The Consumer Data Right (CDR) aims to provide greater choice and control for Australians over how their data is used and disclosed. It will allow consumers to access particular data in a usable form and to direct a business to securely transfer that data to an accredited data recipient.

The security and integrity of the CDR system will be maintained by 13 Privacy Safeguards, which are contained in the legislation and will be supplemented by rules. These will set out the privacy rights and obligations for users of the scheme, including the requirement for informed consent to collect, disclose, hold or use CDR data.

Individual consumers and small, medium and large business customers will all be able to exercise the Consumer Data Right in relation to data that is covered by the CDR scheme.

Our role in the Consumer Data Right

The CDR scheme will operate under a co-regulator model. The OAIC will regulate the privacy aspects of the scheme and provide advice to the Australian Competition and Consumer Commission (ACCC) and the Data Standards Body (Data61).

We will work with the ACCC to inform consumers, data holders and accredited data recipients about the scheme.

The OAIC will also be the primary complaints handler under the CDR scheme. The Australian Information Commissioner will have a range of investigative and enforcement powers to handle privacy complaints and carry out other regulatory activities.

We will work closely with the ACCC to address any systemic breaches of the CDR framework.

Introduction of the Consumer Data Right

The CDR will be rolled out in stages starting with the banking sector (known as ‘Open Banking’). Next, CDR will be implemented in the energy and telecommunication sectors. It will then be introduced sector by sector across the broader economy. More information about the timing of this implementation is available from the ACCC website

Read more from Treasury, the ACCC and Data 61.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at