Consumer Data Right (CDR) Amendment

Consumer Data Right (CDR) Amendment

By Kate O’Rourke

Dear <<First Name>>,

This week’s Consumer Data Right newsletter is a bumper edition! Here it is at a glance:

• Industry Snapshot
• Payble, Verifier and Police & Nurses Limited now accredited
• CDR Extends to the Energy Sector: version 4 Rules to expand CDR to the energy sector
• Participant support for energy
• Telecommunications sector assessment final report and proposed designation
• Interview with Australian Information Commissioner Angelene Falk
• OAIC CDR Privacy Assessment
• CDR sandbox coming soon.

Industry Snapshot

• 23 accredited data recipients are now accredited
• Yodlee and Fiskil become active, increasing the total number of active ADRs to nine
• 93 data holder brands are active (68 designated data holders and an additional 25 brands)
• Australians can now share CDR data from 95.22% of their bank accounts

 

At a recent CDR Framework Design and Strategy Forum, Minister Hume spoke to over 150 participants about the contribution of the CDR community to the success of the CDR rollout and growth of the ecosystem. Minister Hume also reflected on the significant program and industry milestones achieved over the past 12 months and the exciting future as the Government considers feedback from consultation processes to inform the future expansion of CDR and deepening functionality as the Government develops the response to the Future Directions Inquiry report.

“As many of you know, Treasury engaged across the globe to learn insights from others and undertook extensive domestic engagement. The Government was provided with very rich information to inform both how we expand the CDR in the future and what sectors and data sets we might consider next,” Minister Hume said.

“The feedback received through consultation processes points to a very exciting future for Australians and Australian businesses, both as users and participants in the CDR. The level of engagement was significant, and I want to thank you all – the CDR truly is a government-business partnership and your insights are critical to ensuring CDR is a success and continues to grow,” she said.

“The Government had a vision for the CDR as a world-leading reform to encourage data-driven tech innovation and grow Australia’s tech industry, supporting economic growth and creating new high-value jobs, which is especially vital post-COVID.

“It has been fantastic to see the CDR-powered products and services already out there and I really look forward to what is to come. At the end of the day, the real champions of CDR will be the private sector and consumers.

“I cannot overstate how important our engagement with you has been to the success of the rollout of the CDR to date. I appreciate all the time you have invested in resource-intensive policy consultations on the various CDR issues, many of which are complex.

“Forums like this one have been instrumental in informing the design of the CDR framework and I thank you very much for your participation over the last year and the years ahead,” she said.

Minister Hume was joined at the forum by Steve Kemp, head of financial institutions partnership Intuit, Jill Berry, CEO and co-founder of Adatree and Elliott Donazzan, co-founder and MD of Payble, who all showcased their use cases and thinking about the CDR. You can view a recording of the session (password JvJ6Xbb8).

Last week, neobank Volt announced its partnership with Frollo to provide a new banking-as-a-service (BaaS) app. The app integrates with Volt’s core banking system and uses Frollo’s Open Banking-enabled Financial Passport to automate its lending decisions through a real-time, accurate and complete assessment of the borrower’s financial situation. The app will enrich the existing personal financial management suite available to users – all transactions will be categorised using AI-powered transaction enrichment to automatically identify merchants, bills, and pay days, helping users stay on top of their finances. On the partnership, Frollo CEO and Founder Gareth Gumbley notes that, “we have had a great relationship with Volt over the years. With its BaaS offering, they’re in a unique position to fully leverage the power of open banking and it’s amazing to help them bring this to life. We’re looking forward to many more of their clients launching, using our technology to deliver better customer outcomes”.

ACCC accredits Payble, Verifier and Police & Nurses Limited

We are pleased to announce that Payble Pty Ltd, Verifier Australia Pty Ltd and Police & Nurses Limited are now accredited data recipients.

The full list of current data holders and accredited data recipients is available on the Consumer Data Right website.

This accreditation decision takes the number of accredited data recipients to 23 and reflects increasing interest in accreditation. If you are interested in becoming accredited and have questions about the process, further information is available at the accreditation page on the Consumer Data Right website or you can contact our Accreditation team via the Consumer Data Right Support Portal.

CDR extends to the Energy Sector: version 4 Consumer Data Right Rules

In this issue of our newsletter, we are very pleased to announce that the amendments to the CDR rules, known as the ‘version 4’ rules, have now been registered. The Competition and Consumer (Consumer Data Right) Amendment Rules (No. 2) 2021 provides a framework for data-sharing in the energy sector and also includes minor housekeeping amendments. This is a significant step in the expansion of the CDR across the economy and builds on the roll‑out of the CDR in the banking sector.

