- With increasing interest rates, the rising cost of living and stagnant or falling wages, businesses and individuals are on the lookout for opportunities to save costs.
- The Consumer Data Right is a statutory scheme designed to make it easier for consumers to switch between providers and access better deals by requiring designated providers to share their customer data on request.
- The scheme is being rolled out progressively across the Australian economy.
- The first infringement notice under the scheme has been issued by the ACCC against the Bank of Queensland for failing to be ready to securely share data. Providers of goods and services, as well as legal practitioners, should be aware of the penalties.
The Consumer Data Right (‘CDR’) is a statutory right that applies to customers of goods and service providers that have been designated under the scheme. It enables the customer to require their existing provider (‘data holder’) to transfer their specified customer data securely to a recipient authorised by the customer, using regulated data sharing arrangements designed by and overseen by the Australian Government. The CDR enables the customer to compare goods and services offered by other providers including competitors of their existing provider. It is intended to remove some of the barriers to competition by assisting individuals and small and medium size businesses to identify and access better deals more efficiently, as well as encouraging providers to develop more innovative and tailored products.
Only prospective providers, or intermediaries such as comparison websites, that have been accredited under the scheme (‘accredited data recipients’) have the benefit of being able to access and use customer data to tailor and offer goods and services to suit the specific customer’s circumstances. The Australian Competition and Consumer Commission (‘ACCC’) is responsible for accreditation.
The legislation provides for ‘direct to consumer’ transfer of data. However, this facility has not been enabled under the scheme yet due to data security concerns.
How does it work?
A data sharing request is initiated by a customer using their nominated accredited data recipient’s app or website, which connects to their existing provider’s website and verifies the customer’s identity. The customer identifies the specific data to be shared. The transfer of customer data from the data holder to the accredited data recipient is conducted through an application program interface. According to the CDR website, the whole process takes less than two minutes. Customers are able to see and manage the data they have consented to share and can withdraw their consent at any time.