FOI 3139
Document 1
Consumer Data Right newsletter: 17 May 2021
Dear <<First Name>>,
This week’s Consumer Data Right (CDR) newsletter includes:
• what the 2021-22 Federal Budget contained on CDR
• ACCC compliance guidance for data holders in the banking sector
• ACCC guidance on authorised deposit-taking institution (ADI) responsibility
for data holder brands
• a reminder about the consultation open on CDR rules and standards design
papers, and information about deferral of joint account and direct to
consumer obligations.
Federal Budget 2021-2022
As part of the
Budget papers released on 11 May 2021, the Government stated its
continued commitment to implementing the CDR in the banking sector and
accelerating its rollout across the economy, including in the energy and
telecommunications sectors. Treasury is excited for the next phase of the CDR
rollout, where we will see:
•
the development of a data-driven economy
•
increased innovation in a post-COVID economic environment
•
consumers empowered to make informed choices about their services, and
•
reduced costs for Australian households and small businesses.
As noted in our
7 May 2021 newsletter, the Government’s 2021-22 Federal Budget
includes $111.3 million of investment to both continue and expand CDR rollout.
ACCC compliance guide for data holders in the banking sector
The ACCC has published
compliance guidance for data holders in the banking
sector. This guide is designed to assist data holders to understand and comply
with their obligations under the Consumer Data Right Rules and Standards.
ACCC guidance on ADI responsibility for data holder brands
The ACCC has published some guidance on
ADI responsibility for data holder
brands. This document is designed to assist industry participants identify whether
they have data holder obligations in relation to particular brands or branded
products they are associated with.
Reminder: Consumer Data Right rules and standards design papers
As announced in our
30 April newsletter, Treasury and the Data Standards Body
are seeking input on design issues to inform the development of rules and
standards to implement:
•
a peer-to-peer data access model in the energy sector, and
•
an ‘opt-out’ data-sharing model for joint accounts in the banking and
energy sectors.
To support consultation and elicit informal feedback on these issues, two design
papers are now available on
Treasury’s website for stakeholders’ consideration.
We welcome feedback and engagement on an informal basis, which can be
provided through GitHub (with separate pages for
joint accounts and
peer-to-
peer model for energy feedback) or by emailing
xxxx@xxxxxxxx.xxx.xx.
As part of the consultation discussions, there have been a number of queries about the
deferral of the joint account requirements and ‘direct to consumer’ obligations that
would have applied from November 2021
(Treasury announcement). Treasury has
responded to these queries with additional information which is available on the
CDR
Support Portal.
We are seeking stakeholder views by
26 May on the details of rules and standards
outlined in these papers.
Feedback received on these papers will inform the development of draft rules
and standards, which will be the subject of formal consultation in the coming
months.
Kind regards,
Kate O’Rourke
First Assistant Secretary
Consumer Data Right Division
The Treasury
FOI 3139
Document 2
Response to queries: Deferral of joint account and direct to consumer
obligations
On 30 April 2021 the Treasury
announced that the current requirements for banks to implement the
joint account requirements that would have applied from November 2021 will be deferred, with new
compliance dates to be set following
consultation on the joint account data sharing model.
Separately, compliance with data holders’ ‘direct to consumer’ obligations that would have applied
from November 2021 will also be deferred, pending a future consultation process.
In response to this announcement, Treasury has been asked for more details on the deferral
announcement and its implications for data holders in the banking sector.
What are the joint account obligations that are being deferred?
Major ADIs
Major ADIs must continue to facilitate joint account data sharing in accordance with the obligations
in
version 1 of the CDR Rules.
Under the deferral major ADIs will not be required to comply with the additional obligations in
version 2 of the CDR Rules that would have applied from November 2021. The key differences
between version 1 and version 2 of the joint account data sharing obligations in the CDR Rules are
described in
a CDR Support Portal article. In particular, major ADIs must continue to support joint
account data sharing for joint accounts with two account holders, maintain a joint account
management service to allow consumers to manage their disclosure options, as well as meet the
dashboard and notification requirements under version 1. However, the following obligations in
version 2 will be deferred:
•
requirements for sharing data on joint accounts where there are more than two account
holders (rather than two account holders only)
•
notification and invitation requirements
•
the ‘in-flow election’ processes
•
secondary user functionality for joint accounts.
Non-major ADIs
Obligations for non-major ADIs to share joint account data from November 2021 will be deferred.
This will also apply to the major banks for their non-primary brands.
Reciprocal data holders
Similarly, current requirements for reciprocal data holders to share joint account data under version
1 of the CDR Rules from July 2021, and version 2 of the CDR Rules from November 2021, will be
deferred.
The deferral does not affect other obligations for the non-major ADIs that are due to commence
from November 2021, in relation to phase 2 products and additional APIs. For example, this means
that non-major ADIs will be required to respond to consumer data requests for phase 2 products
from November 2021 where these products are held by single account holders (including home
loans, mortgage offset accounts and personal loans).
Requirements under the current rules
Effect of deferral
Present
Jul 2021
Nov 2021
Must continue sharing joint
Share joint
account data under version 1 of
account data
Share joint
the rules
Major ADIs under version
account data
1 of the rules
under version
No requirement to implement
until 31
2 of the rules
additional joint account
October 2021
functionality that would have
applied from November 2021
Non-major
ADIs and
Share joint
non-
account data
primary
under version
brands of
2 of the rules
major ADIs
No requirement to share joint
account data
Share joint
Reciprocal
account data
Share joint
data
under version account data
holders
1 of the rules
under version
until 31
2 of the rules
October 2021
What is the new compliance date for joint account obligations?
New compliance dates for joint account obligations will be determined by the Minister after
considering feedback from stakeholders received during the current consultation on the joint
account design paper, and from the formal consultation that will occur on draft amendments to the
CDR Rules. New compliance dates will be determined, even if the Minister decides, following
consultation, to maintain the current approach to joint account data sharing in the CDR Rules.
How can I provide feedback on the new compliance date for joint account obligations?
Feedback on the issues outlined in the joint accoun
t design paper can be provided up until
26 May
2021, including on the implementation considerations to inform a new compliance date for joint
account data sharing. Draft rules will be developed for formal consultation as soon as possible
following the close of consultation on the design paper.
As noted in the design paper, we are keen to ensure that joint account data sharing can commence
as quickly as possible and for as many consumers as possible, and to support increased participation
in the CDR by prospective ADRs. While the design paper notes the desire for any new compliance
date to be in Q1 of 2022, this is a consultation issue and we encourage feedback on the
implementation timeframes that would be achievable for the options explored in the paper. We
encourage the provision of specific information about the implementation impacts of the opt-out
proposal to support submissions on the new compliance date.
What are ‘direct to consumer’ obligations that are being deferred?
