Consumer data right
ING Bank (Australia) Limited has paid penalties totalling $53,280 for allegedly failing to comply with Consumer Data Right (CDR) Rules and making a false or misleading representation to consumers, after the ACCC issued it with four infringement notices.
The ACCC alleges that ING Bank missed three important legislated deadlines and made a misleading statement to consumers on its website about the reliability and security of its CDR service.
The ACCC has refused Consumer Data Right (CDR) accreditation to iSignthis Australia Pty Ltd (iSignthis), as the ACCC was not satisfied iSignthis would be able to comply with the obligations of an accredited data recipient under the CDR Rules.
“We refused to accredit iSignthis because we were not satisfied on the material before us about iSignthis’s data security protections, insurance and whether it is a fit and proper person to be accredited,” ACCC Commissioner Peter Crone said.
The ACCC has this week launched the Consumer Data Right (CDR) sandbox, a free tool that enables existing and potential CDR participants to better test and improve their CDR solutions, reducing time and cost in the process of becoming an active CDR participant or updating their CDR offering.
The CDR Sandbox is a hosted environment that behaves and functions like the actual CDR ecosystem. The Sandbox will allow participants to set up their own software solutions and communicate with the existing mock solutions and other participants within a secure testing environment.
Bank of Queensland Ltd has paid a penalty of $133,200 after the ACCC issued it with an infringement notice for allegedly breaching the Consumer Data Right (CDR) Rules by failing to provide a service enabling consumers’ data to be shared.
The CDR is an economy-wide data sharing program that enables Australians to leverage the data businesses hold about them for their own benefit. The CDR was first rolled out to banking in July 2020 for the major banks, with all other banks required to share certain data by 1 July 2021.
The ACCC has made some important amendments to the Consumer Data Right Rules, following consent from the Treasurer.
The new rules expand the types of consumers who can use the Consumer Data Right (CDR) to include more business customers. From 1 November 2021, the major banks will enable these customers to share their data with accredited data recipients when shopping around for better services.
The ACCC has amended the Consumer Data Right Rules to permit accredited intermediaries to collect data on behalf of third party data recipients, with consumer consent.
These amended rules mean accredited businesses can now ask other accredited businesses to obtain consumer data on their behalf, and are intended to facilitate greater participation in the Consumer Data Right by fintech firms.
Consumers can now choose to share their banking data to access more personalised financial products and services following the launch of the Consumer Data Right today.
All four major banks are capable of sharing their customers’ data, when requested by the customer. Other authorised deposit-taking institutions will join the Consumer Data Right over the coming year.
From today, individual customers can request their bank share their data for deposit and transaction accounts and credit and debit cards.
The ACCC’s launch of the Consumer Data Right Register and Accreditation Application Platform (RAAP) and the Consumer Data Right Participant Portal today will enable businesses to apply to become Accredited Data Recipients.
This marks a significant development in the delivery of the Consumer Data Right because the RAAP is the IT backbone of the Consumer Data Right.
The ACCC and the Office of the Australian Information Commissioner (OAIC) today jointly released the Compliance and Enforcement Policy for the Consumer Data Right.
The Policy outlines the approach that the ACCC and the OAIC have adopted to encourage compliance with, and address breaches of, the Consumer Data Right regulatory framework. The Policy has been developed following consultation with current and future data holders and recipients.