Dear <<First Name>>,
This week’s Consumer Data Right newsletter includes:
- Treasury’s newsletter welcome
- information about consultation on design options for proposed changes to Consumer Data Right (CDR) rules and standards
- new Register Design Reference published.
CDR newsletter changes
Welcome to the first edition of the CDR newsletter published by Treasury. This change reflects the transfer of overarching leadership and responsibility for the CDR program that was announced in the 3 March 2021 newsletter.
The newsletter will be used to keep the CDR community updated on developments with the CDR program, including updates from the ACCC and the Office of the Australian Information Commissioner (OAIC). We look forward to engaging with stakeholders through these newsletters and other CDR engagement forums as the system continues to evolve.
Consumer Data Right rules and standards design papers
Treasury has today announced a number of developments for the Consumer Data Right. As part of these announcements, Treasury and the Data Standards Body are seeking input on the development of rules and standards to implement:
- a peer-to-peer data access model in the energy sector
- an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors.
To support consultation and elicit informal feedback on these issues, two design papers are now available on Treasury’s website for stakeholders’ consideration.
We welcome feedback and engagement on an informal basis, which can be provided through GitHub (with separate pages for joint accounts and peer-to-peer model for energy feedback) or by emailing DATA@treasury.gov.au.
We are seeking stakeholder views by 26 May on the details of rules and standards outlined in these papers. We will also provide opportunities for discussion and feedback during May through various CDR forums and engagement mechanisms.
Feedback received on these papers will inform the development of draft rules and standards, which will be the subject of formal consultation in the coming months.
Informed by recent engagement processes, Treasury is also now progressing with the development of draft CDR rules to broaden access arrangements by providing for specific categories of ‘insights’, alternative pathways for accreditation and principle-agent arrangements, as well providing for CDR data to be shared with specified ‘trusted advisers’.
The draft rules will be released soon for formal consultation. The Data Standards Body will commence discussions with the CDR community on developing supporting standards prior to the release of the draft rules.
New version of Consumer Data Right Register Design Reference published
On 22 April 2021, the ACCC published v1.4.0 of the Consumer Data Right Register Design Reference. These changes include documentation clarifications on the design, as well as recommendations on certificate management in the ecosystem. More details can be found in the release notes.
Updated supplementary guidelines on information security released
The ACCC has published updated supplementary accreditation guidelines on information security.
The updated guidelines allow for accreditation applicants and accredited persons to use either their top tier ATO Digital Service Provider Operational Framework certification or level 1 PCI DSS certification, together with a reduced scope assurance report covering the controls that are not covered by the aforementioned certifications, as evidence of meeting the information security requirements under the CDR Rules (see Schedule 2).
More information about the accreditation guidelines is available on the ACCC's website.
First Assistant Secretary
Consumer Data Right Division