With the implementation of the Consumer Data Right (CDR) in the banking sector (known as ‘Open Banking’) well under way, the release of draft amendments to the CDR rules for the energy sector, and the continuing development of the framework for implementing the CDR in the telecommunications sector, the Australian Government intends to continue its incremental roll-out the CDR, sector-by-sector, with a view to implementing the CDR on an economy-wide basis.
On 22 July 2021, the Treasury released a consultation paper setting out the target industry sectors that are proposed to become subject to the CDR after the implementation in the energy and telecommunications sectors is complete. These sectors include:
- insurance (both general and health insurance);
- loyalty schemes;
- non-bank lenders;
- education; and
The Australian Treasury, in cooperation with the ACCC, is responsible for determining which sectors of the Australian economy should become subject to the CDR regime, based on factors set out in the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth), including:
- the likely impact on consumers in the relevant sector and the sector itself, in terms of its efficiency, integrity and safety;
- the likely impact upon the privacy of individuals, and the confidentiality and intellectual property rights of businesses in the relevant sector;
- the potential regulatory impact of imposing CDR rules; and
- the potential for competition and innovation in the relevant sector and the Australian economy more broadly.
What does this mean for businesses?
Preparing for compliance with the CDR regime will require significant IT and regulatory efforts – we have seen that this has already been the case with clients in the banking sector. Further, the implementation of the CDR will present an opportunity for new, disruptive technologies and new sector participants to emerge, as players try to service customers through a single relationship that crosses multiple sectors.
In order to ready the battlements for CDR implementation and leverage the opportunities presented by it, clients may need to:
- develop a board-endorsed, fit-for-purpose CDR strategy;
- assess the type and extent of consumer data that they hold;
- perform a ‘readiness assessment’ of their technology landscape, including examining the need to bolster their existing data security measures and privacy controls;
- implement access and authentication controls in order to enable third party access to relevant data; and
- assess and implement required to changes to existing business processes and policy frameworks related to customer data.
All of this requires significant time, effort and investment that needs to be planned for now.
Clients may also wish to examine opportunities in the market in respect of collaboration with existing entities and innovation, with a view to creating the best regime-compliant customer experience.