Treasury and the Data Standards Body have issued a consultation paper on a ‘Opt-out’ joint account data sharing model for the development of rules and standards to implement an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors.
The paper responds to concerns that the current requirement for each joint account holder to ‘opt-in’ to sharing before joint account data can be shared will not work.
The current model is banking-sector specific. The ‘opt-in’ requirement means that while one joint account holder may initiate a consent process with an accredited data recipient to share joint account data, the process will stall if any other joint account holders have not previously indicated that they wish to share data from the account.
The rules provide that a consumer can only ever share their own customer data; customer data of the other account holder(s) is never sharable data. An exception to this prohibition is where a person is acting under a power of attorney on behalf of a CDR consumer.
The proposals are:
- Default setting for an ‘opt-out’ approach: Treasury is seeking feedback on joint accounts sharing settings being set to ‘on’, allowing each joint account holder to automatically share data on the joint account after providing a consent to the accredited person and an authorisation to the data holder.
- Complex joint accounts: where a joint account has been set up by the account holders to require multiple approvals before a transaction can occur (eg all to sign), Treasury is seeking feedback on three options:
- mirroring current authorities to transact on the account
- requiring ‘opt-in’ to share data by each account holder
- adopting the ‘opt-out’ approach regardless of the authorities to transact on the account.
- ‘Opt-out’ settings: the paper proposes joint account holders should be able to override the default setting and set data sharing to ‘off’. Consistent with the requirements in the current rules, this paper also proposes joint account holders should have granular functionality to cease individual data sharing arrangements, whether initiated by themselves or another account holder.
- Notification requirements: the paper proposes maintaining the notification requirements in the current rules. That is, data holders must provide notifications to all joint account holders where an account holder gives or amends an authorisation, when an authorisation expires and when an account holder turns ‘off’ data sharing or indicates they want a different disclosure option to apply to the account.
If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.
Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.