The cumbersome CDR legislation that will prevent Australia entering the trillion-dollar data economy

The new Consumer Data Rights legislation is cumbersome and will prevent Australia competing with the US, Europe, Japan and South-East Asia, in the trillion-dollar financial data economy, says international data specialist Julian Ranger.

The Federal Government recently passed the Open Banking sections of the CDR legislation (CDR), providing Australians with more control over their financial data and, in theory, allowing customers greater comparisons between financial products.

However, Ranger, Executive Chairman and founder of the UK arm of the data-sharing company Digi.me, is in Australia advising key politicians and government bodies about the pitfalls of the open banking legislation, which mirrors laws implemented in the UK and Europe last year.

He says the CDR Legislation is missing a key element that would allow Australia to immediately launch into the trillion-dollar global data economy. 

“The reality of this is that had they included the requirement for data to be available with a  well-formed API – it would have springboarded Australia into the trillion-dollar market,” he said. 

“If you had done that the banks -including the tier-two operators- could have implemented CDR within a few months instead of a few years. The industry can solve the problems for the government if you allow them to.”

Julian Ranger is in Australia advising Government, Government entities and FinTech Australia

An API is an Application Programming Interface which is software that allows two applications to talk to each other.,

The CSIRO and Data61 have been appointed as technical advisors in this API area, designing the first iteration of open technical standards that will support consumer-driven data sharing.

Ranger said that Australian politicians had admitted that the UK had been the “crash-test dummy”  for the roll-out of Open Banking and that Australia had simply copied the problematic payment elements of the UK’s General Data Protection Act of 2018.

He said that subsequent updates to the UK legislation, that included the need to return data to a customer or company, had also failed to include the requirement for an API. 

He predicted that Australian banks and other financial services companies would struggle to meet their legislative deadlines.  

“It’s been expensive for us to introduce – 8 billion pounds – and, it has taken years for the banks to match these systems and the number of people that have been regulated is small.” 

Under CDR legislation the four major banks will be required to make data product information available from July 1, 2019. Consumer data for mortgage accounts, credit and debit cards, and deposit and transaction accounts are to be made available by 1 February 2020. 

“I think the legislation disadvantages the banks because they are having to build a huge infrastructure edifice,’ when they could have built something cheaper.

Then there’s going to be errors and costs and difficulties from all of that – and what about the ACCC? I wouldn’t want to be them trying to regulate all those fintechs. It’s impossible.”

“It’s a competition between nations about who’s going to be the nation, or nations, that adopts the new personal data economy the fastest,” said Ranger.

“And, if Australia is left behind, it’s like being left behind in the previous generations of the personal internet – your business will be small – and those of another country, like the US, will be the largest.”

Alex Scandurra, CEO of Stone & Chalk – home to some of Australia’s most successful fintechs, has different concerns about the CDR legislation.

He said until the legislation is finalised it will be difficult to predict how the fintech’s will fare.

“The Financial Services sector is probably the best example of where regulations – aimed at protecting customers – have, over time, resulted in a very complex and costly regulatory regime, that’s difficult for new players to navigate,” said Scandurra.

He said the sector is ‘plagued by oligopolies’ with a small number of very large players controlling the market.

“Open Banking will go a long way in helping to increase competition in Australia, but its success is heavily predicated on how much attention to detail is placed by the government, Data61 and the ACCC, to make sure that what the law intends, is what’s implemented in practice. 

He said for many fintechs, CDR alone won’t fix the problem of getting a better deal for Australians – especially on the mortgage front where the big banks hold data.   

“They currently hold most of the credit data on customers with a credit footprint.

If there is no obligation for them to disclose credit information it makes it hard for smaller lenders – including fintechs, to properly assess credit risk, which makes the increasing competition even harder.”

Tweaking Australian Legislation and Standards

While Scandurra is concerned about the next round of detail in the legislation, Ranger thinks that Australia should just “get on with it.”

“You can deal with the more complicated standards issue within the legislation later,” he said. “Australia needs to share more data quickly while keeping privacy, security and consent issues at the forefront. 

“In Europe, we have a privacy and security bill that basically says that as an individual you have the right to have all of your data about you – given back to you the consumer in electronic form and that’s what you need here,” he said.  

Ranger said that it was essential that legislation expressed that “the explicit and informed consent”  of an individual was obtained, prior to sharing any data. 

He predicted that fintechs, while waiting for data, would continue to engage in controversial screen scraping practises until they were in a position to access more detailed customer information. 

Screen scraping is a practice frowned upon by the banks, where the customer provides their private login and password details to a fintech so that they access their private banking and extract information.

Open Banking is the first stage of the Consumer Data Rights in Australia and Energy and then Telecommunications legislation will be addressed next. 

Next Steps in the CDR rollout

However, Ranger said the same principles should apply to all consumer data legislation. 

“If it takes Australia 4-years to do this sector by sector. You don’t get the advantage.”

“The recommendation we are making to Australia is that immediately have version two of the CDR, which says for all other sectors – from health to retail to energy – if you have personal data, just like we’ve done, you have to support giving it back to the consumer in a secure electronic form available for reuse, but with a well-formed API. 

“If you did that you will find that industry will do all the complicated stuff, like interoperability which is what your standards are trying to do. You don’t have to do it – it’s available for free.”

Ranger says Australia is still in a great place to lead the world in the data economy. 

“This future is a lovely advantageous future and it’s one we should want. It solves privacy security and consent. And, the CDR bill passed last week is the first piece of that, which is getting a lot more value for businesses, individuals and government too. 

“This new personal data economy race will be won by the country that implements the return of data, and new value propositions to customers fastest and there’s a small window for the next version of your CDR, if you make it wide and quick.”

“Australia will receive an immediate and substantial boost to its economy if it gets this right and moves quickly.”