Government to overhaul ‘poorly executed’ data sharing rules
Treasury will streamline the consumer data right’s consent processes and cut compliance costs to make tasks like banking and small business accounting easier.
The government has unveiled plans to overhaul the “poorly executed” consumer data right (CDR), aiming to ensure safety for users and reduce compliance costs for businesses.
Key changes will include streamlining consent processes, simplifying data access for small businesses and focusing on “high value” use cases that the government says will make tasks like small business accounting easier.
The move comes amid criticism that the current framework, designed to help consumers securely share financial data, has failed to gain traction due to high implementation costs and low uptake.
Assistant Treasurer and Financial Services Minister Stephen Jones said the CDR had potential but criticised its execution under the Coalition.
“It's a good idea, badly executed,” he said in an address to the Committee for Economic Development of Australia on Friday.
“More needs to be done to refocus the CDR to deliver the greatest benefits to consumers and rein in costs … we will also improve the experience for small businesses.”
The CDR is an initiative that allows consumers to opt in to share data held by businesses.
Accredited data recipients and trusted advisers – such as accountants and tax agents – can also be nominated to access client data to facilitate smoother information sharing while maintaining data security.
The government rolled out CDR to the banking sector in 2019 but progress has stalled ever since, with a government-commissioned review finding compliance costs “massively exceed[ing] original estimates”.
The review, conducted by former APRA general manager Heidi Richards, said the costs “may also be contributing to slow adoption of CDR-enabled products and services”.
“It was evident that many participants question the cost-benefit justification of ongoing changes to CDR rules and CDR data standards, based on the very low level of usage that they observe among their customer base,” the review, released last week, said.
Jones flagged plans to get the roll-out back on track and to expand CDR to non-bank lenders in 2025.
He said the Treasury unit overseeing data standards for the CDR would be tasked with examining the impact of narrowing the data included under the regime, such as removing products that were unlikely to be used.
“The new framework will formalise how changes are assessed using the 4 key criteria of consumer benefit, customer take up, cost and regulatory impact and keeping the system safe and secure,” he said.
“This will remove unnecessary costs on businesses to hold and maintain a CDR enabled repository of shareable data that is highly unlikely to be used.”
The revamped CDR would also focus on the most promising, high-value use cases including helping customers to apply for a home loan, switch energy providers and improving small business accounting.
Other regulatory changes included a proposal that would allow consumers to bundle CDR consents, so that consumers could give multiple consents to data being shared with a single action.
Jones said the government would also look to ban screen scraping, a less secure method of data sharing that has persisted due to the CDR’s limitations.
The widespread practice, currently unregulated, enables businesses to tailor offerings using customer data kept by banks and super funds.