Please ensure Javascript is enabled for purposes of website accessibility

Consumer Data Right

  1. Home
  2. -
  3. Fact Sheets
  4. -
  5. Consumer Data Right

This fact sheet is for information only. You should get legal advice about your personal situation.

Main ideas

• Consumer data right (CDR) is an easy and secure way to share your financial data with banks and financial service companies.
• You control who the data is shared with, what data is shared, and how it is used.
• Consumer data right is an Australian Government initiative and heavily regulated.
• Only deal with an accredited CDR provider.

In this fact sheet:

CDR: An Australian Government initiative to help you control and use your own data

You choose who can see your data and what it is used for

How to share your data
• Manage your data sharing
• Correcting your data

Complaining about CDR matters

CDR: An Australian Government initiative to help you control and use your own data

Consumer Data Right (CDR) was developed by the Australian Government to make it easier for you to access and share your financial data between your bank and other financial services. The CDR will expand over time so you can share other datasets, like your energy, telecommunications, superannuation, and insurance information.

CDR may help you find banking products and financial services that are best for you. For example, you might want to find a better loan or use a budgeting app. However, sharing sensitive financial data with other parties (or other financial services) always carries a risk.

Your existing bank holds a lot of data about you, the accounts you have and how you earn and spend your money. If you want to shop around, you may be able to use CDR to transfer your data to a broker or comparison website to get quotes and product comparisons tailored to you. If you want to apply for another product, like a home loan, the CDR may allow your data to be transferred easily to the new bank or service.

You can only share data with an accredited CDR provider. The provider must meet all the government’s requirements and comply with all regulations to protect and secure your privacy and financial information. You can read the Office of the Australian Information Commissioner’s ‘Protecting your CDR data’ for more details.

You choose who can see your data and what it is used for

Your data can only be shared if you give your consent. Your consent must be voluntary and made as an active choice. You don’t have to share your data if you don’t want to. You can choose:

  • which services see and use your data
  • what types of data you share
  • how the data is used.

You can stop sharing your data at any time, and you can ask for it to be deleted or de-identified when it is no longer needed.

How to share your data

  1. Check the service asking for your data is an accredited CDR provider. Do not provide your data to any service that is not accredited.
  2. Go to the CDR provider’s website and confirm your identity. There will be an identity check to verify yourself with your bank using a one-time password. You will not be asked for your banking password or banking verification codes.
  3. Select the data you wish to share, and who you will share it with. The data will then be shared between your bank and the CDR provider.

Manage your data sharing

Manage your consents within the CDR provider’s website or app. Know how to withdraw your consent and delete your data.

  • You don’t have to share your CDR data if you don’t want to. You should not feel pressured into giving your consent. Think carefully about whether sharing your sensitive financial data is in your best interests. Get legal advice if you are unsure.
  • Only share the minimum amount of data required to use the service.
  • Check how your data will be used – will it be used to advertise to you? Will the provider recommend the best deal for you or the deal that makes them the most money? You should only consent to your data being used in the way you want it to be used.
  • Decide how long the provider will have access to your data (maximum 12 months). You can withdraw your consent at any time.
  • To protect your privacy, you should choose to delete your data when you no longer need the service.
  • Do not consent to sharing your data with a company that is not accredited.

Correcting your data

If your data is incorrect, you can ask the holder of the data to correct it. The data holder must either:

  • correct your CDR data, or
  • include a statement explaining the CDR data, so the data is then accurate and complete. The data holder should also try to link the statement to the data, so that anyone using the data will see that explanation.

The data holder must also let you know how they corrected your data, or explain to you why a correction or statement is not necessary or appropriate and how you can complain.

Complaining about CDR matters

You should complain to the accredited CDR provider first.

Each CDR provider has a policy available on their website or app explaining how to complain.

If the accredited CDR provider does not respond within 30 days, or if you are not happy with their response, you can complain to either:

Time limits apply to making a complaint, so do not delay.

You can ring the Credit & Debt Legal Advice line for help on 1800 844 949, if you have any questions.

Need more help?

Visit our Useful Links page for a list of other resources.

Last updated: February 2023

Help us make a difference

Support the work of the Financial Rights Legal Centre today.

Donate
I hope that you don’t stop doing the important work you do. Helping people to grow in their understanding helps everyone around them! I wish there were more services like this out there!