020 for the major banks, with all other banks required to share certain data by 1 July 2021.

ACCC amends Consumer Data Right Rules

The ACCC has made some important amendments to the Consumer Data Right Rules, following consent from the Treasurer.

The new rules expand the types of consumers who can use the Consumer Data Right (CDR) to include more business customers.  From 1 November 2021, the major banks will enable these customers to share their data with accredited data recipients when shopping around for better services.

Consumer Data Right Rules amended to include intermediaries

The ACCC has amended the Consumer Data Right Rules to permit accredited intermediaries to collect data on behalf of third party data recipients, with consumer consent.

These amended rules mean accredited businesses can now ask other accredited businesses to obtain consumer data on their behalf, and are intended to facilitate greater participation in the Consumer Data Right by fintech firms.

Consumer Data Right goes live for data sharing

Consumers can now choose to share their banking data to access more personalised financial products and services following the launch of the Consumer Data Right today.

All four major banks are capable of sharing their customers’ data, when requested by the customer. Other authorised deposit-taking institutions will join the Consumer Data Right over the coming year.

From today, individual customers can request their bank share their data for deposit and transaction accounts and credit and debit cards.

Consumer Data Right accreditation open to fintechs and banks

The ACCC’s launch of the Consumer Data Right Register and Accreditation Application Platform (RAAP) and the Consumer Data Right Participant Portal today will enable businesses to apply to become Accredited Data Recipients. 

This marks a significant development in the delivery of the Consumer Data Right because the RAAP is the IT backbone of the Consumer Data Right.

Consumer Data Right Compliance and Enforcement Policy released

The ACCC and the Office of the Australian Information Commissioner (OAIC) today jointly released the Compliance and Enforcement Policy for the Consumer Data Right.

The Policy outlines the approach that the ACCC and the OAIC have adopted to encourage compliance with, and address breaches of, the Consumer Data Right regulatory framework. The Policy has been developed following consultation with current and future data holders and recipients.