A common challenge for consumers across a range of sectors is having access to enough information to make informed decisions: about how to spend their money, the home loan that’s right for them, the energy or mobile phone plan that will give them best value for money. Often, the details of products offered to consumers can be opaque and hard to understand. And consumers don’t often have great visibility of their own historic spending and consuming behaviour – or the ability to interpret those patterns of behaviour – to make the best decision for themselves.
The Consumer Data Right aims to give consumers control over information about themselves – in banking, energy and telecommunications – and share that information with accredited third parties. They could be looking to use personal budgeting tools, compare prices and benefits between different services, manage repayment of a loan or develop smoother accounting services.
Underneath the CDR, standards turn what is a right in principle into real action. Without common technical standards, data will be provided to consumers in lots of different ways that make it hard for consumers to choose from a range of providers. Standards ensure consumers don’t get locked into working with one provider to make sense of their information.
‘API’ is short for application programming interface. Around the world, organisations use APIs to connect products and services both inside their own environments (for example, to help two internal databases talk to each other or power an internal process) and on the web (exposing information from an internal system in ways external people can understand and use). When you book flights online, use a journey planner, access your online banking or log into an energy-saving application, the information you see is supported by APIs.
An open API is one that is publicly available for third party developers to use to build their own applications. A number of services online – weather portals, mapping websites, government services – provide open APIs. Just because an API is publicly available, does not mean the data being accessed and analysed via that API is open too. Within the Consumer Data Right regime, only accredited third parties will be able to receive information with a consumer’s consent via APIs implemented by data holders, and this data will not be open. A very small portion of data within the scope of the Consumer Data Right regime will be openly licensed data: generic information about products advertised by banks (and in time, energy and telecommunications providers) on their website.
An ‘open’ dataset is one which is published on the Web and licensed for anyone to access, use and share. Typically only non-personal data will be licensed as open data. Open datasets are published by both government and private sector organisations. In Australia, a range of federal, state and local government data about the environment, weather, agriculture, buildings and the functions of government itself are available on data.gov.au.
While ‘open banking’ is commonly used to describe the facilitation of access to data via APIs in the banking sector, only a small portion of data within the scope of the CDR regime is in fact, open data: generic product information. The focus of the CDR is personal information a consumer consents to sharing between the organisation holding that data and an accredited third party. This data is not openly licensed or published on the web.
The Murray, Harper, Coleman, and Finkel inquiries all recommended that Australia develop a right and standards for customers to access and transfer their information in a useable format. In addition, in May 2017, the Government received the Productivity Commission’s (PC) report on their Inquiry into Data Availability and Use. The report included a set of 41 recommendations, including for the creation of a new economy-wide Comprehensive Data Right.
In the 2017-18 Budget, the Treasurer announced that Open Banking will be introduced in Australia and commissioned an Open Banking Review to recommend the best approach to implement it.
On 26 November 2017, the Government announced that the CDR will be implemented as a measure for customers to harness their digital data, with its design to be informed by the report of the Open Banking Review.
As announced on 26 November 2017, by the Hon Angus Taylor MP, the then Assistant Minister for Cities and Digital Transformation, the CDR is intended as an economy-wide right, to be applied sector-by-sector on the designation of the Treasurer. The Treasurer will be leading the development of the CDR, with the design of the broader CDR informed by the Government’s response to the recommendations of the Open Banking Review.
As part of its response to the Productivity Commission’s Inquiry into Data Availability and Use the Government has committed to a dual-regulator model, involving the Australian Competition and Consumer Commission (ACCC) as the lead regulator, with strong support from the Office of the Australian Information Commissioner (OAIC).
The ACCC will seek to promote competition and customer focussed outcomes within the system, while the OAIC will aim to ensure that strong privacy protections are a fundamental design feature of the CDR. To set technical standards for the CDR, the Government will engage in a process of close collaboration with designated sectors, the technology community, and consumer and privacy advocates.
A GitHub repository to house work on the API Standards has been created. The name of the repository is Consumer Data Standards Australia.
The repository can be found at: https://github.com/ConsumerDataStandardsAustralia
The issue tracker attached to the open-banking repository under this organisation will be used for the publishing of decision proposals as the standards are developed.
The issue list can be found at: https://github.com/ConsumerDataStandardsAustralia/open-banking/issues
The Treasury will oversee the development of the Consumer Data Right (CDR) legislation, with its design informed by the recommendations of the Open Banking Review and adopted by the Government.
The main tasks for the Treasury will be:
• Consulting on draft legislation
• Providing updates to the Minister on progress regarding implementation
• Providing advice to the Minister on future designated sectors
• Providing advice to the Minister on rules submitted by the ACCC for consent
The Treasury is an observer sitting on the Data Standards Body Advisory Committee.
OAIC has a number of roles in the CDR regime, including an advisory role, overview of the privacy protection elements, and consumer complaints handling once in operation. OAIC will be the first port of call for complaints for consumers regarding breaches of their rights under the CDR regime.
They will work with the Data Standards Body to ensure that the consumer’s privacy is well protected, and be an observer on the Advisory Committee.
ACCC will be lead regulator for the CDR regime. Their role is to:
• Empower consumers and foster competition
• Provide education and guidance to consumers on the benefits of the CDR
• Recommend future industries/sectors to government to be designated participants in the CDR regime
• Develop rules and accreditation schemes
• Take enforcement action to ensure compliance by participants
The ACCC is an observer sitting on the Data Standards Body Advisory Committee.