Consumer Data Rights: What Are Your Obligations?

Next steps in the Consumer Data Right regime as the ACCC launches the guidelines for accredited data recipients.

In another step closer to the open banking regime, the ACCC launched the Consumer Data Right Register and Accreditation Application Platform (RAAP) and the Consumer Data Right Participant Portal, enabling businesses to apply to become Accredited Data Recipients. Sharing of banking data securely between major banks and Accredited Data Recipients will commence on 1 July 2020.

The two main functions of the RAAP is to create a trusted data environment where encrypted data is only shared between approved participants; and to provide a portal where businesses can apply to be accredited.

To receive CDR data under the regime, individuals and businesses will need to become accredited.

Two of the key obligations for accreditation are:

1. Information Security

Information security is critical to the success of the CDR regime and the regulator’s focus is on building consumer confidence in the security and integrity of the CDR ecosystem.

The Competition and Consumer Act 2010 (Cth) Act and CDR Rules contain a number of privacy safeguards to increase the protection of a consumer’s data. The accredited person has an obligation to protect data from:

(i) misuse, interference, loss

(ii) unauthorised access, modification or disclosure

The Rules require the accredited person to formally establish and implement security gov