The ACCC has released the Consumer Data Right Rules Framework for consultation. The Framework sets out the approach and positions the ACCC proposes to take in establishing rules for the Consumer Data Right (CDR). Background.
The CDR will allow consumers to require a company such as their bank to share their data with another accredited service provider such as a comparison site in order to get more tailored, competitive services. The ACCC has been delegated the lead role in rule-making, consumer education and enforcement.
The current Rules Framework has a banking focus, as the banking sector is the first designated sector. Telecommunications and utilities will be brought within the CDR regime over time.
The rules and standards will jointly specify many of the issues necessary for the CDR to operate, including:
- which consumers can take advantage of the CDR
- the data sets that are within scope
- the criteria an entity must satisfy to be an ‘accredited data recipient’
- requirements for consumer consent
- requirements for authorisation and authentication
- the limits a consumer can place around the use of their data.
The ACCC wants fintechs receiving bank data under the government’s data porting regime to face tough penalties if they fail to meet stricter privacy standards that will be introduced to protect customers.
The ACCC says its accreditation regime would require data recipients to be “fit and proper”, have “effective” risk systems to protect information and privacy and to take out insurance to cover potential data breaches.
The proposed privacy safeguards are:
Safeguard 1: Open and transparent management of data
Safeguard 2: Anonymity and pseudonymity
Safeguard 3: Collecting solicited CDR data
Safeguard 4: Dealing with unsolicited CDR data
Safeguard 5: Notifying the collection of CDR data
Safeguard 6: Use or disclosure of the CDR data
Safeguard 7: Use or disclosure of CDR data for direct marketing
Safeguard 8: Cross-border disclosure of CDR data
Safeguard 9: Adoption or disclosure of government related identifiers
Safeguard 10: Quality of CDR data
Safeguard 11: Security of CDR data
Safeguard 12: Correction of CDR data.