What consumer data rights law will mean for business

The CDR will give consumers greater control over their transaction, usage and product data by giving them the option to share it with trusted third parties.

Australia’s banking, telecoms and energy sectors are set for a shake-up, with draft legislation poised to promote a new level of competition and innovation. Here is what you and your clients need to know about consumer data rights.

By Jessica Mudditt

The Australian Federal Parliament is expected to pass a law in the coming weeks that will encourage innovation and foster competition in Australia’s banking sector – and ultimately across the economy.

The Treasury Laws Amendment (Consumer Data Right) Bill 2019 (CDR) will give consumers greater control over their transaction, usage and product data by giving them the option to share it with trusted third parties.

By forcing banks to make their customers’ data available to service providers if a customer so chooses, consumers should find it far easier to compare and switch a range of services such as home loans and credit cards.

Australian Competition and Consumer Commission (ACCC) chairman Rod Sims has welcomed the introduction of a consumer data right in Australia, calling it “a fundamental competition and consumer reform”.

The ACCC will develop rules and an accreditation scheme to govern the implementation of the consumer data right, approving technical standards and taking enforcement action to ensure compliance by participants.

Technical standards are in the process of being developed by Data61, the data innovation group of the federal government’s scientific research organisation, the CSIRO, and the government has allocated A$20 million for implementing the law over the next four years.

The benefits will be massive

The CDR law will first apply to finance through an Open Banking regime, and then to telecoms and energy. It will eventually be rolled out economy-wide on a sector-by-sector basis.

“I don’t think we will see an impact for at least the first year,” says Robyn Chatwood, a partner at legal firm Dentons.

“But I think once the penny drops and people see the value in it, it will be very empowering. The benefits will be massive.

“Australia has highly oligopolised banking and telecoms sectors, so anything that encourages competition is a good thing,” she adds.

Although the energy sector already has a consumer data right, which allows customers to obtain their electricity consumption data, Chatwood says it’s not particularly effective because the rules around customer consent, among other issues, are unclear.

Treasury is working with the Department of the Environment and Energy to develop a model for implementation, which will be launched in 12 months’ time.

Possible delays to Open Banking pilot

A pilot program of product data involving the four major banks to test the Open Banking system was due to begin on 1 July 2019; however, trade media report not all the banks are ready. The pilot is also in doubt because the law has not yet been passed and the bill lapsed when parliament was dissolved for the last federal election.

“The big uncertainty is whether you can do the pilot without the legislative framework in place. I don’t think you can, as it involves the exchange of data,” says Chatwood.

According to the timeframe set out in the proposed law, the four major banks will first make consumer data available for personal credit and debit cards, deposit transactions and mortgage products by 1 February 2020. This has been delayed from the initial start date of 1 July 2019.

From 1 July 2020, the major banks will need to make data on consumer credit and business mortgages available, followed by non-self-branded consumer data. Australia’s smaller banks will begin the rollout in phases from February 2021.

“I expect these dates in the draft rules will be pushed out because a lot will depend on what happens in the pilot,” says Clayton Utz partner Steven Klimt.

The CDR law will primarily amend the Australian Competition and Consumer Act 2010 and will also consequentially amend the Privacy Act 1988 and the Australian Information Commissioner Act 2010.

The CDR law will contain new criminal and civil offences for non-compliance, including a fine of A$500,000 and/or five years imprisonment for misleading consumers.

Further work remains to be done on the rules; however, Chatwood says she doesn’t expect any major changes to be made, as consultation rounds have already been undertaken.

“However, there are a few things that are still unclear, such as how to approach the issue of consent among vulnerable or disadvantaged groups, and how to deal with joint accounts.”

Equal footing for fintechs

Klimt believes that fintechs will be the initial beneficiaries.

“This is because the major banks have huge amounts of data on their customers, which they use to decide whether to provide them with financial services,” he says.

“If fintechs become accredited under the law, they will also be able to acquire that type of data and will essentially be in the same position as the banks."

Read next: Add “data engineering” to your accounting firm’s toolkit

Like what you're reading? Enter your email to receive the INTHEBLACK e-newsletter.
October 2021
October 2021

Read the October 2021 issue of INTHEBLACK magazine.

Each month we select the must-reads from the current issue of INTHEBLACK. Read more now.