In May 2018, the Federal Government announced that it will introduce amendments to the Competition and Consumer Act 2010 to create a consumer data right (CDR) for application in banking, energy and telecommunications industry sectors, emphasising the consumer choice and competitive benefits.
The ACCC Chair, Mr Rod Sims, has recently referred to the soon to be implemented national CDR as essentially being a ‘data portability right’ which is fundamental to competition and consumer law reform.1
A CDR refers to a right which is conferred on customers to direct an entity (a service provider) which holds their data to share it with another entity which has been designated as a trusted recipient of that information (another service provider).
The creation of such a right has been proposed by various public bodies tasked with conducting a variety of inquiries and reviews in recent years.
The data availability and use investigation
In 2016 the Productivity Commission undertook an investigation into the costs and benefits of increasing access to and improving the use of, private and public sector data.
The Productivity Commission conducted this investigation in light of the 2014 Murray Inquiry and 2015 Harper Review final reports which, among other matters, concluded that technological advancements should be pursued to make it easier for consumers to make informed decisions about complex products and services, including financial products.
On 8 May 2017 the Productivity Commission’s Data Availability and Use Report was publically released, recommending, in addition to other matters, the creation of a CDR which would be a comprehensive right of consumers to access their data from both government and private data holders.2
The review into open banking
In Europe, including the UK, banking regulatory regimes3 have recently been instituted to facilitate third parties developing new applications to share customers banking data, as part of an industry wide move towards what is commonly called ‘open banking’.
Open banking has the potential to create services which enable bank customers to compare financial products more easily than is currently the case and encourage the growth in platform providers for services such as payments, investment, and lending. For lenders, it provides a more efficient means for assessing bad debt risk and tailoring product offerings.
In July 2017, the Commonwealth Government commissioned a Review into Open Banking to make recommendations about the best model for implementing open banking in Australia by facilitating the sharing of bank held data. The final report was released on 9 February 2018 (Report).
The Report contains a recommendation that an open banking regime should include a CDR which empowers customers to direct data holders to share with relevant parties their customer-provided, transaction and product data (banking data), through a phased implementation process.4 In May, the Federal Government indicated its intention to implement the Report’s recommendations.5
Privacy and data security measures
The Report recognised that open banking gives rise to privacy protection and data security concerns and has made a number of recommendations6 to address them, including:
- the ACCC accrediting recipients and holders of banking data, following a tiered model to reflect the risk associated with receiving and holding particular sets of banking data;
- the ACCC, in consultation with the Office of the Australian Information Commissioner (OAIC), and other relevant regulators, being responsible for determining rules for open banking and the CDR
- the establishment of a Data Standards Body to work with open banking regulators to determine a set of transfer, data and security standards with which recipients and holders of banking data are required to comply
- amending the Privacy Act (including the Australian Privacy Principles), so that all recipients of banking data are subject to it, and so that express consent must be obtained from customers prior to the collection of their banking data and disclosure of their banking data overseas and
- the ACCC should be primarily responsible for competition and consumer issues and standards-setting, and the OAIC should have responsibility for handling privacy complaints about the open banking regime.
The amendments to the Competition and Consumer Act 2010 are expected to be phased in starting from 1 July 2019 with priority given to the creation of a CDR in the banking sector to facilitate the sharing of customers’ credit and debit card, deposit, and transaction account, data.