It may have been designed to help consumers comparison-shop mortgages more easily, but the Consumer Data Right (CDR)-powered open banking regime is bearing unexpected fruit as a fintech startup launches a data-matching service that alerts consumers if they have visited a COVID exposure site.

The free service, called COVID Hotspot Alert, cross-matches a consumer’s credit-card purchase history with publicly available lists of exposure sites to determine whether they may have been in the shop during an exposure window.

With conventional contact tracing often taking days to catch up with the spread of coronavirus in the community, an automated, AI-based engine offers a much faster alternative driven by automated data matching between raw bank data and the data feeds provided by various states.

Differences between the states’ data formats mean the service only works in NSW for now, Adatree CEO and co-founder Jill Berry told Information Age, but the company is working through the differences and expects to expand it to Victoria and Queensland soon.

“We wanted it to be a personal contact tracer, a set-it-and-forget-it service,” Berry said. “But we have to really fine-tune our machine learning for them because, for example, the Queensland data looks very different and has way less structure than the NSW data.”

To remedy this, Adatree leans heavily on Amazon Web Services (AWS) and other APIs to check and validate data through geolocation, merchant codes, and more – ensuring, for example, that company and trading-as names don’t get confused, and that companies are identified correctly if they have similar-sounding names.

New directions for CDR

COVID Hotspot Alert is the first non-financial use case for CDR, a wide-reaching policy framework that was introduced last year to stimulate the ‘data economy’ by enabling the financial-services industry’s open banking regime and will steadily be expanded to energy and telecommunications providers.

Despite years of government development and industry advocacy around CDR, Berry said, “the government hasn’t done a [public] campaign on it at all. If you work in business, fintech or finance, you know about open banking – but this is the first time that’s actually been released to the masses.”

“They’re already starting to think about how they can educate consumers about safe data sharing practices, and what the CDR really is.”

The wealth of sensitive information available through CDR has driven widespread concerns that it could be abused by loyalty programs and dodgy data harvesters, with tough rules around the certification of authorised data recipients (ADRs) putting tight constraints on what data is available and what companies can do with it.

Founded specifically to capitalise on the new opportunities presented by the CDR, Adatree received its ADR accreditation in February – fostering a range of new use cases that led to Berry winning the Emerging FinTech Leader of the Year award in this month’s ‘Finnies’ fintech awards.

The protections around CDR data are so tight that the government “have actually gone a bit too risk averse on the security point of view,” Berry – who previously co-founded neobank Volt Bank and came into Adatree with a team well-versed in secure coding protocols and information-security policies – said. “It has kind of copied and pasted what it takes to build up a bank, security-wise.”

“This is great for consumers thinking that this is the Fort Knox of data sharing – but if you’re thinking about bringing propositions and services to market that are based on real-time data sharing, the barriers to entry are incredibly high.”

Awareness around the use of sensitive contact-tracing data was piqued this week by revelations that South Australian medical authority SA Health has been retaining QR check-in data indefinitely, despite policies intending for it to be deleted after 28 days.

Registering the importance of ongoing concerns about privacy and data security – and the fact that data derived from CDR data is also considered to be CDR data – Berry said Adatree will not only be deleting the data quickly, but will be reporting on a quarterly basis and regularly audited to ensure it is complying with requirements.

As adoption of innovative applications teases CDR out of the margins, government authorities are optimistic that fintech innovators will continue to dream up new ways to leverage financial data for the public good.

“We’ve said from the outset that the Consumer Data Right is about empowering Australians [and] putting them in charge of their own data,” Minister for Superannuation, Financial Services and the Digital Economy Jane Hume said, calling the service “a terrific initiative by Adatree.”

“Open banking is already up and running,” Hume said, “and thousands of Australians have already consented for their banks to safely and securely share their data with an accredited third party to deliver a better service, like a budgeting tool, or to find a better deal.”