BlogBusinessAn Overview of Consumer Data Rights for Australia

An Overview of Consumer Data Rights for Australia

For years, corporations have controlled the data usage consumers see on their billing statements. The end result is that consumers were in the dark about services these companies offered, or what they would really be charged for, and were forced to blindly pick, for instance, a bank to open accounts with, phone and internet data plans, or see the amount of energy their home used each month.

By the same token, businesses have always been limited to what they can know about consumers when developing their products. With the Consumer Data Rights (CDR) policy for Australia developed by the Australian Competition and Consumer Commission), all that is about to change. So, here’s what the new policy is, the elements of it, and what it means for companies, consumers, and Australia. 

What Does the CDR Mean for Australia

The Australian Consumer Data Rights policy dictates that consumers will be able to access particular aspects of their data (specifically in a digital format like a .pdf, possibly). Consumers then can give permission to a business to share that data with a third party. Businesses will also be allowed to access certain user data in order to develop better products and services, so consumers can choose to contract with them or not.

Implemented by the ACCC (Australian Competition and Consumer Commission), the first sectors to be affected by the CDR will be banking, telecommunications, and energy starting in July of 2019. While many areas of this policy have been discussed, it’s important to note no hard standards have been agreed upon as of yet.

CDR’s Affects on Banking, Telecommunications, Energy

While the CDR is a positive for consumers, no one is really sure how this policy will affect businesses or consumers. Right now, it is purely hypothetical how it will pan out for both. But overall, the CDR policy could impact the Australian economy for the next 20 years, if not longer. For the telecommunications industry, the CDR will mean consumers could see their usage data and how it directly affects their budgets. The CDR will also drive and influence the National Electricity Market as consumers access and share energy usage data.

As far as banking is concerned, there may come a time when consumers can tap their smartphones to compare banks in order to obtain the best interest on personal accounts. Since the banking industry will be the first sector to feel the CDR change, what it means for both consumers and businesses alike could be seen after the policy has been in effect for a while after July of 2019.

How the CDR Policy Would Work

While the standards around the CDR have not been explicitly defined, here are some of the elements around its implementation. First off, organizations must be accredited, which means the organization or individual has to be recognized by the ACCC. Secondly, the data that becomes available to individuals or businesses has to be generated in “machine-readable form” so that the process of transfer allows for automation.

In order for businesses to participate in the CDR program, they will have to go through a consultation process. This step is important as banks and other types of businesses will want to evolve their business processes. The last element is that the data will be presented as “rread-only” which means businesses and third parties can receive, directly transfer, or copy the data. Future governmental changes may allow for a “read/ write” parameter so a third party can act on a consumer’s behalf. For example, it could transfer funds from one account to another.

Technology Consideration of the CDR

But all these changes to be implemented by the CDR will affect the four major banks in Australia first, and specifically the financial technology that supports them. Overall, the ACCC’s framework would ensure accreditation and require data recipients to have systems in place to protect information and privacy and to also help prevent data breaches. Those who do not follow these rules could be subject lawsuits.

With no set standards yet, the ACCC has said it might allow data to be transmitted to non-accredited sources. But the ACCC states if this path is chosen, the consumer data falls into unprotected territory and the CDR policy would not cover it. Yet, the ACCC states it might allow for an “intermediary model” where financial technology companies don’t collect bank data but still get insights into after it has been collected.

Global Tech Can Access CDR Data

It seems as long as an institution has gone through the steps of obtaining accreditation, it might be able to access usage data. Such is the possibility for global tech firms. However, their belief is that they could do this without sacrificing any of their own customer data. But the ACCC points out that while these firms may desire access, the CDR is first and foremost about the consumer. So, in order for these large global tech companies to access new customer data, they will need consumer consent.

Data Sharing on Fintech Sites

With hacking and data breaches a real possibility for financial technology sites and banking sites, the major issue with the CDR is if consumers will be able to conduct transactions on a fintech site. The banks want these transactions to occur on their sites, of course. The main reason for this is that banks claim it is safer.

Banking Websites Improvements

The ACCC has stated that banks cannot charge consumers fees for any kind of account access. This goes for former, current, and new customers.  Of course, this point means banks will need to improve their websites, APIs, and the security behind them. Additionally, banks will have to make improvements to their data portals so consumers can view all aspects of their accounts, especially any access granted for others to see their data.


The Consumer Data Rights policy created by the ACCC is an excellent idea and is really a win for both consumers and small to large businesses. Consumers need to feel they are getting the best deal when it comes to the services they pay for, and it is not a stretch to say that most businesses want to provide them. The CDR will definitely allow for a clearer picture of what consumer needs are and for consumers to feel safe working with a business, whatever that might be. In the end, transparency guarantees satisfaction for customers and better business models in a highly driven service economy.