All data holder requirements to disclose required consumer data in response to a direct request
made by a CDR consumer (the ‘direct to consumer’ obligations) will be deferred. The intention is for
consultation to occur at a future time on an API-based model for direct to consumer obligations and
part of that process would involve consideration of compliance dates for these obligations.
How wil the deferrals be given effect?
Deferrals relating to joint account and ‘direct to consumer’ obligations will be given effect though
amendments to commencement provisions in the CDR Rules. The process for consulting on and
finalising these rules is intended to occur prior to November 2021.
Consumer Data Right Board
s 22
Action item CDRB/201020/2.5 (Direct to consumer,
assigned to Treasury) remains open.
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
Consumer Data Right Board
s 22
1.5 Action Items
Paper
Ms Quinn
s 22
The following action items remain open:
• CDRB/201020/2.5 (Direct to consumer,
assigned to Treasury).
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
FOI 3139
PROTECTED
Document 7
s 22
Deferral of direct to consumer obligations
•
The rules currently contain a requirement, that would apply from 1 November 2021, on data
holders to transfer data directly to consumers on request in a ‘human-readable form’ in
accordance with the data standards. Significant concerns were raised about the utility and cost
to provide data in human-readable form during consultation on a draft standard during late
2019.
•
On 16 April you agreed to defer data holder ‘direct to consumer’ obligations indefinitely,
pending a future consultation process to review the appropriate model for providing direct
access to data by consumers. This decision was announced on 30 April on the Treasury
website.
PROTECTED
The remainder
of this document is outside
the scope of the request and has been
deleted
Consumer Data Right Board
s 22
The following action items remain open:
• CDRB/201020/2.5 (Direct to consumer,
assigned to Treasury).
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
FOI 3139
Document 10
‘Direct to consumer’ obligations
Background on position on ‘direct to consumer’ obligations in the banking sector
•
On 16 April (MS21-000864 refers) the Minister agreed to defer data holder ‘direct to
consumer’ obligations indefinitely for the banking sector, pending a future consultation
process to review the appropriate model for providing direct access to data by
consumers. These obligations would have required banking data holders to offer this
service to consumers on request in a ‘human-readable form’ in a matter prescribed by
the data standards, with effect from 1 November 2021. The deferral was announced on
30 April on the Treasury website.
s 22
•
The exposure draft rules do not apply ‘direct to consumer’ obligations for energy data
holders at this time. Treasury considers that any consultation on the future application
of these obligations should explicitly address the overlap with existing energy
regulation, and any consultation should first occur with State, Territory and
Commonwealth Energy Ministers.
s 22
4
The remainder of this document is outside
the scope of the request and has been
deleted
FOI 3139
Document 11
From:
s 22
To:
s 47F
Cc:
s 22
; s 22
s 22
s 22
Subject:
Questions from last week"s CDR rules v3 presentation [SEC=OFFICIAL]
Date:
Wednesday, 28 July 2021 2:52:00 PM
Attachments:
image001.gif
OFFICIAL
Hi s 47F
Thanks for attending the presentation on the CDR Rules consultation at the implementation call last Thursday. I
hope you found it useful.
We wanted to follow up on your questions to close off on that call:
s 22
Direct to consumer under v3 seems to be deferred, is there any date in mind for when this will be introduced?
There is not currently a date in mind for the direct to consumer obligations. As noted on the CDR
Support Portal, the intention is for consultation to occur at a future time on an API-based model for
direct to consumer obligations and part of that process would involve consideration of compliance
dates for these obligations.
s 22
Kind regards
s 22
s 22
Director (a/g) Rules Unit
Consumer Data Right Division | Markets Group | The Treasury
Level 16, 530 Collins Street, Melbourne
Ph: s 22
|
M: s 22
|
E: s 22
cdr.gov.au | Subscribe to receive CDR updates
The Treasury acknowledges the traditional owners of country throughout Australia, and their continuing connection to land, water
and community. We pay our respects to them and their cultures and to elders both past and present.
OFFICIAL
link to page 21 link to page 24 link to page 29 link to page 30 link to page 34 link to page 37 link to page 44 link to page 45
FOI 3139
Document 12
Data Standards Body
Consumer Experience and Technical Working Groups
Noting Paper 207: Draft v3 Rules Analysis | Anticipated Data Standards
Contact: Michael Palmyre and Mark Verstege
Publish Date: 9 August 2021
Feedback Conclusion Date: 24 August 2021
Context
A draft version 3 of the Consumer Data Right (CDR) Rules (draft v3 rules) was published for consultation from 1 July – 30 July 2021. This
Noting Paper
considers potential data standards changes using the draft v3 rules as reference.
The purpose of this Noting Paper is to consult on the scope and intent of the anticipated data standards changes by reference to the draft v3 rules that
were published for consultation.
This paper includes anticipated changes to t
he Consumer Data Standards relating to Consumer Experience, Information Security, Technical API Standards
and t
he CDR Register to support alignment with the propos
ed draft v3 rules. The major areas include:
1.
Sponsored Accreditation
2.
The CDR Representative Model
3.
Unaccredited OSPs
4.
Trusted Advisers
5.
CDR Insights
6.
Joint Accounts
7.
Direct to Consumer
8.
ADR Representation
1 | P a g e
Targeted decision proposal consultations will occur separately to this Noting Paper for the specific areas listed in this document, in light of the final rules
made by the Minister. The DSB invites the community to provide feedback on timings, content, and obligations.
The draft v3 rules published for consultation are subject to change. If, or where, the rules change from the draft version 3 of the CDR Rules, impacts to
anticipated changes will be addressed as part of ongoing consultation. Standards not currently authorised in the rules cannot be made. As such, the
creation of v3 rules-dependent standards will necessarily follow the making of the final rules.
Decision To Be Made
Decide the scope and intent of the changes to the Data Standards based on the draft v3 rules. Whi
le a Noting Paper is not part of a formal decision proposal
consultation, the DSB strongly encourages feedback to help inform data standards development in relation to these key items.
Identified Options
This Noting Paper contains a brief description of the anticipated standards changes in relation to specific topics. Each change discussed in this paper will be
consulted on separately, where necessary, but CDR participants should use this consultation to raise any concerns or impacts. Suggestions for alternatives
for any topics are welcome and should be raised in the consultation process.
The structure of this section aligns with the headings in the draft v3 rules explanatory materials.
Each section contains a table with descriptions of the expected obligations and timing for Accredited Data Recipients (ADR, also referred to as Accredited
Persons) and Data Holders (DH).
2 | P a g e
Sponsored Accreditation
The sponsored level of accreditation is for persons with or who intend to have an arrangement with an unrestricted accredited person who is willing to act
as their sponsor in the CDR regime. A person accredited to the sponsored level and in a sponsorship arrangement would be known as an affiliate of its
sponsor. An affiliate is an accredited person and is required to fulfil the obligations of an accredited person in the CDR regime.
