19 Nov 2020

  • Privacy and Compliance

Consumer Data Right update: the devil is in the detail

From noble idea to implementation during a pandemic, the Consumer Data Right legislation rollout across banking offers lessons to the data-driven marketing industry.

In a big data world, governments have been playing catch up in updating regulating at the speed we create an abundance of information as we go about our daily lives banking, shopping and paying our bills.

It’s a technological, legal, commercial and political minefield. There is an argument that the business who invested their capital - both human and hardware - to capture the data should own that data? But the need to protect the individual’s privacy needs to remain paramount, so this argument becomes more complex …

Europe’s 2018 General Data Protection Regulation legislated that people have a right to their own data, regardless of who collects it. Australia has been moving towards that same vision.

In August 2019, Australia made a major leap in regulating to allow citizens’ more control over their personal data by passing legislation to create the Consumer Data Right, also called CDR.
The CDR was implemented according to four main principles:

  • Customer Focused
  • Encourage Competition
  • Create Opportunities
  • Efficient and Fair

After overseas banking scandals and local data breaches, the Australian government wanted its new consumer data rights to apply to the banking sector first. The application of the CDR in the banking sector is called Open Banking and follows the key principles.

  • It allow consumers to take their own banking data to other companies to get the best deal.
  • Promotes fintechs and traditional banks to offer more innovative products at more competitive prices so consumers can make better choices.
  • Safely transfer sensitive personal financial information to other providers in a secure, efficient manner that also protects privacy

Once the Consumer Data Right had been confidently implemented in the banking sector, the plan was to roll it out to the energy industry to help consumers save on their energy bills and the telecommunications industry so consumers can get better phone and internet deals.

How did the CDR rollout work during 2020?

The goal for consumers to exploit their own historical financial data to find the best deal is a noble one, but the reality of making that happen has been complex, particularly in a year when the pandemic disrupted workplaces.

In July 2020, Customers of Australia’s four major banks (Australia and New Zealand Banking Group Limited, Commonwealth Bank of Australia, National Australia Bank and Westpac Banking Corporation) can share their banking data from a range of personal accounts (e.g savings accounts and term deposits) and in November, that expanded to home loans and personal loans with other personal banking details like joint accounts, scheduled payments, direct debits etc also soon to be available.

Another big piece of work implementing CDR has been rolling out how data interoperability and sharing will work - what are the standard formats for financial data and what format will consumers want their data in?

The Business Council of Australia has implored the government to slow down the rollout of CDR to other sectors to ensure everyone is aware of the infrastructure needs and costs involved in the regulation.

What does CDR mean for Data-driven Marketers?

This is the first Australian legislation that’s opened up the can of worms of data sharing and open data. This means it’s important for the data-driven data industry to watch what happens.

Anyone who has worked with data - particularly big data - understands the nightmare of formatting, storing and trying to merge different datasets or make them readable and understandable for a non-technical audience.

If a consumer tries to access their own data and it’s mostly non-intelligible, it raises brand, trust and transparency issues.

There’s also a big sticking point around something called “write access” to financial data, which would enable consumers to give businesses or other people the ability to apply for - or even manage their financial products - using online application programming through APIs.

Under some of the new 2020 rules around CDR, consumers can give permission to third parties to act on their behalf.

This has spurred the development of apps which give customers suggestions to switch to more personalised financial products. But the question remains whether all third party organisations can be trusted to always offer the best product recommendation, or will some fall foul and recommend only products that pay them the highest fee? We can only hope that the successful action by the ACCC against Trivago reduces ‘bad behaviour’.

The Consumer Data Right has forced a raft of different regulators - from APRA to ASIC to the ACCC and the OAIC and DSB - to work together with the big four banks at a time when cybersecurity threats have been rising and the growing fintech sector wants to lure the bank’s traditional customers.

It’s been complicated to ensure the intent of the CDR remains paramount while pleasing consumers, banks, and regulators. There have been legislative updates and new CDR help portals to smooth things over, but standardising the way an industry uses big data and technology - which evolves quickly - is not easy.

The CDR implementation around banking data is likely to provide valuable lessons to other industry sectors as it expands into energy and telecommunications, before rolling out to every industry sector and impacting all data-driven marketers.

There’s now talk that the ACCC - who until now has been leading much of the data regulation in Australia - will not have responsibility for the CDR as we move into 2021 and the ACCC dives deeper into its digital platforms work. Whichever regulator the Consumer Data Right ends up sitting under, the responsibility to both guide the industry and deliver on the intentions will be huge. 

For now, data-driven marketers should watch how the Consumer Data Right is implemented in the banking and energy sectors, and prepare themselves for the costs, communication needs and technical changes - things like software and hardware requirements - that will inevitably follow.

Need more info?