On 1 July 2020, the Consumer Data Right went live, with all four major banks signed on and approved to share their customers’ data (on receipt of a request from the customer) to a range of authorised data recipients. Currently, there are 2 accredited data recipients, with a further 39 having commenced the accreditation process.
What is the Consumer Data Right?
Your bank collects and holds a significant amount of your data, whether it be information about deposit and transaction accounts, credit cards, home loans, and personal loans. Prior to the implementation of the Consumer Data Right, that information could not be shared with any third party without your consent, or without having disclosed the purpose for which it intended to use the data, in accordance with the Australian Privacy Principles.
The information your bank holds has significant utility outside of the purposes for which you provide the information to the bank. In particular, your bank holds significant data on your spending habits which may, as an example, disclose how much you spend on your credit card each month. Your bank even holds information on how much you spend on utilities such as phone or internet plans, or electricity plans (assuming, of course, you use your transaction account or credit cards for this purpose).
The Consumer Data Right establishes a scheme, co-regulated by the Australian Competition and Consumer Commission and the Office of the Australian Information Commissioner that allows certain providers (limited for the time being to financial services), to become an accredited data recipient, allowing you to authorise your bank to share your data with the accredited data recipient for the purposes of comparing different offerings from authorised data recipients, such as credit cards or home loans. The Consumer Data Right has the stated goal of encouraging competition and allowing consumers to more easily compare competing products, or gain access to personalised offers.
Participating organisations must comply with strict privacy rules laid out in the Consumer Data Right Rules. The service is opt-in, meaning consumers must voluntary authorise the sharing of their data.
Should I be concerned?
In our modern society, technology has the potential to streamline a broad range of information sharing – an timely example being the ability for the ATO to ‘autofill’ your tax return based on information your employer is required to provide them. The last 20 years have all but seen the death of the handwritten tax return. However, the ATO is, in this instance, both the data collector and recipient – it is using its own information to improve your experience in lodging a tax return.
The Consumer Data Right goes a step further. It is effectively a secure digital library of your information, which you can authorise a person to access to provide you a better deal on your home loan, mobile bill, or electricity. It is important to remember that at the present time, you are capable of sharing this information whenever you like – the Consumer Data Right is a means of streamlining that process and allowing you to authorise the sharing from provider to provider. The scheme has undergone significant consultation and consideration, however when considering whether to opt in, it is important to carefully consider whether you are comfortable with the information you are proposing to share being shared without passing through your (digital) hands.
Is the Consumer Data Right suitable for my business?
Presently, the scheme is only available for entities in the finance sector, with a planned inclusion in the energy sector, however with a significant uptake in the Consumer Data Right, it seems that the goal is that most consumer sectors will eventually be able to join the scheme.
The requirements for an authorised data recipient are strenuous, with significant legal and IT requirements to be met. If you think your business may be an eligible data holder, or accredited data recipient, you should seek legal advice before applying.
Image Credit - Jirsak © Shutterstock.com