The Australian Competition and Consumer Commission (ACCC) has opened the door to IT providers to capitalise on the data collection market.
The consumer watchdog has amended the Consumer Data Right Rules to permit “accredited intermediaries” to collect data on behalf of third party recipients as long as they attain consumer consent.
The net effect is that companies are now able to outsource data collection, opening up a potentially massive market which was not open until now.
Under the new rules, companies can use outsourced IT infrastructure and software of an intermediary to connect to data holders’ APIs, rather than have to build their own, as long as both parties are accredited by the ACCC.
“This is the first in a series of measures to reduce the time and cost to enter and operate in the Consumer Data Right ecosystem,” ACCC commissioner Sarah Court said.
“The rule changes also make it easier for businesses who currently rely on outsourced services to join the Consumer Data Right, and reflect our ongoing goal of facilitating a wide range of business arrangements within the Consumer Data Right.”
“All businesses being accredited by the ACCC go through a rigorous process to ensure they meet appropriate security requirements. These amendments do not change those rigorous controls.
“We are pleased by the interest already shown from businesses who want to join the Consumer Data Right.
“We look forward to more and more businesses joining the Consumer Data Right ecosystem, and delivering increased competition and innovation for consumers and the wider Australian economy.”
The intermediaries' rules have been made following consent from the Treasurer and will come into effect tomorrow.
The ACCC said consumers would be informed during the consent process if an intermediary provider may collect their CDR data, and must be shown the provider’s name and accreditation number.
The watchdog is progressing enhancements to the Consumer Data Right Register to accommodate the amendments, which will be available to new and existing accredited data recipients from November 2020.
The amendments do not impose additional build requirements for banks as data holders.