There are now five access models for CDR data, after previously only the unrestricted accreditation model.
The latest rule changes to the Consumer Data Right in Version 3, are the most widely anticipated and contentious updates yet. After several months of feedback and consultation, Treasury proposed the rule changes in June 2021, followed by a one month consultation period in July, and finally the confirmed rules in October.
From the initial proposal to the confirmed rules, not much changed. The rules passed allow a new "sponsored" accreditation model with Sponsor-Affiliates. Unaccredited Representatives can collect and use data under the governance of an accredited Principal. Data sharing with unaccredited third parties in limited circumstances is also now possible with the Trusted Advisors and CDR Insights models. Finally, the consent requirements for joint accounts have been revised.
Let's take a look at the good, the bad, and the remaining question marks from each of the five key changes.
- By default, joint accounts are taken to opt-in to data sharing if either of the account holders consents (pre-approval option).
- Both account holders have the option to set non-consent so the account cannot be used for CDR data sharing (non-disclosure option).
- It can be set to the co-approval option where both or all joint account holders need to approve each individual consent to data sharing arrangement.