The CDR aims to provide consumers with rights to direct a business to transfer data on the consumer to a third party in a useable, machine readable form as well as to provide product data to facilitate an economy wide consumer directed data transfer system and reduce barriers to change of suppliers, thereby increasing consumer rights and competition.

The main aim is to allow consumers to switch service providers and services (for example bank accounts or energy providers) in an easy way without any of the friction cost involved to date. For example, automatic bill paying and direct debiting arrangements make it cumbersome for the average consumer to switch bank accounts. That has led to a sticky customer relationship and reduced competition and innovation.

The CDR will require new thinking from those in designated services and likely lead to innovative disaggregated intermediaries, especially on app-based architecture in an ever deepening IoT environment.

The government has determined that the CDR will be immediately targeted at the banking sector, with the energy and telecommunications sectors to follow. Ultimately, the law will be introduced sector by sector broadly across the economy.

The CDR mirrors the data portability right in GDPR Article 20, which suggests that Australia is moving closer to the EU conception of privacy in certain areas.

With opportunity comes risk - the right will increase the move to tech-heavy solutions and inevitably engage information and privacy risks. Understanding the regulatory framework is crucial for business with new regulatory roles for current regulators and a new regulatory body.

In this outline we extract useful guidance from the legislation to set out a high level overview of how the CDR system works.

Toby Blyth
Banking and Financial Services Regulatory and Financial Services
Colin Biggers & Paisley

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.