What will success look like for the ACCC when data sharing goes live

  • By Christine St Anne

The ACCC expects to see a vibrant open data framework in six months time given the promising levels of interest from the number of parties who have applied for accreditation under its consumer data right framework.

“These parties are offering a range of different services so it will really be about building out a number of new competitive services and new consumer value propositions,” ACCC executive general manager, consumer data right Paul Franklin said.

While there has been some discussion about the role of the CDR, to facilitate switching, Franklin said that it is a possibility but it is not the only one innovation.

“We are also very interested in the services that just provide better alternatives to customers and possibly services that haven't even been contemplated yet.  

The competition watchdog has already conduced live testing and is confident that data sharing will go live next week – 1 July.

From that date, the four major banks will become participating data holders with two accredited data recipients – Frollo and the Regional Australia Bank.

Franklin acknowledged that there will “possibly be only two data recipients” in the first couple of months but that it was a “matter of starting small and then growing”.

“In the first month, it really will be about proving that the system works.”

In a two-hour webinar hosted by ACCC for the industry, the regulator also tackled the issue of consumer engagement.

The ACCC did not engage any consumers during its testing phase as it felt services needed to be available to do that.

In terms of boosting awareness of the CDR, the ACCC won’t be embarking on a broad campaign.

“Most of our communications has been driven by the need to get interest within the fintech sector and the financial institutions and technology organisations,” Franklin said.

“We're largely going to be announcing the launch next week through press releases that will go to industry publications and the mainstream media. We are not yet planning a widespread consumer education campaign.”

A consumer education campaign will only be undertaken once the industry reaches critical mass with CDR buy-in.

In terms of reaching this critical mass, part of the industry will still navigate a number of challenges in order to successfully participate in the new regime.

We've started with an unrestricted level of accreditation, which I think it's fair to say is intended to be an umbrella level of accreditation for the CDR as it expands across sectors, Jodi Ross, ACCC

The webinar included a plethora of far-ranging questions from the audience.  

The Conformance Test Suite (CTS) – which essentially green lights firms to participate in CDR – will be available to accredited data recipients in September while the data for ‘data holders’ it is a ‘TBC’.

A firm testing in CTS could meet the requirements within a day if their their solution is developed closely with the CDR standards but it might take longer if that testing reveals “defects” within their systems.

The ACCC said the CTS was not a sandbox or assisted development tool.

Outsourcing arrangements were also tackled particularly with cloud providers.

“As a general rule it all comes down to the idea of disclosure and whether the cloud storage provider can be said to have disclosed, the data having regard to the nature of the services hat t they are providing,” ACCC executive director of policy Jodi Ross said.  

This will depend on the type of service model being offered.

“If it's a service model that really doesn't involve anything other than provision of storage, infrastructure and the data recipient is effectively in control of the data and indeed the encryption of the data. I think it may well be the case that an outsourcing arrangement is not needed.

“But we are aware that there's a range of service models that exist and some of those may well involve the need to have an outsourcing agreement,” Ross added.

Going forward, the ACCC will be eying separate accreditation rules for other sectors as the CDR widens to energy and telecommunications.

Here the ACCC will be looking at new tiers as the CDR develops.

“We are very mindful of the recommendation that Scott Farrell made about risk-based tiers of accreditation.

“We've started with an unrestricted level of accreditation, which I think it's fair to say is intended to be an umbrella level of accreditation for the CDR as it expands across sectors,” Ross said.

The ACCC is in the process of considering what other levels of accreditation could look like.

“I think at this stage we are seeing a basis for another level of accreditation that may well encompass energy and possibly some specific APIs and data sets in banking as well,” Ross said.

“We are at the early stages of this type of thinking. And obviously it will need to go through full consultation and privacy impact assessment process.”

ACCC will also be exploring with ASIC the potential to work within the corporate regulator’s fintech sandbox.

This could include providing limited accreditation that enables fintechs to test some products around the CDR.

“We might look the possibility of government entities wanting to become accredited as well, and whether there's some special things we need to do to accommodate them.”