In a recent speech by Assistant Treasurer Stephen Jones at a CEDA (Committee for Economic Development of Australia) conference, significant changes were announced that aim to reshape Australia’s digital economy, focusing on the Consumer data right (CDR), privacy, and cybersecurity. The speech highlighted both the benefits and challenges brought by the digitisation of the economy, emphasising the need for stronger protections and more effective use of consumer data.

A focus on Privacy and Data protection

The speech underscored the importance of data in the digital economy, recognising the growing concerns among Australians about privacy due to rising incidents of cybercrime and data breaches. To address these concerns, the government is reviewing the Privacy Act to ensure it is fit for the digital age. This review will impose higher standards on businesses to protect customer data.

Click here to view the speech by Assistant Treasurer Stephen Jones

CDR compliance costs report

Heidi Richards’ CDR compliance costs review report, released by Assistant Treasurer Stephen Jones, found that the costs of the Consumer Data Right (CDR) have far exceeded original estimates, with large banks facing significant burdens due to complex technical requirements. The report raises concerns about the rapid changes to CDR rules, low customer usage, and the lack of innovation, partly due to restrictions on using CDR data. Businesses haven’t been incentivised to use CDR data, which has hindered broader adoption and innovation. The report calls for clearer strategic planning and prioritisation of future changes.

Click here to view the CDR compliance cost review paper

Reimagining the CDR

The speech acknowledged that the current implementation of the CDR has been flawed, with high regulatory burdens, low uptake, and limited innovation. To address these issues, the government is launching a reset of the CDR, focusing on several key areas that include:

1. Streamlining consent processes: The government will simplify how consumers give consent to use their data, allowing for multiple consents in a single action, making it easier and more user-friendly.
2. Improving business access: The government will mandate that data holders, such as banks, provide a straightforward process for businesses to access their own data. This will help businesses, especially small ones, to benefit from the CDR.
3. Consumption of CDR data: New rules now allow accredited deposit-taking institutions (ADIs) who are data holders to hold consumer data under the Consumer Data Right (CDR) when a consumer applies for or acquires a product. ADIs must notify consumers that their data will be held and inform them of relevant privacy safeguards. This could help accelerate the use of CDR data by banks who are data holders. 
4. Reforming Standards and Costs: The government will introduce a more structured approach to making standards changes. This includes limiting changes to a few scheduled releases per year, ensuring longer lead times, and considering the cost and regulatory impacts on participants.
5. Focusing the scope of CDR: To reduce unnecessary costs, the government is examining the possibility of narrowing the scope of data included in the CDR, removing products unlikely to be used.
6. Prioritising high-value use cases: The reset will prioritise consumer finance, energy switching, and accounting services for small businesses, where the potential benefits to consumers are highest.
7. Sector expansion: It was confirmed that Data holders would be extended to non-bank lenders to be operational by mid 2026.

Click here to view the Consumer Data Right Rules: consent and operational enhancement amendments consultation

Strengthening Cybersecurity and Digital identity

The speech also highlighted the ongoing efforts to strengthen cybersecurity through the National Cyber Security Strategy and modernise the payments system. The government is committed to ensuring that digital identity systems, which simplify and secure the verification process, will reduce the amount of data businesses and governments need to hold, further protecting consumers. There was also a commitment to align CDR development with Digital ID, Payment system reform and Privacy act reform.

Click here to view the 2023-2030 Australian Cyber Security Strategy

Moving away from unsafe practices

A significant announcement was the government’s stance on screen scraping, a practice where businesses ask consumers to share their bank passwords. The government is considering a full ban on screen scraping, emphasising that it is fundamentally unsafe and that the CDR should become the system of choice for data sharing. With a commitment to phase out screen scraping, the next 12 months will see Treasury develop a full transition plan.

Click here to view the report by Basiq comparing the performance of Open Banking and Web Scraping: “An inside look at Open Banking performance and adoption in Australia”

Action Initiation bill passes

Since launch, the Consumer Data Right (CDR) has been “read-only,” allowing data recipients to access and use the data for purposes like lending assessments, budgeting tools, and product comparisons. However, the introduction of the new action initiation power will add a “write” capability, enabling recipients to not only view the data but also perform actions on behalf of customers, such as making a payment, switching providers and updating personal details using the CDR framework.

Amends the Competition and Consumer Act 2010 to establish action initiation reforms, enabling consumer data right (CDR) consumers to direct accredited persons to instruct on actions on their behalf, such as making a payment, opening and closing an account, switching providers and updating personal details, using the CDR framework.

On the same day as Assistant Treasurer Stephen Jones announced the CDR reforms, the Senate passed the CDR action initiation bill. While this is exciting news, the government will still need to consult with industry stakeholders to determine its application, and detailed rules will need to be established.

Click here to view the Treasury Laws Amendment (Consumer Data Right) Bill 2022

Conclusion

The speech marked a pivotal moment in the government’s approach to the digital economy, with a clear commitment to improving the CDR, enhancing privacy protections, and fostering innovation. The reset of the CDR aims to reduce costs, encourage adoption, and ensure that consumers truly benefit from the data they generate. By focusing on these areas, the government hopes to build a digital economy that is both safe and innovative, where consumers can trust that their data is protected.