article 3 months old

ESG Focus: Surviving & Thriving In The CDR Era

ESG Focus | Jul 26 2021

FNArena's dedicated ESG Focus news section zooms in on matters Environmental, Social & Governance (ESG) that are increasingly guiding investors preferences and decisions globally. For more news updates, past and future:

The beginning of the Consumer Data Right (CDR) will be recalled as the commencement of a very beneficial new chapter for Australian businesses and consumers alike.

Surviving And Thriving In The CDR Era

-Integrating the Consumer Data Right will be a key challenge for Australian businesses
-The CDR seeks to rebalance the data relationship of commercial entities and consumers
-It seeks to offer consumers more control over their data and ways to use it for their benefit

By Ed Kennedy

The implementation of the Consumer Data Right (CDR) is set to be a key commercial trend of the 2020s.

The CDR shall deliver consumers greater control over their own data. This includes the choice of sharing that data securely with an accredited third party as desired.

Advocates for the CDR aspire to see an economic landscape in which it’s easier for everyday consumers to monitor their dealings with various businesses, compare their offerings with greater clarity, and to make the switch among providers when they wish to do so.

Additionally, there’s the hope the integration of the CDR across the Australian landscape will spur innovation and increase competition between providers.

The CDR’s rollout since July 2020 in Australia has begun with the banking sector – commonly known as the shift towards ‘Open Banking’ – and other industries are joining it.

For consumers and commercial entities alike, a thorough understanding of the CDR is now essential.

Redefining the Data Dynamic 

In order to fairly grasp the significance of the changes the CDR will bring, it’s necessary to understand the dynamics that underpin it. While Australia’s approach to this is its own, ultimately all nations across the globe are having to formulate a response to a digital data revolution that’s reshaped daily life and business at comparatively breakneck speed.

Similar to how many crypto enthusiasts now look at the first bitcoin boom of late 2017 to early 2018 as akin to the ‘Wild West’ period, before greater regulatory and investor support for cryptos matured the demographics of the sector, the 1990s were a digital frontier for the online world. Nations such as the US adopted a ‘light touch’ approach to regulation of online activity.

Though today entities that are huge harvesters of personal data are household names in the eCommerce and social media sectors, 20 years ago – ultimately a mere blink of the eye in human history – they were in their earliest infancy.

Those who previously supported the light touch approach before the rise of these tech titans surely could not have imagined the speed and scale of growth seen across the online world. As a result, governments near and far have been attempting to play catch-up for years in defining a set of regulations that’s seen to strike a better balance between business and consumers, and in turn to better qualify privacy principles defined centuries ago into the online era.

Scandalous events in recent years – most notably the fake news and data breach fallout from the US presidential election of 2016 – has seen growing prominence given to new calls for stronger regulation of these tech giants, and even a forced break up of their businesses under antitrust laws.

This owing to concerns too much power over consumer data and public opinion is presently consolidated in the hands of too few.

But ultimately, even many avowed privacy advocates would acknowledge the complexity of attempting to more vigorously regulate commercial interactions with consumer data.

Especially as the top-down imposition of any new law could be seen as diminishing personal choice and unreasonably restraining commerce if not applied with precision and nuance. It’s here that European Union approach in its implementation of the General Data Protection Regulation (GDPR) in 2018 is illustrative. 

How the EU’s GDPR informs the CDR in Australia

As the European Commission provides, the GDPR applies to “a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed”, or “a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.”

The GDPR has redefined the relationship between businesses and consumers when it comes to how the former collects, stores, and uses the latter’s data. 

Among the 8 basic user rights in the law, individuals have a right to be informed before their data is gathered, the right to restrict processing, the right to access their data, the right to be forgotten (to withdraw their consent and see their data deleted) and crucially as it relates to CDR in Australia, the right to data portability.

The latter is the provision that empowers individuals to transfer their data from one service provider to another if they choose to.

To Davinder Oberoi, Director of Consulting Services, Banking and Financial Services for IT business and consulting firm CGI, the GDPR example is a key factor when it comes to examining the CDR in Australia.

I think privacy is a critical consideration in the overall assessment of CDR. We can look to the example of the European Union with their General Data Protection Regulation (GDPR), a data protection and privacy regulation, for an insight into this.”

How the EU has handled the issues of identity, consent, and specifically explicit consent through GDPR and combined that with their Open Banking initiative [Payment Service Directive #2] PSD2 in Europe”, said Mr Oberoi. 

