Consumer Data Right
The Australian legal framework that gives consumers the right to share their data held by large businesses with accredited third parties.
In detail
The Consumer Data Right (CDR) is a framework legislated under the Competition and Consumer Act 2010, administered by the ACCC and the OAIC. It gives consumers the right to direct designated data holders (initially banks, then energy retailers, and progressively other sectors) to share their data with accredited data recipients in a standardised, consent-driven way. The Open Banking implementation uses the Consumer Data Standards published by Data61. Accredited recipients must meet strict security, privacy and consumer protection requirements. CDR is distinct from screen scraping: data flows directly via API under explicit consumer consent.
Why it matters for Australian business
Australian fintech, accounting software and financial planning applications that integrate with banking data must assess whether they need CDR accreditation or whether they are permitted to use screen scraping under transitional rules. AI tools that process CDR data inherit the associated obligations around consent, data minimisation and deletion. We advise clients on CDR obligations when building financial data integrations.