Affiliate
Sponsor
Consumer
Data Holder
(ADR)
(ADR)
CDR
Register
Further analysis and consultation needs to be conducted to understand if/how an affiliate may appear to the consumer throughout the consent model,
particularly in the DH’s authorisation flow and authorisation management dashboard.
3 | P a g e
link to page 45 link to page 45 link to page 24 link to page 45 link to page 45
Table 1. Sponsored Accreditation
#
Issue
Entity
Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
1. ADR representation in
ADR
1.14(3)(ha)
ADR: MAY
The DSB will consult on additional consent-related fields to
TBD
TBD
DH authorisation flow
DH
1.15(ba) and
DH: MUST
determine if or how these fields could support more
and dashboards
(bb)
complex accreditation models. Additional details on this
4.23(2)
proposal can be found in t
he Table 8. ADR Representation
issue. Further analysis will need to be conducted to understand
how affiliates will or will not surface in DH authorisation
flows and dashboards.
This issue is reflected in:
Table 2. CDR Representative Model
Table 8. ADR Representation
Purpose: Achieve comprehensible and contextually
appropriate presentation of ADRs during authentication,
authorisation, and on consumer dashboards.
2. Consumer Data
N/A
N/A
N/A
No additional CX Data Standards are anticipated for this
N/A
N/A
Standards (CX)
item.
3. Consumer Data
N/A
N/A
N/A
No technical standards are currently anticipated for this
N/A
N/A
Standards (Technical)
specific item.
However, the outcome of t
he ADR representation issue may
require technical standards. This will be consulted on in a
separate consultation.
The rules allow for the transfer of CDR data between ADRs
as long as appropriate consent is obtained. While the rules
define obligations that ADRs must meet in order to make
4 | P a g e
link to page 45
Table 1. Sponsored Accreditation
#
Issue
Entity
Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
these transfers there is no requirement for the DSB to make
standards for this transfer. The DSB has not sought to
impose technical standards on the transfer of data between
accredited persons.
4. CDR Register Standards
N/A
N/A
N/A
No technical standards are currently anticipated for this
N/A
N/A
(Technical)
specific item.
However, the outcome of t
he ADR representation issue may
require technical standards. This will be consulted on in a
separate consultation.
The CDR Register APIs are designed for trusted information
sharing between Accredited Data Recipients and Data
Holders. Affiliates collect CDR data through a sponsor rather
than directly connecting to Data holders. Since the sponsor is
themselves an existing ADR, the CDR Register APIs contain
the necessary metadata to facilitate the trusted connection
of the sponsor to the Data Holder.
5. CDR Register (Participant
ADR
N/A
N/A
The rule changes associated with the introduction of
TBD
TBD
Portal)
Sponsored Accreditation and Sponsorship arrangements will
require additional functions to be added to the CDR
Participant Portal and additional accreditation onboarding
requirements. These functions will enable:
• Prospective accredited persons to:
o Apply for accreditation and be assessed
against the criteria at the sponsored level
• Unrestricted accredited data recipients to:
5 | P a g e
Table 1. Sponsored Accreditation
#
Issue
Entity
Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
o Notify the Data Recipient Accreditor when
a sponsorship arrangement has been
established;
o Manage the status of these arrangements
by providing updated information as
needed.
Sponsored accredited persons will appear on t
he find-a-
provider page. Where sponsorship arrangements exist,
details of the relationships between sponsors and affiliates
will be available.
6 | P a g e
link to page 45 link to page 45
The CDR Representative Model
The CDR representative model enables unaccredited persons to provide goods and services to consumers using CDR data in circumstances where they are in a CDR
representative arrangement with an unrestricted accredited person who is liable for them.
An unaccredited person who is in a CDR representative arrangement would be known as the CDR representative of the principal accredited person.
Representative
Principal
Consumer
Data Holder
(unaccredited)
(ADR)
CDR
Register
Table 2. CDR Representative Model
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
6.
ADR representation
ADR
1.14(3)(ha)
ADR: MAY
The DSB will consult on additional consent-related fields to
TBD
TBD
in DH authorisation
DH
1.15(ba) and
DH: MUST
determine if or how these fields could support more complex
flow and dashboards
(bb)
accreditation models. Additional details on this proposal can
4.23(2)
be found in t
he Table 8. ADR Representation issue. Further analysis will need to be conducted to understand
how CDR Representatives will or will not surface in DH
authorisation flows and dashboards.
This issue is reflected in:
7 | P a g e
link to page 21 link to page 45 link to page 45
Table 2. CDR Representative Model
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
Table 1. Sponsored Accreditation
Table 8. ADR Representation
Purpose: Achieve comprehensible and contextually
appropriate presentation of ADRs during authentication,
authorisation, and on consumer dashboards.
7.
Consumer Data
N/A
N/A
N/A
No additional CX Data Standards are anticipated for this
N/A
N/A
Standards (CX)
item.
8.
Consumer Data
N/A
N/A
N/A
No technical standards are currently anticipated for this
N/A
N/A
Standards (Technical)
specific item.
However, the outcome of t
he ADR representation issue may
require technical standards. This will be consulted on in a
separate consultation.
The rules allow for the transfer of CDR data between ADRs as
long as appropriate consent is obtained. While the rules
define obligations that ADRs must meet in order to make
these transfers there is no requirement for the DSB to make
standards for this transfer. The DSB has not sought to impose
technical standards on the transfer of data between
accredited persons.
9.
CDR Register
N/A
N/A
N/A
No technical standards are currently anticipated for this
N/A
N/A
Standards (Technical)
specific item.
A principal may enter into many arrangements with separate
CDR representatives (representatives). In this situation, the
representatives provide goods or services to consumers, at
least in part, using CDR data. It is possible that a principal
may represent:
8 | P a g e
Table 2. CDR Representative Model
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
(a) these arrangements under a common brand and
software product of the principal, or
(b) each arrangement under separate software products
and/ or data recipient brands.
The CDR Register GetDataRecipients API supports the
disclosure of the representative arrangement using existing
metadata where the accredited persons that have entered
into the representative arrangement make it known to the
consumer. This can be achieved in one of two ways:
(a) The brand of the principal would be used in a
brandName of the data recipient. The software
product of the principal would be used in the
softwareProductName of the data recipient. The
software product would be onboarded by the
principal. An example may include an online
accounting platform that provides its own
marketplace of vendors that offer additional goods
and services. The brand and software product
presented during the consent flow would be the
brand and software product of the accounting
platform. The consumer would see consent
arrangements in their data holder dashboard under
the brand and software product of the accounting
platform.
(b) The brand of the representative may be used in the
brandName of the data recipient. The software
product of the representative would be used in the
softwareProductName. The software product may
be on-boarded for the representative by the
principal operating under the representative
9 | P a g e
Table 2. CDR Representative Model
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
arrangement. An example may include a large
mortgage broker utilising a bank's common
mortgage broking platform. The consumer may be
more familiar with or seek to do business with a
particular mortgage broker firm but the platform is
offered by the bank. The brand name may include
something like a "powered by" label in the brand
name, software product name or software product
description.