Thank you to everyone in the CDR community who engaged closely throughout the consultation process – we really appreciate your time and input.

The intended operation of the rules is described in the Explanatory Statement accompanying the version 4 rules.

Consumer access to data

All consumers in the National Electricity Market will be able to consent to sharing their data (with the exception of the largest energy customers consuming more than 5 gigawatt hours per annum). Consumers will be able to access data relating to their electricity use (through metering data), their rate plan, details of their connection and information about any energy storage or energy generation devices. The Australian Energy Regulator and Victoria Energy Compare will also make details of all electricity products offered to consumers available in a machine-readable format.

The rules provide for the peer-to-peer data access model to apply in the energy sector. In the peer-to-peer model, the Australian Energy Market Operator (AEMO) will make available metering and other datasets to retailers, so that retailers can share that data with accredited data recipients with consumer consent. Retailers will also act as primary data holders and provide additional data such as customer and billing data.

Benefits to consumers

Given the importance of energy costs in household and business budgets, it is important for consumers to get the best energy deal for their circumstances. Sharing CDR energy data will encourage greater competition between energy retailers and deliver innovative retail products that help consumers better manage their energy use, find better products and make informed decisions about personal energy investments. It will also facilitate consumers getting benefits from the increased digitalisation of the energy sector.

Potential uses for energy data

Consumers will be able to share their energy data with accredited data recipients who evaluate their electricity needs and find the best deals available (so that consumers can switch provider or move to a better deal with their existing retailer) and facilitate more efficient household energy expenditure.

As the CDR develops and encompasses new sectors, cross-sectoral and data-driven innovation will develop so that consumers can share the data about their use of products in various sectors for their benefit. For example, combining energy and banking data provides unique opportunities to help consumers assess the costs and benefits of investing in renewable energy products such as solar panels and in-home battery systems.

Miscellaneous amendments

The version 4 rules also introduce some miscellaneous amendments to help facilitate a stronger CDR framework. For example, the amendments ensure economy-wide elements of eligibility are applied in the definition of a CDR consumer (including a requirement that, where a CDR consumer is an individual, they must be 18 years or older).

Commencement of new rules

Participant support for energy

The ACCC welcomes the amendments to the CDR Rules by the Australian Government which expands the Consumer Data Right to the energy sector.

The ACCC, which has the responsibility of accrediting potential data recipients and establishing and maintaining the Register of Accredited Persons and Data Holders, will provide support for prospective energy participants to be activated on CDR. Further details and timings will be outlined in the coming weeks.

Support for Tranche 1 will include:

• Explaining the amended rules through published regulatory guidance
• Providing tools for participants, including a sandbox environment to assist participants with developing and testing their CDR solutions
• Dedicated teams for data recipient accreditation, data holder registration and assistance to complete the participant on-boarding process
• Access to the CDR service management portal for technical queries and issue resolution.

Telecommunications sector – final assessment report and proposed designation

On 23 November, Minister Hume released the final report of the sectoral assessment for telecommunications, which recommended it as the third sector in the CDR. Minister Hume also released a draft designation instrument, setting out the data holders and datasets intended for designation, for public consultation ahead of making a final decision. The sector will follow data-sharing in banking and energy, allowing consumers to securely use their telecommunications data to take advantage of new and competitive offers.

• We will host a roundtable from 1pm to 2:30pm AEST on 8 December 2021 to discuss the telecommunication draft designation instrument with interested stakeholders. Please email data@treasury.gov.au if you wish to attend.

The draft designation instrument is available on the Treasury website. We welcome submissions by 13 December 2021.

Interview with Australian Information Commissioner Angelene Falk

This week we caught up with Angelene Falk, the Australian Information Commissioner and Privacy Commissioner.

How significant a change is the CDR from a privacy perspective?

The CDR is a significant reform in supporting the digital economy, founded on a privacy and security by design approach.

It’s a model for some of the privacy reforms we think can advantage Australia more broadly – consumer choice and control, additional rights, such as the right to deletion, clear accountability and accreditation for organisations participating in the system.

The CDR is also a leading example of a system that brings together competition, consumer protection and privacy frameworks. In doing so, it provides the guiderails and certainty for the innovative use of data by business, while giving consumers control over their data within a framework that protects their privacy.

What is the OAIC’s role in the CDR system?

