Oz Bank Receives First Fine For Consumer Data Right Breach

July 14, 2022
Australia’s Bank of Queensland has paid a six-figure penalty fee following an alleged breach of the country’s Consumer Data Right Rules.

Australia’s Bank of Queensland has paid a six-figure penalty fee following an alleged breach of the country’s Consumer Data Right (CDR) Rules.

In July last year, the Australian Competition and Consumer Commission (ACCC) issued an infringement notice to the Bank of Queensland, alleging non-compliance with the new open data rules.

According to the ACCC, the Bank of Queensland was required to be able to share data for financial products, including savings accounts, term deposits and credit cards, with accredited third parties by July 1, 2021.

However, the bank did not make the required services available until December 13, 2021, meaning the bank’s customers were unable to share their CDR data for more than five months after the deadline.

On Wednesday (July 13), the ACCC announced that the Bank of Queensland has paid a penalty fee of A$133,200 (US$90,544) in relation to the infringement notice.

As noted by the ACCC, however, the payment of a penalty specified in an infringement notice is not an admission of wrongdoing in relation to the CDR Rules.

In deciding to issue the infringement notice, the ACCC said it considered the period of alleged non-compliance, the number of customers potentially impacted, the resourcing constraints the bank faced in developing its CDR infrastructure and the steps it had taken to limit the duration of its non-compliance.

The ACCC said that this is the first infringement notice that it has issued for an alleged breach of the CDR Rules.

It also hinted that further infringement notices may be issued after a “number of banks” were delayed in implementing CDR solutions, partly due to COVID-19-related issues and partly due to a shortage of skilled IT staff.

Open data for Australia

The CDR is the Australian version of what other jurisdictions call open banking, enabling Australians to leverage and take control of their data to improve the types of services they receive.

For example, the CDR gives consumers the right to safely access data about themselves held by data holders and direct this information to be transferred to accredited third parties.

In theory, these data transfers can then be leveraged by consumers to access new, improved or cheaper products and services from other providers.

Peter Crone, commissioner at the ACCC, said “in the current environment of rising interest rates, consumers benefit from greater access to information and tools to help them compare products and make informed decisions about switching banks, and the CDR assists this”.

Unlike many other parts of the world, however, the CDR goes way beyond financial services into several other areas of the economy, including energy and telecommunications, which are next on the roadmap for data sharing services.

For example, in October this year, the energy sector will be required to share product information, which will be followed in November by the commencement of consumer data sharing.

The CDR is designed and overseen by the Australian government and independent regulators to ensure it is safe and secure for consumers.

The ACCC, together with its co-regulator, the Office of the Australian Information Commissioner, is responsible for ensuring CDR participants, providers and data holders comply with their CDR obligations.

In cases of non-compliance, the ACCC will consider taking enforcement action in line with the CDR Compliance and Enforcement Policy.

This can include administrative outcomes, enforceable undertakings, infringement notices, suspension or revocation of accreditation, or commencing court proceedings.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.
No items found.