Systems have to be trusted and retain trust. If they do not, then by default people in the systems currently won’t stay with them, and people in future who would otherwise engage with them won’t do so.”

So I think that as the changes driven by the CDR era as they roll through the economy, certainly that will generate and inform new debate surrounding privacy in Australia, as the questions of privacy, identity, and consent will be fundamental to the success of CDR.”

Opening the Open Banking Chapter

The emergence of the CDR in Australia came about in the aftermath of the Global Financial Crisis. Kicking off with Treasury’s Financial System Inquiry in 2014, numerous related enquiries followed.

Ultimately, the 2017 ‘Review into Open Banking’ ordered by then-Treasurer Scott Morrison provided a framework for how the CDR could be brought into being.

Beginning with the banking sector, at its core the CDR seeks to empower the consumer to utilise their data for their own benefit.

This means as distinct from the prior landscape where businesses would by and large wield one-sided control over how data is acquired, stored, and utilised in a ‘take it or leave it’ proposal, going forward consumers will be able to utilise their data as an asset to seek more optimal outcomes for themselves. 

The utilisation of application programming interfaces (APIs) is central to this. Via the use of an API, data can be securely shared between a customer’s bank and another accredited party via the customer’s consent.

Already Australian banks have Open Banking processes in place available for use. A year since the commencement of this process, it affirms the theoretical applications of Open Banking are being borne out in practical applications and offerings.

But this is ultimately just the initial stage of an enduring commercial battle for consumer business in this environment. For Mr Oberoi, the author of the white paper ‘Setting Data Free: Paths for ‘Open Banking’ in Australia’, it’s necessary for Australian businesses to recognise the value in devising a long-term strategic intent in order to succeed on the new playing field that CDR will create.

I think CDR represents a paradigm shift in the market. What I mean by that is, if you look at the classical factors of production in economies historically – you know the dynamics of the land, capital, and labour – over the last 150 years, they all went through a substantial reform/change. Ones that brought them into a more competitive framework and set of competition policies across various jurisdictions”, said Mr Oberoi. 

To my mind what will occur with data in the near future will be no different than these other factors of production historically.The CDR is a step towards a new era. It’s a step towards bringing in data into a modern competitive policy framework. The shift that happens in the economy as a result of this will be huge. It may not be felt overnight, but it will occur, and it will be pervasive and profound.”

The Challenge of Convincing Consumers

There is a strong case to be made for the value in Australians acquiring a greater ‘data literacy’.

Particularly when it comes to having a greater understanding of which entities are using their data, and for what reasons. After all, it’s not news in recent times many Australians raised fair queries and reasonable concerns regarding government use of personal data on platforms like My Health.

But it’s also true if any Australians who refused to use these platforms due to privacy concerns are among the 80% who use social media, then there’s an unfortunate irony in a user’s attempt to safeguard personal privacy on one platform, if only to then post without restraint an abundance of personal info and photos on another platform.

There’s no suggestion a far better balance cannot be achieved here, but instead to affirm that a better balance is indeed necessary to pursue.

This is the case not only when it comes to the rollout of the CDR across banking and other sectors, but also on account of emerging challenges on the horizon. If all goes well in the mind of its optimists and advocates, a mainstream uptake of quantum computers in the years ahead could provide society with ‘one giant leap’ into the next generation of computer technology. But to skeptics, the same technology could serve to pose a profound cybersecurity threat. 

For CDR advocates and the commercial entities who shall have to operate within it, succeeding in this era shall surely involve threading the needle. Encouraging consumers to engage in an environment where data is more open and shareable, while also convincing them they can avoid the pitfalls that can surround their personal privacy in the contemporary online landscape.

To those who do it successfully, the beginning of the CDR will be recalled as the commencement of a very beneficial new chapter for Australian businesses and consumers alike.

FNArena's dedicated ESG Focus news section zooms in on matters Environmental, Social & Governance (ESG) that are increasingly guiding investors preferences and decisions globally. For more news updates, past and future:

Find out why FNArena subscribers like the service so much: "Your Feedback (Thank You)" – Warning this story contains unashamedly positive feedback on the service provided.

FNArena is proud about its track record and past achievements: Ten Years On

Share on FacebookTweet about this on TwitterShare on LinkedIn

Click to view our Glossary of Financial Terms