Friday, 30 October 2020 15:43

Legal centre warns on Consumer Data Right rule changes

Legal centre warns on Consumer Data Right rule changes Reimund Bertrams via Pixabay

A community legal centre has expressed concern that proposed changes to the Consumer Data Right rules puts people at risk.

The idea behind the Consumer Data Right (CDR) – which is initially implemented under the Open Banking arrangements – is that people can "access data about themselves held by businesses, and direct that data to be shared with accredited third parties of their choice," according to the Australian Competition and Consumer Commission (ACCC).

So an individual might make their banking data available to a different financial institution in the hope of securing better loan terms, or they might allow their electricity consumption details to be visible to another energy retailer when looking for a more competitive tariff.

Consumers have always been able to provide such data manually – eg, by sending copies of electricity bills – but CDR is about granting access securely, automatically and efficiently.

Currently, the rules allow consumers to grant an accredited data recipient (ADR) access to their CDR data. But they do not allow the ADR to disclose the data to anyone else – even with the consumer's consent – except as necessary to deliver the good or service, such as when part of the supply is outsourced.

The ACCC has proposed that (among other things) consumers should be able to give their consent for an ADR to "disclose CDR data to a trusted advisor who falls within a specified professional class, and disclose limited 'insights' derived from CDR data to any nominated person."

The rationale is that such disclosure "is consistent with the principles of consumer choice and control which underpin the CDR regime," and only occurs at the customer's request and with their separate consent.

The 'trusted advisors' would include accountants, lawyers, tax agents, BAS agents, financial advisors, financial counsellors, and mortgage brokers. The ACCC points out that "Consumers routinely share their banking data with members of these professionals and we consider there will be consumer benefit in allowing this to occur via the CDR."

As for 'insights', they would include such things as "income and expense verification, verification of payments, or outcomes of responsible lending assessments." Importantly, actual CDR data cannot be provided to such recipients.

However, Financial Rights Legal Centre director of casework Alexandra Kelly thinks the new rules could enable access to private and sensitive consumer data by companies which are not required to meet the CDR regime's higher security and safety standards for privacy.

"This proposal will fundamentally undermine consumer trust and confidence in the CDR," she said.

"It is also likely to open the floodgates to non-accredited companies to obtain sensitive data without having to meet higher privacy standards. In some cases they won't have to meet any privacy standards at all."

Financial Rights is also critical of the proposed new rules to allow more direct marketing and the sale of consumer data.

"These proposals could result in financially vulnerable people being targeted by new Open Banking players and sold expensive credit and inappropriate debt and credit solutions they can't afford," Kelly said.

"We urge the ACCC to reconsider these erroneous recommendations and instead put consumer interests at the heart of the new data regime."

Financial Rights' submission to the ACCC seems to imply that it thinks the arguments about increasing consumer choice and improving the customer experience are little more than a smokescreen for reducing compliance costs despite a recent survey conducted by the Office of the Australian Information Commissioner finding that "Eighty-three percent of Australians would like the government to do more to protect the privacy of their data."

The Centre called on the ACCC to design a different tiered accreditation proposal that is primarily concerned with consumers' best interests, with "strong, consistent and unavoidable safety and security measures"; a consent model that allows consumers to be genuinely informed and to easily withdraw their consent, and that "prevents pressure or dark patterns... [being] used by CDR participants to maintain consents".

Furthermore, it appears to regard the proposal to allow disclosures to non-accredited persons as being fundamentally flawed. Among the objections are that:

"Disclosure to a "trusted advisor" is not just inherently risky but is contrary to the entire point of the CDR to provide a safe and secure data environment

"Referring to "Trusted" advisors is misleading since many will not have to provide a safe and secure data environment [and]

"Disclosure to "trusted advisors" facilitates the creation of two data protection regimes – one safe and secure environment, one with fewer if any consumer protections".

Financial Rights also expressed concerns about the proposed rules around joint accounts.

The ACCC consultation on proposed changes to the CDR rules closed yesterday. The Commission proposes to amend the rules in December 2020.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News