Newly-released draft regulations have provided the first look at how new rules will let you demand access to the personal data that banks hold about you – and use it to switch banks, energy providers, or phone companies.
The federal government announced the Consumer Data Right (CDR) in November 2017 as a way of improving consumers’ access to personal information that organisations hold about them.
Vibrant competition in key services industries had driven a “kaleidoscope of new business models, products and insights” in recent years, a recent Productivity Commission inquiry concluded.
However, making sense of them has been difficult and many consumers – some put the figure at 40 percent of Australians – have been reluctant to change providers because it just seems too hard.
Consumer sentiment hadn’t been helped any by the recent Royal Commission, whose findings were credited for the results of a recent Unisys survey in which just 16 percent of Australians trust their bank to share their personal data; this was the lowest of five countries surveyed.
Indeed, 49 percent of Australian respondents said one of the most important aspects of their engagement with banks was that their products, processes and services were transparent and easy to understand – nearly as many as were concerned about the security and safety of their data.
CDR will make it easier to switch by allowing you to download key information about your use of a bank’s products – for example, the interest rates and historical spend of your credit cards or the details of your personal loans or insurance policies.
You can then use this data to shop around for comparable products that may be available at better prices.
A CDR pilot will begin on July 1 and will initially be rolled out in the banking sector, with energy and telecommunications the likely next candidates.
Getting your data from the bank
CDR has been in the works for over a year but the new exposure draft finally spells out how it will work.
The Australian Competition & Consumer Commission (ACCC) spelled out three types of CDR requests: product data requests (PDRs), consumer data requests, and consumer data requests made on behalf of CDR consumers.
CDR rules allow you to log onto a specialised bank portal to request a copy of the data that they hold on you. This data, the ACCC says, must be provided for free and “can be used by the CDR consumer as they see fit”.
You can also designate a third party – for example, an accountant, broker, financial advisor, or comparison site – to lodge a CDR request on your behalf.
This would usually happen where you were shopping around for a new provider and the third party needs your details to find the best alternative for you.
Those third parties must be “fit and proper persons” – read: not criminals – and are only allowed to use your data as part of a ‘CDR contract’, which lets them provide you with goods and services until you terminate the contract.
Better transparency across the industry
The third type of request is designed to improve transparency around financial services organisations’ products in a standard way that makes it easier to compare them.
A PDR allows “any person” to request data relating to a particular product – in the financial context, this would be a particular type of home loan or credit card – and be provided with aggregate data about that product.
This data might include eligibility criteria, terms and conditions, prices, and data about the performance of the products in question.
Requests must be lodged through a portal built and maintained by the bank, and cannot include personally identifiable information.
They would, however, provide valuable aggregated data that could be used by financial advisors, comparison shopping sites or others who want details about a company’s financial products.
“The draft rules for the Consumer Data Right allow companies working in the banking sector to begin planning and move towards the start of the consumer data right in banking, with some greater detail and guidance as to how it will work,” ACCC Commissioner Sarah Court said in announcing the release of the draft.
The guidelines – which do not include a ‘right to be forgotten’ as already implemented in many countries – are sure to attract considerable attention and comment from big business, privacy advocates and others wrestling with ways to manage the valuable personal data that Australians are often giving away far too freely.
Submissions are being accepted until 10 May.