背景在9月30日，竞争和消费者（消费者数据右）规则2020（CTH）被修改，目的是降低到消费者数据正确制度（CDR）参与的障碍，如澳大利亚的预示Treasury’s prior proposal in April and related exposure draft legislation released in July. By increasing ease of access, the amendments aim to... Continue Reading…
在9月30日，竞争和消费者（消费者数据右）规则2020 em>（cth）被修改 [ sup> 1] with the aim of lowering barriers of entry to Consumer Data Right regime (CDR) participation, as foreshadowed by the Australian Treasury’s prior proposal in April and related exposure draft legislation released in July.
By increasing ease of access, the amendments aim to increase the adoption of the CDR among a wider range of organisations, and in doing so, enable consumers to make greater use of their data rights. The amendments are the latest in a series of steps taken by the Treasury to expand the reach of the CDR, aimed at implementing the CDR on an economy-wide basis.
Broadly, the amendments seek to:
The Sponsored Accreditation process allows an organisation to become accredited under the CDR by contracting with an existing accredited person, who may act as the sponsor of that organisation for the purposes of accreditation. The criteria for ‘Sponsored Accreditation’ and the obligations that come with it, are the same as for other accredited persons. However, the sponsored organisation will not be required to go through the accreditation process that was required originally (for example, in respect of the implementation of the CDR in the banking sector, in which participants were required to provide an information security assurance report, once accredited). Importantly, however, sponsored organisations cannot directly collect information from data holders, but must request that their sponsor collect the relevant data for them.
This materially lowers the barrier to entry for sponsored organisations, who can now seek to leverage the CDR without having to undergo the traditional accreditation process, which, during the Open Banking implementation of CDR, was criticised as being laborious and costly. This form of accreditation may be useful in situations where an accredited organisation is looking to partner with smaller affiliates, to provide services requiring access to CDR data. For example, a FinTech start-up may choose to contract with (and be sponsored by) a large ADI (or vice versa) for this purpose.
The amendments propose to implement a quasi-accreditation “CDR Representative” process, intended to commence by 19 October, which would allow organisations that offer CDR-related services to consumers, to become a CDR Representative (Representative) of an accredited participant (Principal), thereby enabling those Representatives to access and use the CDR data of the Principal without needing proper accreditation.
The amendments also prescribe terms for any contractual arrangements between Representatives and Principals, particularly in respect of the use and disclosure of CDR data by Representatives. The amendments also provide that a Principal would retain responsibility and liability for the acts and omissions of Representatives in connection with such arrangements.
Accredited persons will now be able to rely on outsourced service providers to collect CDR data on their behalf, reducing business costs associated with data collection. As with the arrangements between Representatives and Principals , responsibility and liability for the collection of the CDR remains with the relevant accredited person, and does not pass to the outsourced service provider.
The amendments establish new CDR data sharing models, intended to provide consumers with greater choice as to who their CDR data can be shared with by accredited organisations, outside the CDR ecosystem – that is, outside the existing network of accredited persons, sponsored entities and Representatives.
Consumers may nominate a professional (such as a consumer’s accountant, or legal or financial adviser) to be a “trusted adviser”who may access CDR data on behalf of that consumer. While a professional may not be an accredited person for the purposes of the CDR, the Amendments recognise that professionals are appropriately regulated to receive CDR data, particularly due to the consumer protection mechanisms that form part of their respective regulatory frameworks. It is expected that consumers will be able to share their CDR data with trusted advisers by 1 February 2022.
Consumers may also consent to the sharing of their CDR data by accredited organisations, in certain, prescribed situations, intended to make it easier for consumers to receive goods and services. This shared CDR data is known as a “CDR insight”; . CDR insights can be shared, for example, to verify a consumer’s identity, their account balance or details about their transactions. The Data Standards Chair will separately consult with key industry stakeholders, to establish the standards enabling CDR insight disclosures.
The amendments seek to simplify the consent process for CDR data sharing, as it relates to joint consumer accounts. Specifically, the Amendments seek to enable the CDR data of joint account holders to be shared with the consent of only one (not both) of those joint account holders. However, Accredited Data Holders must provide joint account holders with the option to change their consent option (for example, to require joint consent for the sharing of CDR data, or to entirely prevent the sharing of any CDR data in respect of the relevant account). It is intended that this joint consent capability will commence in February 2022.
These changes will lower barriers to entry for those wishing to participate in the CDR, and for those who have not received CDR accreditation to date, offer new pathways to access CDR data that weren’t available before (that come without the additional burden of the accreditation process). Similarly, for already-accredited organisations, the number and type of organisations with whom they can partner and share CDR data, will be materially increased . This will enable accredited organisations to take advantage of breadth of market expertise, and deliver a better and more efficient customer experience.
In order to prepare for CDR participation and leverage the opportunities presented by it, businesses (whether accredited or not) may need to:
Data is now the digital gold of contemporary commerce. As CDR becomes increasingly prolific in the market, finding a way to navigate the regulatory and commercial landscape will not only be beneficial, but critical to business growth.
In our experience, preparing for compliance with the CDR will require significant IT and regulatory effort and investment that needs to be planned for now. Having assisted clients in the banking sector in respect of the implementation of the ‘Open Banking’ regime, DLA Piper is well-placed to assist you and your team in understanding the real-world legal, technical, regulatory and commercial issues and challenges surrounding participation in the CDR, whether as an accredited person, sponsor, Principal, Representative or otherwise.
Please contact us for more information as to how we may help you and your business.
 by the Competition and Consumer (Consumer Data Right) Amendment (2021 Measures No. 1) Rules 2021 (Cth)
Background With the implementation of the Consumer Data Right (CDR) in the banking sector (known as ‘Open Banking’) well under way, the release of draft amendments to the CDR rules for the energy sector, and the continuing development of the framework for implementing the CDR in the telecommunications sector, the Australian Government intends to continue... Continue Reading…
随着消费者数据权(CDR)在银行业(被称为“开放银行”)的实施，< a href = " https://www.dlapiper.com/insights/publications/2021/09/treasury-proposes-draft-rules-for-the-consumer-data-right/ " >释放能源部门的CDR规则修正案(草案)> < /,和持续的发展框架的实现CDR在电信行业,澳大利亚政府打算继续按部门循序渐进地推出CDR，以便在整个经济基础上实施CDR。
Preparing for compliance with the CDR regime will require significant IT and regulatory efforts – we have seen that this has already been the case with clients in the banking sector. Further, the implementation of the CDR will present an opportunity for new, disruptive technologies and new sector participants to emerge, as players try to service customers through a single relationship that crosses multiple sectors.
In order to ready the battlements for CDR implementation and leverage the opportunities presented by it, clients may need to:
All of this requires significant time, effort and investment that needs to be planned for now.
Clients may also wish to examine opportunities in the market in respect of collaboration with existing entities and innovation, with a view to creating the best regime-compliant customer experience.
How can DLA Piper help?
Having assisted clients in the banking sector in respect of the implementation of the Open Banking regime, DLA Piper is well-placed to assist you in understanding what will be required in implementing the CDR into your business, including in terms of the real-world issues arising with implementation. We can also work with your team to understand and deal with the legal, technical and regulatory challenges that you will likely face as you begin to navigate the high seas of CDR implementation.
Make no mistake, the technology, business process implementation, training and staffing effort to implement this regime is significant. It shouldn’t be viewed simply as a regulatory burden, but as an opportunity to grow your customer base and as an essential and key part of your strategy to retain the customers you already have. Please contact us for more information as to how we may help you and your business.