The draft rules do not require additional metadata to be held
or exposed via the CDR Register APIs.
10.
CDR Register
ADR
Sch. 1, clause
N/A
Participant Portal changes are required.
TBD
TBD
(Participant Portal)
2.3(2) and
2.3(3)
The rule changes associated to the introduction of CDR
5.15(a)(vi)
Representative Arrangements will require additional
5.24(bc)
functions to be added to the CDR Participant Portal. These
functions will enable the principal (accredited person) to:
• notify the Data Recipient Accreditor when a CDR
representative arrangement has been established;
and
• manage these arrangements by providing updated
information as needed.
The details of these CDR Representative arrangements will
also be made available on the public CDR Register via links
from t
he find-a-provider page.
10 | P a g e
Unaccredited OSPs
In December 2020, the Act was amended to allow the CDR Rules to authorise the collection of CDR data by parties who are not accredited on behalf of an
accredited person. It is now possible for the CDR Rules to allow unaccredited intermediaries to collect CDR data on behalf of an ADR.
Outsourced
Principal
Consumer
Service Provider
Data Holder
(ADR)
(unaccredited)
CDR
Register
Table 3. Unaccredited OSPs
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
11.
Consumer Data Standards
N/A
N/A
N/A
No additional CX Data Standards are anticipated for this item. N/A
N/A
(CX)
12.
Consumer Data Standards
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
(Technical)
The draft rules changes allow for unaccredited OSPs to collect
data on behalf of their accredited principal. Where the OSP
collects data on behalf of the principal, in continues to do so in
accordance with the existing technical standards. The OSP is
not known to the consumer and does not have a consumer-
facing relationship it simply provides the technical integration
between the principal and the data holder.
11 | P a g e
Table 3. Unaccredited OSPs
#
Issue
Entity
Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
13.
CDR Register Standards
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
(Technical)
The OSP is not an accredited person but instead acts under the
principal's accreditation held by the CDR Register. The Register
APIs currently expose all data related to the accredited person
(the principal) to facilitate registration and integration with the
Data Holder.
14.
CDR Register (Participant
ADR
N/A
N/A
Accreditation changes required.
TBD
TBD
Portal)
The collection arrangement question in the accreditation
application form will become redundant when this rule change
is made and, accordingly, it will be removed. Additionally,
features introduced to establish a relationship between a
provider’s Brand and a principal’s Software Product during on-
boarding will also become redundant and will be removed.
12 | P a g e
Trusted Advisers
Schedule 3 amends the CDR Rules to allow a consumer to consent to an accredited person disclosing a consumer’s CDR data to a person within a specified class
(referred to as ‘trusted advisers’). The intention is to facilitate current consumer practices of sharing their data with trusted third parties in order to receive advice
or a service, and increase convenience and control for consumers by enabling them to use the CDR to share their data with their chosen trusted advisers. The
accredited person cannot make the nomination of a trusted adviser or the giving of a TA disclosure consent a condition for the supply of goods and services
requested by the CDR consumer.
Trusted Advisor
Consumer
ADR
Data Holder
(unaccredited)
CDR
Register
Given the importance of CDR consumers understanding the effect of consenting to the disclosure of their CDR data to non-accredited persons, disclosures are
subject to CX standards to be made by the Data Standards Body (rule 8.11(1)). This will ensure the CDR consumer is provided with adequate information to give
informed consent, for example, information that the use of the data by the recipient will not be covered by the CDR regime and the recipient may not have
obligations under the
Privacy Act 1988.
Rule 7.5A(2) provides that disclosure of CDR data under a TA disclosure consent is not a permitted use or disclosure until the earlier of a date to be determined or
when the Data Standards Chair makes consumer experience data standards for disclosure of CDR data to trusted advisers. The specified date is expected to be
three months after the commencement of the rules.
13 | P a g e
Table 4. Trusted Advisers
#
Issue
Entity Rules
Proposed
Standards description
Standards made: Comply:
Obligation
15.
TA Disclosure
ADR
8.11(1)(c)(iv)
MUST
CX standards are proposed that would require ADRs to ensure that
TBD in accordance
TBD in accordance
consent:
CDR consumers are able to make informed decisions about the
with the date
with the date
Disclosure
disclosure of data outside the CDR system.
specified in the
specified in rules,
notification
rules, which is
which is expected
This item will feature alongside the equivalent insight disclosure
expected to be
to be three
notification in an overall ‘disclosure to non-accredited persons’
three months after
months after the
standard.
the
commencement
commencement of
of the rules
the rules
16.
Disclosure
ADR
4.10(1)(a)(i)
MUST
T
he existing CX standards for disclosure consent are expected to
The existing
The existing
consent:
SHOULD
apply to TA disclosures.
standards were
standards were
Collection source
made in June 2021. made in June
An amendment to the standards is proposed to clarify this
Timing of
2021. Timing of
application.
clarification TBD in
clarification TBD in
accordance with
accordance with
the rules.
the rules.
17.
Disclosure
ADR
4.10(1)(a)(i)
MUST
T
he existing CX standards for disclosure consent are expected to
The existing
The existing
consent:
apply to TA disclosures.
standards were
standards were
Descriptions of
made in June 2021. made in June
data to be
An amendment to the standards is proposed to clarify this
Timing of
2021. Timing of
collected and
application.
clarification TBD in
clarification TBD in
disclosed
accordance with
accordance with
the rules.
the rules.
18.
Withdrawal:
ADR
4.10(1)(a)(i)
MUST
T
he existing CX withdrawal standard for disclosure consent is
The existing
The existing
Disclosure
expected to apply to TA disclosures.
standards were
standards were
consent
made in June 2021. made in June
An amendment to the standards is proposed to clarify this
Timing of
2021. Timing of
application.
clarification TBD in
clarification TBD in
accordance with
accordance with
the rules.
the rules.
14 | P a g e
Table 4. Trusted Advisers
#
Issue
Entity Rules
Proposed
Standards description
Standards made: Comply:
Obligation
19. Consumer Data
N/A
N/A
N/A
No additional CX standards are anticipated in relation to this item.
N/A
N/A
Standards (CX)
20. Consumer Data
N/A
N/A
TBD
Technical changes may be required.
TBD
TBD
Standards
(Technical)
No data standards changes are required where consumers consent
to share data with an ADR they have a direct relationship with.
Disclosure of data to a trusted advisor is done so at the discretion of
the ADR through services offered by the ADR. For example, a small
business consumer performs regular account reconciliation with an
online accounting solution but uses an accountant for end of year
financial statement. The accounting software is an ADR and the
small business is the eligible consumer that has a customer
relationship with the ADR. The ADR discloses the consumer’s data to
the trusted advisor through a mechanism provided by the ADR.