The OAIC co-regulates the CDR with the ACCC. We are responsible for regulating and advising on the privacy aspects of the system.

This involves providing advice to the Minister for Superannuation, Financial Services and the Digital Economy, and the Treasury on the development of the regulatory framework, including the privacy impacts of designating new sectors and the making of the rules.

My office enforces the privacy safeguards and the CDR Rules where they relate to privacy or confidentiality. We are the primary complaint handler for the CDR and have a range of other functions, including the power to conduct proactive assessments of providers’ compliance with their CDR obligations.

The OAIC also has an educative role in relation to privacy and confidentiality matters in the CDR system. We have a range of guidance and advice for providers regarding their privacy obligations, and to help consumers understand their rights.

What are your priorities in terms of the CDR?

My office has two focus areas in relation to the CDR. The first is ensuring providers understand and comply with the privacy safeguards and relevant rules so that consumers can share their data with confidence.

To achieve this, we are working closely with our co-regulator, the ACCC, to ensure effective regulation of the CDR in the banking sector. We have adopted a strategic risk-based approach to monitoring and enforcing compliance with privacy obligations through a range of tools including our assessment program and complaints handling service.

We recently concluded our first CDR privacy assessment of the 4 major banks’ compliance with the requirement to handle CDR data in an open and transparent way. We found the banks are generally complying with this privacy safeguard, but there is room for improvement, such as more clearly explaining complaints handling processes.

Our next few assessments will also examine compliance with Privacy Safeguard 1 – whether providers’ CDR policies contain the necessary information, and the steps taken to comply with the privacy safeguards and relevant rules. We will extend our assessments program to look at other privacy obligations as the system matures.

The second focus area is making sure the privacy framework remains robust as the system evolves and new sectors are onboarded. We will continue to work closely with the Treasury, ACCC and Data Standards Body to maintain a privacy by design approach, including in the upcoming rollout to the energy sector.

How important is privacy to building trust and confidence in the CDR?

We have an increasingly privacy-aware community in Australia. Our Australian Community Attitudes to Privacy Survey found privacy is a major concern for 70% of Australians and 87% want more choice and control over their personal information. The majority of Australians also told us privacy is extremely important when choosing a digital service.

Information privacy has come of age, and the CDR is a reform that reflects this, as a competition initiative founded on a privacy and security by design approach. A strong regulatory framework is in place to protect consumers’ privacy so that they can feel confident when using the CDR system.

Economic reforms like the CDR that build consumer confidence in the use of personal information and encourage innovation will help to support Australia’s recovery from the COVID-19 pandemic and position Australia to become a leading digital economy.

For providers, understanding and complying with your privacy obligations will be key to consumers placing trust and confidence in your brand and engaging with your products and services.

OAIC publishes first CDR Privacy Assessment

The OAIC has published the summary report for its first CDR privacy assessment, which examined the big 4 banks’ compliance with Privacy Safeguard 1.

Privacy Safeguard 1 requires providers to have a policy describing how they manage CDR data, and to implement internal practices, procedures and systems to ensure compliance with their CDR privacy obligations.

The OAIC found the big 4 banks are generally handling consumer data under the CDR in an open and transparent way with good privacy practices in place.

Read the OAIC’s summary report and media release. Watch the OAIC’s video to learn more about Privacy Safeguard 1.

Consumer Data Right sandbox coming soon from the ACCC to support CDR solution development

The suite of tools offered by the ACCC will soon extend beyond the currently available mock register, data holder and data recipient to include a CDR sandbox. The sandbox aims to help current and prospective CDR participants build and test their solutions faster, and improve accuracy and quality.

The existing mock solutions include automation and self-service capabilities that allow participants to download the reference code for use in their environments when developing and testing their own solutions. The CDR sandbox will build on this work and enhance the capability available to participants and their vendors to test their own solutions in a hosted sandbox environment.

The CDR sandbox will be a free tool that, once released, will provide the following features to new and existing participants:

• Ability for participants to use their own test data to test against the mock solutions or interact directly with other participants to exchange test data
• Revised version of the mock solutions, which will include the energy sector
• Management Portal to assist participants with the integration and management of their own solutions within the sandbox environment

The sandbox will facilitate participants discover and connect to one another to test their solutions in a ‘production-like’ environment and also allow them to test against hosted versions of the mock solutions.
Further details about the sandbox and timing for its release will be announced in early 2022.

Kind regards,

Kate O’Rourke First Assistant Secretary Consumer Data Right Division The Treasury