Page Comparison

Consumer Data Right 

The Australian Government introduced the Consumer Data Right (CDR) to give consumers more control over their data. CDR provides customers and small businesses a choice about how their data is shared with third parties and sets standards for a whole industry about what data should be made available safely. In doing so, CDR encourages competition between service providers, leading to better prices for customers and more innovative products and services.

The CDR will be rolled out sector-by-sector, starting with the banking sector. Further information on the CDR is available on the Treasury website at https://treasury.gov.au/consumer-data-right.

Consumer Data Right for banking

The government determined that the CDR will first apply to the banking sector, followed by the energy sector and then the telecommunications sector. The introduction of CDR in the banking sector will provide consumers with access to, and the ability to safely transfer, their banking data to trusted parties.

The CDR will be introduced into the banking sector in phases and segments. For more details, see Phases of Data Sharing Obligations.

Open Banking

Open banking has been introduced to make banking a more competitive business. Its main goals are offering greater financial transparency, a shared chance of success for all financial service providers, and more innovative services to the consumers.

The current banking practice involves the customer or merchant to maintain separate relationships with different financial institutions to achieve their financial goals. Open banking introduces a more consolidated experience to the customer by allowing banks to expose their functionality via APIs.

Consumer Data Standards

The Consumer Data Standards (CDS) are the technical standards produced by Data61, which is the Data Standards Body that guides the banks/Data Holders on how to implement the CDR. These standards enable consumers to access and direct the sharing of data about them with third parties flexibly and simply, and in ways that ensure security and trust in how that data is being accessed and used.

Stakeholders

Data Holder 

The Data Holder (DH) is the organization that CDR is applied to provide data to the consumer. For example, a bank.

Data Recipient

A Data Recipient (DR) is an accredited party that can request CDR data from a Data Holder with the consent of the consumer. 

Consumer

The end-user who is benefited from CDR, the consumer can request the Data Holder to provide data.

ACCC

The Australian Competition and Consumer Commission (ACCC) is the lead regulator for the CDR regime, and it has roles and functions that include:

• Drafting rules to implement and govern the CDR in each sector
• Accrediting entities to receive data
• Managing an online register of accredited data recipients and data holders through Dynamic Client Registration (Client Registration)
• Providing education and guidance on the CDR
• Recommending to government future sectors to be brought within the CDR
• Compliance and enforcement activities

Standards

GDPR

The General Data Protection Regulation (GDPR) is a new legal framework formalized in the European Union (EU) in 2016 and comes into effect from 28, May 2018. GDPR effectively replaces the previously used EU Data Protection Directive (DPD).

FAPI

Financial-grade API (FAPI) is an industry-led specification of JSON data schemas, security and privacy protocols to support use cases in the financial industry and other industries that require higher security. FinTech developers can accelerate secure open banking with FAPI. It uses OAuth 2.0 and OpenID Connect (OIDC) as its base and defines additional technical requirements.

CPS 234

Cross-industry Prudential Standards 234 Information Security (CPS 234) is a mandatory regulation issued by the Australian Prudential Regulatory Authority (APRA). The APRA regulated entities and the information assets managed by them and associated third parties should comply with CPS 234. WSO2 Open Banking is not an APRA regulated entity, but the solution can be categorized as a third-party provider that provides information assets to regulated entities. For more information on how the solution meets CPS 234, see Prudential Standard CPS 234.

ISO/IEC 27001

ISO/IEC 27001 is the internationally recognised specification for an Information Security Management System (ISMS), and it is one of the most popular standards for information security.