Navigating Australia's Consumer Data Right: Recap of 2023

In 2023, we saw a host of changes to Australia’s Consumer Data Right (CDR) regulatory landscape. The CDR has undergone significant regulatory changes, with the overarching aim to empower consumers by granting them greater control over their data across various industries, notably Open Banking and Open Energy. More broadly, the CDR has seen several developments that continue to shape data access, privacy and competition in the Australian marketplace.

The upshot of these changes mean that data holders will have to be on the front foot of the CDR compliance requirements to ensure that their business is well placed to embrace the advantages of CDR as the system rolls out across their respective industries, or risk falling behind.

What’s changed in 2023?

Expansion of CDR to new sectors

One of the pivotal changes in 2023 was the anticipated expansion of the CDR beyond the initial focus on banking to encompass other sectors, including the energy sector. The energy sector was a prime candidate for the implementation of CDR principles, allowing consumers to securely share their energy data between providers, fostering competition, and potentially leading to better deals and services.

However, navigating these regulatory changes demands a proactive approach from data holders. The landscape demands compliance with stringent protocols, fortified data security measures, and adaptation to evolving guidelines. This shift underscores the need for businesses to invest in infrastructure and technology to facilitate secure data sharing while staying competitive in an increasingly transparent market.

In November 2022, Fiskil announced the world’s first transfer of open energy data via the CDR. The official launch of Fiskil's real-time Energy APIs on November 15th marks a significant milestone in enabling us to work with energy businesses to harness the power of open energy data. Fiskil’s platform allows users to securely link their energy accounts and data to service providers and comparison sites in order to verify identity and account information, validate real-time account balances, access usage data and access detailed billing data.

On 21 November 2022, the Assistant Treasurer and Minister for Financial Services formally designated the non-bank lending sector as subject to the CDR. On 25 August 2023, Treasury released exposure draft amendments to the Consumer Data Right Rules (CDR Rules), explanatory materials and a draft Privacy Impact Assessment for consultation. The exposure draft CDR Rules signify the CDR’s push into Open Finance, with an expansion to non-bank lenders (NBL) and Buy Now Pay Later (BNPL) products.

This expansion would allow consumers to request the sharing of product and consumer data from non-bank lenders and banks that offer BNPL products, leading to improved financial outcomes for individuals and businesses.

Expansion of the CDR to non‑bank lenders will also increase the availability of data, encouraging innovation in financial technology and helping consumers to better understand and manage their finances. The consultation period closed on 6 October 2023. These updates are expected to be passed in early 2024, with non-bank lender product data sharing for initial providers and large providers expected from 1 November 2024.

In June 2023, the Minister for Financial Services announced that the CDR rollout to new sectors would be paused and the government would instead take the time to make improvements and build awareness of the CDR in the current sectors. This paused the previously anticipated rollouts to telecommunications and insurance sectors.

Enhanced Data Security and Privacy Measures

In response to growing concerns about data breaches and privacy, the regulatory changes included stricter protocols and guidelines (see the Consumer Data Right Privacy Safeguard Guidelines here) to bolster data security and protect consumers' sensitive information. Emphasis was placed on ensuring that data sharing between accredited parties adhered to rigorous security standards to prevent unauthorised access or misuse.

Impact on Businesses and Competition

For businesses, compliance with the evolving CDR regulations necessitated investments in infrastructure and technology to facilitate secure data sharing. Moreover, the increased data access and transparency have fostered a more competitive landscape, prompting companies to innovate and offer tailored products and services to attract and retain customers.

How can Fiskil assist your business in staying up-to-date with regulatory changes?

Fiskil offers two key solutions: a secure SaaS Data Holder and robust Data APIs. Trusted by top Energy Retailers and Banks, our Data Holder API ensures safe and compliant data sharing. Our Data APIs extend this capability, covering over 99% of Australia's Banking and Energy sectors, enabling secure customer data access. Our commitment to innovation empowers enterprises and startups alike with tools for strategic growth and effective data management.