Where the consumer does not have a direct relationship with the
ADR but instead only has a relationship with the trusted advisor, a
separate consultation will be developed to consider the streamlined
secure sharing of data using an ADR and onward disclosure of data
to the trusted advisor under a consumer's full consent. For example,
an individual who at tax return time engages an accountant (the
trusted advisor) to perform all account reconciliation and tax return
activities on their behalf using an online accounting software (the
ADR), who is not themselves required to be a customer of the ADR.
21. CDR Register
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
Standards
(Technical)
The draft v3 rules do not require additional metadata to be held or
exposed via the CDR Register APIs.
15 | P a g e
Table 4. Trusted Advisers
#
Issue
Entity Rules
Proposed
Standards description
Standards made: Comply:
Obligation
22. CDR Register
ADR
N/A
N/A
Reporting changes required.
TBD
TBD
(Participant
Portal)
The draft v3 rules change Reporting obligations under Rule 9.4.
These additional reporting obligations require the collection of
additional values in the CDR Participant Portal
Rule 9.4 Report function.
CDR Insights
Rule 1.10A(3) defines an insight disclosure consent as a consent given by a CDR consumer for an accredited data recipient to disclose particular CDR data (the CDR
insight: see rule 1.7(1)) to a specified person for a specified purpose, which are to:
• identify the consumer
• verify the consumer’s account balance
• verify the consumer’s income, or
• verify the consumer’s expenses
For these purposes, ‘verify’ means to confirm, deny or provide some simple information about the consumer’s identity, account balance, income or expenditure
based on their CDR data. These CDR insights would allow consumers to securely provide and confirm relevant factual information about themselves, while giving
the recipient comfort in its authenticity and accuracy. These purposes are intended to support the sharing of information that the consumer could themselves
confirm and understand.
16 | P a g e
Consumer
Other ADR
ADR
Person
CDR insight
Consumer
(unaccredited)
CDR data
ADRs would be responsible for ensuring that the CDR insights they disclose align with the purpose consented to by the consumer. For example, CDR insights could
be used to:
• confirm with a ‘yes’ or ‘no’ that the personal information provided in an application matches the information held by a bank
• confirm with a ‘yes’ or ‘no’ that the consumer’s account balance is or is not sufficient to meet a particular payment
• provide a consumer’s actual account balance at a specific point in time
• provide an alert to a merchant if a direct debit payment will fail, or
• provide the consumer’s average income over a specific period of time
Rule 4.11(3)(ca) requires an accredited person to give an explanation of the CDR insight to the CDR consumer when seeking the insight disclosure consent that will
make it clear what the CDR insight would reveal or describe. The CDR Rules do not require a CDR insight to be shown to a consumer prior to it being disclosed.
However, where practical, this step could be taken to assist the consumer’s understanding of what the CDR insight would reveal or describe and help meet the
accredited person’s obligation under rule 4.11
Rule 7.5A(4) provides that disclosure of CDR data under an insight disclosure consent is not a permitted use or disclosure until the earlier of a date to be
determined in the rules or when the Data Standards Chair makes consumer experience data standards for disclosure of CDR insights.
Rule 8.11(1A) states that the standards that relate to obtaining insight disclosure consents must include provisions that cover the following:
(a) how the accredited person can meet the requirement to explain a CDR insight in accordance with paragraph 4.11(3)(ca);
(b) ensuring that the CDR consumer is made aware that their data will leave the CDR system when it is disclosed.
17 | P a g e
Rule 8.11(1)(c)(v) contains new requirements for data standards to be made about disclosure and security of CDR data that is disclosed in a CDR insight, and the
processes by which insight disclosure consents are obtained, including ensuring the consumer understands their data will leave the CDR system and explaining the
CDR insight in accordance with rule 4.11 (rule 8.11(1A).
Table 5. Insight Disclosure
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
23.
Insight Disclosure
ADR
1.14(3)(ea),
MUST
Standards are proposed that will cover how accredited persons
TBD in accordance
TBD in accordance
consent: Insight
4.11(3)(ca),
can meet the requirement to explain a CDR insight in
with the date
with the date
descriptions
7.9(4),
accordance with rule 4.11(3)(ca).
specified in the rules,
specified in rules,
8.11(1A)
which is expected to
which is expected
This is expected to include requirements in relation to how to
be three months after
to be three months
make clear to the CDR consumer what the CDR insight would
the commencement
after the
reveal or describe.
of the rules
commencement of
the rules
It is expected that this requirement will need to be reflected on
the dashboard.
24.
Insight Disclosure
ADR
8.11(1A)
MUST
Standards are proposed that would ensure that CDR consumers
TBD in accordance
TBD in accordance
consent:
are able to make informed decisions about the disclosure of
with the date
with the date
Disclosure
data outside the CDR system when it is disclosed.
specified in the rules,
specified in rules,
notification
which is expected to
which is expected
This item will feature alongside the equivalent TA disclosure
be three months after
to be three months
notification in an overall ‘disclosure to non-accredited persons’
the commencement
after the
standard.
of the rules
commencement of
the rules
25.
Disclosure
ADR
4.10(1)(a)(i)
MUST
T
he existing standards for disclosure consent are expected to
The existing standards
The existing
consent:
SHOULD
apply to insight disclosures.
were made in June
standards were
Collection source
2021. Timing of
made in June 2021.
An amendment to the standards is proposed to clarify this
clarification TBD in
Timing of
application.
accordance with the
clarification TBD in
rules.
accordance with
the rules.
18 | P a g e
Table 5. Insight Disclosure
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
26.
Disclosure
ADR
4.10(1)(a)(i)
MUST
T
he existing standards for disclosure consent are expected to
The existing standards
The existing
consent:
apply to insight disclosures.
were made in June
standards were
Descriptions of
2021. Timing of
made in June 2021.
data to be
An amendment to the standards is proposed to clarify this
clarification TBD in
Timing of
collected and
application.
accordance with the
clarification TBD in
disclosed
rules.
accordance with
the rules.
27.
Withdrawal:
ADR
4.10(1)(a)(i)
MUST
T
he existing withdrawal standard for disclosure consent is
The existing standards
The existing
Disclosure consent
expected to apply to insight disclosures.
were made in June
standards were
2021. Timing of
made in June 2021.
An amendment to the standards is proposed to clarify this
clarification TBD in
Timing of
application.
accordance with the
clarification TBD in
rules.
accordance with
the rules.
28. Consumer Data
N/A
N/A
N/A
No additional CX standards are anticipated in relation to this
N/A
N/A
Standards (CX)
item.
29. Consumer Data
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
Standards
(Technical)
The technical standards do not currently control the transfer of
data between an accredited person to other persons.
