The Consumer Data Right (CDR) was introduced to give consumers greater control over their consumer data. It enables a consumer to direct a data holder to provide their CDR data to an accredited data recipient, in a CDR compliant format.

The CDR was enacted by the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth) which  inserted a new Part IVD into the Competition and Consumer Act 2010 (Cth).

The Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) provide the framework for how the CDR operates in the banking sector. The Rules define the elements for consent, outline the accreditation framework and elaborate on the privacy aspects of the scheme.

There are also ‘data standards’ that are made by the Data Standards Body (CSIRO’s Data61), including standards about the format and process for transferring data. The data standards are available on CSIRO’s Data61 Consumer Data Standards website.

The Consumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019 is the instrument that designates the banking sector as part of the CDR system. It sets out the classes of information that are subject to the CDR as well as who holds this information and  is required to transfer it at the consumer’s request.

CDR Rules

The Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) set out details about how the CDR legislation applies, including in relation to consent, the privacy safeguards, the accreditation framework and data standards.

The CDR Rules require major banks to share certain consumer data, such as data relating to credit and debit cards, deposit accounts and transaction accounts, where directed by a consumer to do so.

The CDR Rules are made by the Australian Competition and Consumer Commission with the consent of the Treasurer.

For more information about the CDR Rules see the ACCC’s website.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au