The Australian Government has introduced Consumer Data Right in Australia. Consumer Data Right will give consumers, including individuals and business, a secure way to control which businesses have access to their data.

Formally introduced to the banking sector on July 1, 2020 it will subsequently roll out to the energy and telecommunications sectors soon after. The interesting part about this new law is that the ACCC (Australian Competition and Consumer Commission) is responsible for accrediting providers and enforcing the rules. As a result, companies offering services must comply with the privacy safeguards, rules and IT system requirements (such as encryption, etc.) to ensure privacy is protected.

Most notably, the CDR acts as the broker of the information in this new law. The data can only be shared WITHIN the CDR system and with an individuals consent. The individual ultimately has control over what data is transferred to another provider and what it can be used for.


Penalties of up to AU$420,000 (or AU$2.1 million for businesses, per breach) may be imposed for misleading conduct relating to the transfer of CDR data and to breaches of the new Privacy Safeguards.


The ACCC and OAIC will ensure compliance to these new regulations and will require:

  • Mandatory business reporting from data holders and accredited data recipients which will be used to track compliance and identify issues or trends
  • Audits and Assessments to ensure parties are complying with the framework which may involve further action to resolve identified compliance problems