The Consumer Data Right (CDR) rules have been updated to permit accredited intermediaries to collect data on behalf of third party data recipients, providing there is consumer consent.
The CDR has been touted as allowing individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it.
It officially launched on 1 July.
The CDR aims to help an individual monitor their finances, utilities, and other services, and compare and switch between different offerings more easily. The system also aims to encourage innovation and competition between service providers, including startups.
In the first instance, the mandate applies to banking, but the energy sector is the next cab off the rank, with telecommunications to then follow.
The Australian Competition and Consumer Commission (ACCC) said the amended rules, in place from Friday, mean accredited businesses can now ask other accredited businesses to obtain consumer data on their behalf.
It said the update is intended to facilitate greater participation in the CDR by fintech firms.
The ACCC said the changed rules will, for example, allow an accredited business to use outsourced IT infrastructure and software of an accredited intermediary to connect to data holders' APIs, rather than build their own.
Consumers will be informed during the consent process if an intermediary provider may collect their CDR data, and must be shown the provider's name and accreditation number.
"This is the first in a series of measures to reduce the time and cost to enter and operate in the Consumer Data Right ecosystem," ACCC commissioner Sarah Court said.
"The rule changes also make it easier for businesses who currently rely on outsourced services to join the Consumer Data Right, and reflect our ongoing goal of facilitating a wide range of business arrangements within the Consumer Data Right."
Court said all businesses being accredited by the ACCC go through a "rigorous process" and noted the amended rules do not change such controls.
Speaking earlier this year, ACCC CDR executive general manager Paul Franklin said the watchdog was looking beyond the 1 July 2020 commencement date and was working on expanding CDR to non-major banks in 2021, with intentions to develop a subsequent set of rules.
"It's always been the ACCC's intention to expand and grow the CDR over time … As part of this, we're considering appropriate measures to permit the use of intermediaries, the introduction of lower tiers of accreditation where appropriate, expanding the use of outsourced service provider rules, and disclosure of consumer data right data to non-accredited third parties where appropriate," he said.
The ACCC has also this week announced consultation on proposed new consumer data rules.
This includes proposals for new levels of accreditation, expanding the CDR to business customers and a range of other measures.
The blue bank believes adding more accreditation types will encourage innovation in the Australian financial services market.
The bank is concerned it could be placed at a competitive disadvantage to benefit other industry participants if Australia's open banking regime is expanded.
It is requiring an entirely new architecture for the big four banks, as well as the other initial 148 ADIs, to be ready for the requirements of the consumer-focused data-sharing regime.
The Senate committee probing fintech and regtech has made 32 recommendations. Here's everything they say could fix the problems with financial services innovation in Australia.