CDR moves slowed
Australia’s progress on expanding Consumer Data Right laws appears to be stalled.
The Albanese government has decided to halt the expansion of the Coalition's Consumer Data Right (CDR) project, according to reports.
The expansion of CDR conditions into superannuation, insurance, and telecommunications has been put on pause, according to internal communications.
The government allocated $88 million over two years to the CDR, but the majority of this funding will be used to establish the existing sectors and activate third-party “action initiation”.
The decision to pause expansion aligns with the recommendations of the independent Statutory Review, acknowledging the need for further time to allow the CDR to mature.
The government intends to concentrate on ensuring the effectiveness of the CDR in the banking sector, expanding into non-bank lending, and continuing the energy rollout as planned.
No specific timelines for the sidelined industries will be considered until 2024.
While banks have invested heavily in becoming CDR compliant, they privately oppose the scheme due to potential margin dilution and decreased customer loyalty.
They are also concerned about the inclusion of fintechs that utilise screen scraping software, which violates bank information security conditions by requiring account holders to share their access credentials.
The superannuation industry is cautious about the CDR as it poses a risk of fraudulent account switching and depletion of funds.
Remote access to superannuation funds through action initiation is particularly concerning for providers.
Similarly, telecommunications carriers worry about potential misuse of the CDR, which could lead to unauthorised control of individuals' mobile accounts, exacerbating the problem of account takeover hijacking.
The CDR legislation, currently in parliament, was drafted prior to recent high-profile data breaches at Optus, Medibank, and Latitude.
These incidents have highlighted the risks associated with data hoarding and have prompted insurers to reassess their approach to data security.
Treasury allegedly remains committed to progressing action initiation, with a focus on developing a robust framework in consultation with stakeholders.
Funding has also been allocated to increase consumer awareness of the CDR and develop a trust brand strategy.
A strategic assessment of the CDR is planned for the end of 2024 to guide future expansions.