Canada Joins the Global Shift Toward Regulated Data Access
Canada's Consumer-Driven Banking Framework explained. How the 2025 legislation compares to Australian CDR, UK open banking, and what it means for fintechs.
For Canada, this marks a significant policy milestone. For the rest of the world, it’s a signal that regulated data access is now the global norm, not the exception.
It’s a huge budget for FinTechs,” said Adriana Vega, Executive Director of Fintechs Canada, shortly after the announcement. “We’ve been waiting for this kind of clarity for years.”
Setting the pace for North America
Until now, North America has lagged behind the UK, EU, and Australia in formalising open banking. Last week's announcement changes that, outlining how Canada will regulate data sharing, accredit trusted third parties, and give consumers greater control over who can access their financial information and for how long.
The framework places the Bank of Canada at the center of implementation, supported by a single national technical standard to ensure interoperability. This alone represents a major step forward: no more patchwork integrations, no more competing standards, just a unified infrastructure for secure, user-permissioned data access.
It’s time we get up off the track, and get moving,” said Ron Morrow, Executive Director for Payments Supervision and Oversight at the Bank of Canada, underlining the urgency behind the rollout.
Beyond banking: a move toward open data
The CDB framework is more than a banking reform - it’s a foundation for open data across the economy. Plans were confirmed to amend federal privacy law to introduce a right to data mobility, allowing consumers to move their information securely between trusted providers in any sector.
This mirrors the trajectory already seen in the UK, where open banking is evolving into “smart data,” and in Australia, where the Consumer Data Right (CDR) now spans both banking and energy, and soon non-bank lending. By embedding open banking within privacy and data-rights law, Canada is positioning itself among a new generation of economies treating data portability as infrastructure.
FCAC has a strong track record in consumer protection,” said Werner Liedtke, Interim Commissioner at the Financial Consumer Agency of Canada, highlighting the government’s emphasis on building trust into the system.
Designed for control and trust
The Canadian regime puts "consumer control at its core":
- Consent must be renewed every 12 months, preventing open-ended data access.
- Consent dashboards will be mandatory for accredited providers.
- Liability follows the data, meaning consumers aren’t responsible for losses once data leaves their control.
These protections reflect a broader trend among regulators - treating user trust as a core design requirement, not a compliance afterthought.
The end of screen-scraping
While not the headline of the announcement, one element captures the global mood: the formal plan to phase out screen-scraping once the new framework is live. The Department of Finance estimates around nine million Canadians currently rely on screen-scraping to connect financial apps to their accounts. That practice, where users share banking credentials so third parties can “scrape” data, is on borrowed time.
Australia has committed to a similar ban under its CDR expansion, and the US Consumer Financial Protection Bureau is expected to follow suit under Section 1033 once its open banking rule takes effect. Across all these markets, the message is consistent: data access must be secure, consent-based, and standardised.
What this means for open banking globally
The Canadian framework brings new momentum to a global conversation that’s been building for over a decade:
- North America is finally aligning with international best practice, creating clear rules for data portability.
- Europe and the UK are extending open banking into open finance and cross-sector smart-data initiatives.
- Australia and New Zealand (from late 2025) are demonstrating how a single consent architecture can serve multiple industries.
- Latin America (LATAM) is emerging as a vibrant open-finance frontier: leading markets such as Brazil, Mexico, Chile, Colombia and Peru are at differing stages of regulatory rollout, combining API-mandated frameworks, fintech-driven innovation and inclusion-focused strategies to reshape financial data sharing across the region.
Together, these shifts show that open banking is evolving into open data - where consumers, not corporations, determine the movement of information across the economy.
What comes next
For financial institutions, fintechs, and data-infrastructure providers, the takeaway is clear: the age of regulated data sharing has arrived. Compliance will depend on strong consent UX, traceable data flows, and APIs aligned with emerging international standards.
The advantage will go to those who treat data portability not as an obligation, but as an opportunity to build products that are more transparent, interoperable, and customer-centric by design.
Or, as the Bank of Canada’s Morrow put it: “It’s time we get moving.”
How Fiskil can help
Fiskil delivers the infrastructure behind regulated data sharing - helping banks and financial institutions around the world stay compliant, connected, and ready for what’s next. Get in touch to learn how we can support your open banking or open data strategy.