About Consumer Data Right
The Consumer Data Right (CDR) is a Commonwealth economy-wide reform designed to:
- Offer Australians greater control over their data, and
- Empower Australia’s consumers to choose from a range of tailored and innovative products and services.
CDR is live in the banking sector and work is now underway to implement these reforms to the National Electricity Market (NEM) – that is, the electricity market on Australia’s east coast (Queensland, New South Wales, Australian Capital Territory, Victoria, Tasmania and South Australia).
Who is involved
The Treasury leads CDR policy, including development of rules and advice to government on which sectors CDR should apply to in the future. Within Treasury, the Data Standards Body (DSB) develops the standards that prescribe how data is shared under CDR.
Treasury works closely with the two regulators, the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commission (OAIC) to implement and regulate the CDR.
The ACCC is responsible for the accreditation process, including managing the Consumer Data Right Register. The ACCC ensures providers are complying with the Rules and takes enforcement action where necessary.
The OAIC is responsible for regulating privacy and confidentiality under the CDR. The OAIC also handles complaints and notifications of eligible data breaches relating to CDR data.
Implementation of CDR in the energy sector
The regulatory framework for the implementation of CDR in the energy sector was completed by Treasury in 2021 including:
- the designation of the energy sector and data holders
- the development of energy specific consumer data right rules
- the establishment of data standards by the DSB.
Each of these steps is now complete leaving the final step of implementing the technology to facilitate the sharing of CDR data in compliance with the legislation, the rules and the standards.
The CDR designation for the Energy sector puts obligations on Retailers and AEMO to fulfil CDR data requests as primary and secondary data holders respectively.
CDR Implementation Timeline:
CDR in Energy will be progressively implemented over a period of time to May 2024 with key milestones:
From June 2022 – Industry testing of AEMO APIs
November 2022 – Tranche 1 integration with initial retailers (and others who opt-in) and excludes complex requests.
May 2023 – Tranche 2 integration with initial retailers (and others who opt-in) for complex requests.
November 2023 – Tranche 3 integration with all retailers with >10k customers excluding complex requests.
May 2024 – Tranche 4 integration with all retailers
CDR data sharing model in Energy
Authentication and Authorisation
The Consumer requests a service from the ADR (1), who passes the Consumer to their Retailer for Authentication (2). The Retailer checks the ADR’s credentials (3), authenticates the Consumer who Authorises sharing of their data (4) and confirms with the ADR (5).
Once Authorised, the ADR requests the data they need to deliver their service, from the Retailer (1). When the Retailer needs AEMO supplied data (standing, usage or DER data) the request is forwarded (2). AEMO retrieves and supplies the data to the Retailer (3) who together with data they supply, forward it to the ADR (4) who uses it to deliver the service to the Consumer.