OAIC to enforce privacy safeguards in new Consumer Data Right

Businesses offering services under the Consumer Data Right (CDR) which starts today are required to meet strict privacy and security obligations so consumers can share their data with confidence.

The Office of the Australian Information Commissioner (OAIC) is responsible for regulating privacy under the CDR system, which begins in the banking sector from 1 July 2020.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said ensuring CDR providers understand and comply with the privacy safeguards is a key priority for the OAIC.

“The start of the Consumer Data Right in the banking sector today is an important step forward in giving consumers more choice and control over their data,” Commissioner Falk said.

“This reform introduces significant changes to information sharing practices, encourages competition and innovation, and is designed to safeguard consumer privacy.

“By providing a secure and convenient way to transfer data to an accredited provider of their choice, it will allow consumers to access a new service or find a better deal.”

Commissioner Falk said the OAIC will assess and enforce compliance with the privacy safeguards and handle consumer complaints from individuals and small business.

“Strong privacy and accountability measures are built into the system and will be enforced by the OAIC and the Australian Competition and Consumer Commission,” Ms Falk said.

CDR data holders and accredited data recipients can access a range of guidance and advice on the OAIC website to help them comply with their obligations to consumers.

This includes the CDR Privacy Safeguard Guidelines and a new CDR Regulatory Action Policy which explains the OAIC’s powers and how it will exercise them.

A joint Compliance and Enforcement Policy outlines how the OAIC and ACCC will exercise their co-regulatory powers and encourage compliance with the Consumer Data Right Rules and legislation, including the Privacy Safeguards, and Consumer Data Standards developed by the Data Standards Body, CSIRO’s Data61.

Information for consumers about their privacy rights under the Consumer Data Right system is also available at oaic.gov.au/cdr.

About the OAIC

The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency established to promote and uphold privacy and information access rights. It has a range of regulatory responsibilities and powers under thePrivacy Act 1988, Freedom of Information Act 1982, Australian Information Commissioner Act 2010 and Part IVD of the Competition and Consumer Act 2010.

/Public Release. View in full here.