A series of proposed changes to Consumer Data Right rules would make it much easier for consumers to share their data with a wider range of service providers.
Treasury has released an exposure draft of proposed amendments to the CDR rules, which would introduce tiered accreditation, a CDR representative model, access by trusted professional advisers and an access model called “CDR insight”.
The explanatory memorandum accompanying the exposure draft says: “The rules implement new data access models to encourage greater uptake of the CDR by both participants and consumers, while maintaining trust in the security and integrity of the CDR system.
“Stakeholders have indicated that current barriers to enter the CDR, including the cost of accreditation, are deterring many businesses from participating.”
The proposed models “provide flexibility for CDR participants to manage risk and liability through commercial arrangements”.
Under the sponsored accreditation proposal, an accredited person would be allowed to “sponsor” other parties to become accredited. This would reduce the cost of accreditation and the compliance burden for sponsored parties.
The sponsored “affiliate” would still have some compliance obligations, including dispute resolution, privacy safeguards and consent rules.
An alternative is for a party to avoid the need for accreditation by becoming a “CDR representative”. An accredited person would assume liability for the CDR representative.
CDR representatives may offer goods and services on behalf of their principal accredited data recipient or they may offer goods or services on their own behalf.
The government is also proposing to allow consumers to share data with a trusted professional adviser. Consumers would be allowed to nominate persons as trusted advisers, to whom an accredited person may disclose the consumer’s data.
The professions listed in the explanatory memorandum include, qualified accountants, lawyers, registered tax agents, financial counsellors, financial planners and mortgage brokers.
“The classes of trusted advisers are professions that are sufficiently regulated to ensure a strong level of consumer protection is maintained.”
And the government is proposing to introduce the concept of “CDR insight”, which would allow consumers to consent to their data being shared outside the CDR regime for “prescribed purposes that are considered low risk and that are designed to limit the data shared to only what is necessary for the consumer to receive a service”.
Prescribed purposes include identifying a consumer, verifying a consumer’s account balance, verifying a consumer’s income and verifying a consumer’s expenses.
The explanatory memorandum says: “These CDR insights would allow consumers to securely provide and confirm relevant factual information about themselves, while giving the recipient comfort in its authenticity and accuracy. These purposes are intended to support the sharing of information that the consumer could themselves confirm and understand.”
The exposure draft also includes arrangements for dealing with joint accounts. Under the current CDR rules, each joint account holder must opt in before joint account data can be shared.
While one joint account holder may initiate a consent process with an accredited data recipient to share account data, the process will not proceed if any other joint account holders have not also indicated that they are willing to share account data.
In May, Treasury released a consultation paper setting out its plan for an opt-out approach, which would allow an individual joint account holder to independently share data on the joint account by consenting to an accredited person collecting and using the data from the joint account. Either joint account holder would be able to override this setting at any time and switch off the data sharing. The exposure draft formalises the new approach.