The rules allow for the transfer of CDR insights data between an
accredited person (ADR) and other persons as long as
appropriate consent is obtained. While the rules define
obligations that ADRs must meet in order to make these
transfers there is no requirement for the DSB to make technical
standards for this transfer.
19 | P a g e
Table 5. Insight Disclosure
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
30. CDR Register
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
(Technical
Standards)
The rules do not require additional metadata to be held or
exposed via the CDR Register APIs.
31. CDR Register
ADR
N/A
N/A
Reporting changes required.
TBD in accordance
TBD in accordance
(Participant Portal)
with the date
with the date
The draft rules change Reporting obligations under Rule 9.4.
specified in the rules,
specified in the
These additional reporting obligations require the collection of
which is expected to
rules, which is
additional values in the CDR Participant Portal
Rule 9.4 Report
be three months after
expected to be
function.
the commencement
three months after
of the rules
the
commencement of
the rules
Joint Accounts
The proposed draft v3 rules include a change to a ‘single consent’ model for joint accounts. CDR data that relates to a joint account can be disclosed under the Rules
only in accordance with the disclosure option that applies to the account. Division 4A.2A sets out:
• the three disclosure options, with the default option being the pre-approval option;
• an obligation for data holders to provide a disclosure option management service (DOMS) for all joint accounts through which joint account holders can
change the disclosure option that applies to the account, or propose a change to the other account holders;
• when one joint account holder proposes to change the disclosure option―a process by which the other joint account holders can either agree with or reject
the proposal; and
• some associated notification requirements.
20 | P a g e
Data holders must offer the pre-approval option and non-disclosure option on joint accounts, and may offer the co-approval option on an optional basis (rules
4A.4(2) and (3)). If the pre-approval option applies, any joint account holder can choose that the co-approval option will apply.
Consumer A
is owned by
Bank Account
is owned by
Consumer B
Consumer B
Consumer B
A change from the non-disclosure option to another option, or a change from the co-approval option to the pre-approval option (if offered by the data holder),
requires the agreement of all the joint account holders.
If the co-approval option is offered by the data holder and applies to the joint account—the data holder must ask the requesting account holder to authorise the
disclosure of the requested data, seek the other account holders’ approval for the disclosure, then disclose the data in accordance with the request.
On 30 April 2021, Treasury announced that requirements for banks to implement the joint account requirements that would have applied from November 2021
would be deferred, with new compliance dates to be set following consultation. The draft v3 rules amend the commencement table in rule 6.6 of Schedule 3 to the
CDR Rules and set 1 April 2022 as the new compliance date for joint account data sharing in the banking sector.
Draft v3 rule 4A.6 requires data holders to notify joint account holders of the following matters in relation to the account (for new accounts, when the account is
opened, or for existing accounts, at least 7 days prior to joint accounts being in scope for sharing under the Rules). This notification must be made, in accordance
with any data standards and via the ordinary method for contacting each joint account holder.
21 | P a g e
Draft v3 rule 4A.16 requires data holders to allow joint account holders to set certain notification preferences. If data standards are in place, this must be done in
line with those standards. This would allow consumers to set preferences such that they would not receive certain notifications that data holders would otherwise
be required to provide.
The draft v3 rules also include transitional provisions that:
• require relevant data holders to continue to comply with the former joint account transitional provisions until 1 April 2022, when they must begin to
comply with the draft v3 rules;
• require data holders to notify consumers with joint accounts of the change to the default setting to share at least a week before the commencement date;
and
• provide that joint accounts that are currently set to the ‘no disclosure option’ are not switched to the pre-approval option on the commencement date.
The joint account items below have been informed by the Consumer Policy Research Centre’s recent
community sector engagement on joint accounts, CX research,
a public workshop on joint accounts, and issues highlighted by the CDR community. The use of the term ‘requestor’ in this section aligns with Division 4.3, rule
4.9(a), meaning the person on whose behalf the consumer data request is being made.
Table 6. Joint Accounts
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
32.
Notification
DH
4A.6(3)
TBD
Standards will be consulted on in relation to Rule 4A.6, where joint account
Expected in Q4
Expected to be 1
standard: Pre-
holders will be notified about matters relating to joint account sharing
2021 to allow for a
April 2021. Actual
sharing notice
when a new joint account is opened or, for existing accounts, 7 days prior
6-month
date TBD in
for joint
to joint accounts being in scope for sharing.
implementation
accordance with
accounts
timeframe. Actual
the finalised rules.
date TBD in
accordance with
the date the rules
are made.
33.
Notification
DH
4A.16(3)
TBD
Standards will be consulted on to allow notification preferences to be set
Expected in Q4
Expected to be 1
standard: Joint
based on consumer preference. This would allow consumers to choose to
2021 to allow for a
April 2021. Actual
account
not receive certain notifications and could consider the granularity of
6-month
date TBD in
notification preference controls.
implementation
22 | P a g e
Table 6. Joint Accounts
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
notification
timeframe. Actual
accordance with
management
Purpose: Allow consumers to manage and set notifications related to joint
date TBD in
the finalised rules.
accounts based on their preferences.
accordance with
the date the rules
are made.
34.
Notification
DH
4A.5(8),
MUST
Standards will be proposed to require DHs to alert a joint account holder
Expected in Q4
Expected to be 1
standard: Alerts
existing
when they are about to take an action that will result in a notification being 2021 to allow for a
April 2021. Actual
sent to other the
rules
sent to the other joint account holder(s).
6-month
date TBD in
joint account
1.15(1)(ba),
implementation
accordance with
holder(s)
4.22(a)
For example, when changing a disclosure option via DOMS; when removing
timeframe. Actual
the finalised rules.
an approval related to a specific authorisation; or during the authorisation
date TBD in
flow when selecting to share data from a joint account.
accordance with
the date the rules
Purpose: Facilitate safe and informed joint account sharing and
are made.
management.
35.
Notification
Existing
SHOULD
This item will propose that, where DHs treat a joint account like an
Expected in Q4
Expected to be 1
standard: Joint
rule 4.22(a)
individual account to prevent physical or financial harm or abuse, DHs
2021 to allow for a
April 2021. Actual
account holders
should notify that joint account holder (the ‘requestor’) that the other
6-month
date TBD in
flagged as
account holder(s) will
not be alerted when that authorisation is initiated.
implementation
accordance with
vulnerable
timeframe. Actual
the finalised rules.
Purpose: Reduce cognitive barriers to data sharing for consumers
date TBD in
experiencing vulnerability
accordance with
the date the rules
are made.
36.
