Consumers will have an online “consumer dashboard” to allow them to manage their data consents when the Consumer Data Right in banking kicks off in July.
Details of the dashboard are included in the rules for the Consumer Data Right in banking (Open Banking), which the Australian Competition and Consumer Commission released last week.
The Consumer Data Right is designed to give people greater choice over how their personal data is used and disclosed. It allows consumers to access particular data and transfer it to an accredited person.
The ACCC rules give legislative force to consumer data sharing obligations in banking, which will become mandatory from 1 July. From that date consumers will have the right to direct their bank to share their data with an accredited data recipient.
The rules cover a range of “product reference data” including interest rates, fees and charges, eligibility criteria for banking products, transaction and other customer data.
Consumer data relating to credit and debit cards, deposit accounts and transaction accounts must be available from July.
The rules will apply progressively to a broader range of products over time. Consumer data relating to mortgage and personal loan data must be available from 1 November
The major banks have been sharing product reference data on a voluntary basis since July last year.
According to the rules, there are three types of requests that can be made to a data holder to disclose CDR data: consumer data requests made on behalf of CDR consumers by accredited persons; consumer data requests made by eligible CDR consumers directly; and product data requests made by any person directly
An important element of the rules is a data minimisation principle. Accredited persons must not seek to collect more data than is reasonably needed.
For example, to assess consumer eligibility for a home loan and accredited person could ask for the past 12 months of transaction data but not future transaction data.
In another example, an accredited person could access consumer data to set up an aggregation service but not necessarily a profile of the consumer’s spending habits and disposable income.
Some CDR data must be de-identified. This will occur when it is redundant or when it is used for another purpose.
Accredited persons will have to satisfy the Data Recipient Accreditor that they are fit and proper.
Accredited persons must provide consumers with an online “consumer dashboard” that will enable them to see and manage their consents for the collection and use of their data. Consumers must be able to withdraw consent from an accredited person at any time.
Consumers must also be able to direct that their redundant data be deleted.
Typical accredited persons would include comparison sites, banks, non-bank financial institutions, providers of consumer finance apps and service providers such a travel companies that may track and categorise travel spending.
Data holders and accredited data recipients must have complaints procedures.