Strict regulations in place
Consumer Data Right is an opt-in service, which means you can choose whether to use it or not. Providers must get your explicit consent to use your data.
Consumer Data Right has been set up by the Australian Government to benefit Australians. It is co-regulated by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC).
Rigorous consent requirements are in place. Consumer Data Right providers must make it clear on their website or app:
- exactly what information you’re sharing and how it will be used
- who will have access to your data
- how long they’ll have access to your data for
- how you can manage and withdraw consents.
The entire consent process takes place on a provider’s website or app.
Rules that protect your rights
To protect consumers, Consumer Data Right sets out what providers must do. Strict accreditation criteria for providers also help to protect your rights. The ACCC manages the accreditation process. This process and the criteria can be found in Become an accredited data recipient.
Rules are in place to protect your rights. For example:
- you must be able to easily see and manage your data consents online and/or in a provider’s app
- you can withdraw your consent at any time
- if you withdraw your consent, the provider who was receiving your data must stop using your data and delete or de-identify any previously collected data.
Making a complaint
If your data is mishandled or you think your privacy has been breached, you can make a formal complaint about it to your provider.
If the provider doesn’t respond to your complaint or you’re not satisfied with the response, you can:
- contact the Australian Financial Complaints Authority (the recognised external dispute resolution scheme for the banking sector with a dedicated complaint process)
- lodge your complaint to the OAIC.
If you have a question about your Consumer Data Right privacy rights or your ability to make a complaint, please call the OAIC on 1300 363 992.
Reporting business misconduct
You can report information about business practices and behaviours relating to Consumer Data Right that are of concern to you to the ACCC.
Acting on breaches of the Rules
The ACCC and OAIC jointly monitor compliance and enforcement of the Consumer Data Right regulations. They work together to respond to any issues, including taking enforcement action if needed.
For more details on how the ACCC and OAIC undertake compliance and enforcement, view the Compliance and Enforcement Policy below.