Notification
Existing
MUST/SHO
DHs may indicate that a joint account is ‘pending’ further approval in the
Expected in Q4
Expected to be 1
standard:
rule 4.22(a)
ULD
authorisation flow and include explanatory information about what this
2021 to allow for a
April 2021. Actual
Pending approval
means. This could apply where a ‘co-approval’ option has been chosen by
6-month
date TBD in
status
the joint account holder(s) to indicate that the requestor’s authorisation
implementation
accordance with
will not result in the disclosure of data from that joint account until the
timeframe. Actual
the finalised rules.
other joint account holder(s) approve.
date TBD in
accordance with
23 | P a g e
Table 6. Joint Accounts
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
This standard will be considered for broader application, such that data
the date the rules
holders can introduce additional information of this nature to the
are made.
authorisation flow for other account types where required.
Purpose: Increas
e system status visibility to help users understand when
further action is needed to successfully share data.
37.
Withdrawal:
DH
4A.13(2);
MUST
This will propose that DHs advise joint account holders of the
Expected in Q4
Expected to be 1
Joint accounts
4A.15(1)(d)
consequences of the withdrawal.
2021 to allow for a
April 2021. Actual
(v)
6-month
date TBD in
This is expected to approval to the removal of a disclosure option, i.e.
implementation
accordance with
changing to a non-disclosure option, and the removal of an approval.
timeframe. Actual
the finalised rules.
date TBD in
accordance with
the date the rules
are made.
38. Consumer Data
N/A
N/A
N/A
No additional CX Data Standards are anticipated for this item.
N/A
N/A
Standards (CX)
39. Consumer Data
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
Standards
(Technical)
The rules change the disclosure options for joint account data.
However, the technical standards do not define obligations that Data
Holders must meet to obtain the disclosure consent of secondary account
holders. The proposed draft v3 rules change the way in which consent is
provided for joint accounts but does not include requirements for technical
standards. Similar to the Joint Account Management Service, the way in
which Data Holders implement these proposed draft v3 rules is left to the
implementation Data Holders. Joint Accounts continue to be shareable
through the existing standards framework for selection of accounts to be
associated with the consumer's authorised consent that is held by the data
24 | P a g e
Table 6. Joint Accounts
#
Issue
Entity Rules
Proposed
Standards description
Standards made:
Comply:
Obligation
holder. Further, joint account data is currently covered by the existing
technical APIs.
40. CDR Register
N/A
N/A
N/A
No technical standards changes required.
N/A
N/A
(Technical
Standards)
The draft v3 rules do not require additional metadata to be held or
exposed via the CDR Register APIs.
41. CDR Register
ADR,
9.4
N/A
Reporting changes required.
TBD in accordance
TBD in accordance
(Participant
DH
with the date
with the date
Portal)
The draft v3 rules change Reporting obligations. These additional reporting
specified in the
specified in the
obligations require the collection of additional values in the CDR Participant rules
rules
Portal
Rule 9.4 Report function.
25 | P a g e
Direct to Consumer Request Service
Under Part 3 of the CDR Rules, data holders are required to implement an online service that allows consumers to directly request their CDR data in a human
readable form and in accordance with the data standards.
In order to allow further consultation about the way in which direct to consumer obligations should be provided for and in machine-readable form via APIs (and the
way in which the data standards should provide for this), the Rules amend clause 6.6 of Schedule 3 to remove the compliance date for the Part 3 obligations in the
banking sector.
Table 7. Direct to Consumer
#
Issue
Entity Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
42. General
N/A
Part 3
N/A
As proposed i
n DP089 a
nd DP167, no CX Data Standards are anticipated for this
N/A
N/A
issue and
any technical standards consultation will be deferred in line with the
rules.
If Direct To Consumer obligations are re-introduced at a later date, options for
standards will be considered at that time.
26 | P a g e
link to page 21 link to page 24
ADR Representation
This topic covers the presentation of ADRs by DHs in the authorisation flow and DH dashboard. The genesis of this issue can be found i
n issue 222, where a range of
possibilities were raised to achieve consistent and comprehensible presentation of ADRs in DH spaces. The proposal outlined in the below table progresses this
thinking and proposes a new field to accommodate concurrent consents and the newly proposed access arrangement models, such as affiliates and CDR
representatives.
Table 8. ADR Representation
#
Issue
Entity Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
43. ADR representation
ADR
1.15(ba)
ADR: MAY
This issue is reflected in:
TBD
TBD
in DH authorisation
DH
and (bb),
DH: MUST
Table 1. Sponsored Accreditation
flow and dashboards
4.23(2)
Table 2. CDR Representative Model
This issue relates to the provision of CX standards to support consistent ADR
presentation in dashboards, authentication, and authorisation spaces.
ADRs are currently represented inconsistently, and the current requirement to
display an ADR’s legal entity name in the authorisation flow may not correspond
with the entity the consumer interacts with as the CDR begins to see more complex
accreditation models.
This consultation will propose that DHs display the ADR’s brand name in
authentication and authorisation related artefacts where appropriate. This proposal
will rely on the existing rules requiring DHs to display specified information that the
Register holds in relation to an accredited person.
This consultation will also explore if these same fields should be required on
dashboards, including DH dashboards and ADR dashboards in relation to AP
disclosures.
The proposal will also query if additional consent-related fields are warranted for
concurrent consents and complex sharing models, such as affiliates and CDR
representatives. Consultation will be conducted to determine if or how these fields
27 | P a g e
Table 8. ADR Representation
#
Issue
Entity Rules
Proposed
Standards description
Standards
Comply:
Obligation
made:
could be facilitated through technical standards – such as the authorisation request
– or the Register.
Purpose: Achieve comprehensible and contextually appropriate presentation of
ADRs during authentication, authorisation, and on consumer dashboards.
44. Consumer Data
N/A
1.15(ba)
N/A
Changes may be required.
N/A
N/A
Standards (Technical)
and (bb),
4.23(2)
If the disclosure of additional data relating to the representation of ADR
relationships is required to be communicated through the authorisation flow and on
consumer dashboards, changes to the authorisation request may be required to
facilitate this.
45. CDR Register
N/A
1.15(ba)
N/A
Changes may be required.
N/A
N/A
(Technical Standards)
and (bb),
4.23(2)
If the disclosure of additional data relating to the representation of ADR
relationships is required to be communicated through the authorisation flow and on
consumer dashboards, changes to the authorisation request may be required to
facilitate this.
46. CDR Register
ADR
9.4
N/A
Changes may be required.
TBD in
TBD in
(Participant Portal)
accordance
accordance
If CDR Register (Technical Standards) are required, as mentioned in point
Error!
with the
with the
Reference source not found. it will flow on to the Participant Portal in order for
date
date
ADRs to provide additional details during the on-boarding process.
specified in
specified in
the rules
the rules
28 | P a g e
Implementation Considerations
The specific items raised in this paper will be consulted on separately, along with the implementation considerations. CDR participants are encouraged to raise any
concerns or impacts ahead of those targeted consultations.
Whi
le a Noting Paper is not part of a formal decision proposal consultation, the DSB strongly encourages CDR participants to provide feedback to help inform data
standards development in relation to these key areas of work.
29 | P a g e
Consumer Data Right Board
s 22
The following action items remain open:
s 22
• CDRB/201020/2.5 (Direct to consumer,
assigned to Treasury).
s 22
The remainder of this document is
outside the scope of the request and has
been deleted
Consumer Data Right Board
s 22
1.5 Action Items
Paper
Ms Quinn
s 22
The following action items remain open:
• CDRB/201020/2.5 (
Direct to consumer).
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
Consumer Data Right Board – Meeting 20
s 22
1.5 Action Items
Paper
Ms Quinn
s 22
The following action items remain open:
• CDRB/201020/2.5 (
Direct to consumer).
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
Consumer Data Right Board – Meeting 21
s 22
1.5 Action Items
Paper
Ms Quinn
Recommend that action item CDRB/201020/2.5
(
Direct to consumer) is moved to be closed, noting
that the inclusion of direct to consumer provisions
in the rules has been indefinitely deferred. The
item was first raised in October 2020.
s 22
The remainder of this document is outside
the scope of the request and has been
deleted
FOI 3139
Document 26
s 22
From: CX <xx@xxxxxxxxxxxxxxxxxxxxx.xxx.xx>
Date: Monday, 28 February 2022 at 12:58 pm
To: s 47F
Cc: s 22
Subject: Re: Attn: s 22
Hey s 47F
Great to chat just then.
Here are the links I promised:
Direct to Consumer – data standards consultation
The most recent Direct to consumer deferral announcement
The direct to consumer exemption – which I believe you have already seen;
The direct-to-consumer exemption link may not be the most up to date as it refers to Nov 2021.
There are exemptions for individual DHs that defer to July 2022, but I’m certain it’s deferred
indefinitely. It’s notoriously hard to find these details so I’ve just put out a request for the most
up to date info.
Hope the above helps.
Best,
s 22
Consumer Experience Lead
Data Standards Body | Consumer Data Right Division
E s 22
T s 22
W www.consumerdatastandards.gov.au
Consumer Data Standards acknowledges the Traditional Owners of the lands that we live and work on across
Australia and pays its respect to Elders past and present.
PLEASE NOTE
The information contained in this email may be confidential or privileged. Any unauthorised use or disclosure is
prohibited. If you have received this email in error, please delete it immediately and notify the sender by return
email. Thank you. To the extent permitted by law, Consumer Data Standards does not represent, warrant
and/or guarantee that the integrity of this communication has been maintained or that the communication is
free of errors, virus, interception or interference.
This email (including attachments) is confidential and intended for the addressee(s) named above. If you have
received it by mistake, please inform us by an email reply and then delete it from your system, destroy all
copies, and do not disclose as our policy is that it is not permissible to reproduce, adapt, copy, forward, or in
any way reveal this message without the senders consent.
FOI 3139
Document 27
From:
s 22
To:
s 22
Cc:
s 22
; s 22
Subject:
FW: Zendesk Question 1608 - Direct to Consumer Obligations [ACCC-ACCCANDAER.FID2815417]
[SEC=OFFICIAL]
Date:
Friday, 22 July 2022 3:11:00 PM
Attachments:
image001.png
image002.png
image004.png
image006.png
OFFICIAL
From: s 22
Sent: Friday, 15 July 2022 1:47 PM
To: s 22
; s 22
s 22
s 22
Subject: RE: Zendesk Question 1608 - Direct to Consumer Obligations [ACCC-
ACCCANDAER.FID2815417] [SEC=OFFICIAL]
Hi s 22
,
Yes, I think this is definitely one for us. Thank you for sharing!
s 22
and s 22
For info - the ACCC has received a Zendesk enquiry about timeframes for
consultation re expanding Open Banking to direct-to-consumer sharing. One for next week, but I
assume we will want to refer them to the CDR statutory review.
Previous ACCC advice: Response to queries:...~https://cdr-support.zendesk.com/hc/en-
us/articles/360004343516-Response-to-queries-Deferral-of-joint-account-and-direct-to-
consumer-obligations
Rules for direct-to-consumer sharing are established under Part 3 of the CDR Rules
(Consumer data requests made by eligible CDR consumers)
Right now direct-to-consumer sharing under Part three is not included in the Banking
(Schedule 3, Rule 6.6) or energy (Schedule 4) commencement schedules.
Cheers,
s 22
CDR Policy Issues Unit |s 22
From: s 22
Sent: Friday, 15 July 2022 11:52 AM
To: s 22
Subject: FW: Zendesk Question 1608 - Direct to Consumer Obligations [ACCC-
ACCCANDAER.FID2815417] [SEC=OFFICIAL]
OFFICIAL
Hi s 22 – I think this one might be for your team? Let me know if you agree and/or if we can
help!
s 22
s 22
Consumer Data Right Division | Markets Group | The Treasury
Langton Crescent, Parkes ACT 2600
Ph: s 22
|
M: s 22
cdr.gov.au | Subscribe to receive CDR updates
Consumer Data Right acknowledges the traditional owners of country throughout Australia, and their continuing
connection to land, water and community. We pay our respects to them and their cultures and to elders both
past and present.
LGBTIQ+ Ally
OFFICIAL
From:s 22
Sent: Friday, 15 July 2022 11:35 AM
To: s 22
Cc: s 22
; s 22
s 22
Subject: Zendesk Question 1608 - Direct to Consumer Obligations [SEC=OFFICIAL] [ACCC-
ACCCANDAER.FID2815417]
OFFICIAL
Hi s 22
The ACCC Regulatory Guidance team has received the below Zendesk query (ZQ
1608) regarding the deferral of direct to consumer obligations:
I was wondering if any updated timelines were available regarding the deferral of
‘direct to consumer’ obligations. I see in your latest article that a consultation was
planned to occur before November 2021. I was wondering if this consultation
occurred and if not what the current timeline if any is?
As the question relates to CDR policy, we would be grateful for your team’s input.
Thanks very much and please let us know if you would like to discuss further.
Warm regards,
s 22
Graduate – Regulatory Guidance | Regulatory Branch | Consumer Data Right Division
Australian Competition & Consumer Commission
Level 29M, 135 King Street, Sydney NSW 2000
T:s 22
www.accc.gov.au
The ACCC acknowledges the traditional owners and custodians of Country throughout
Australia and recognises their continuing connection to the land, sea and community. We pay
our respects to them and their cultures; and to their Elders past, present and future.
---
IMPORTANT: This email from the Australian Competition and Consumer Commission
(ACCC), and any attachments to it, may contain information that is confidential and may
also be the subject of legal, professional or other privilege. If you are not the intended
recipient, you must not review, copy, disseminate, disclose to others or take action in
reliance on, any material contained within this email. If you have received this email in
error, please let the ACCC know by reply email to the sender informing them of the
mistake and delete all copies from your computer system. For the purposes of the Spam
Act 2003, this email is authorised by the ACCC www.accc.gov.au