The Australian Competition and Consumer Commission (ACCC) has announced "certain aspects" of the Consumer Data Right (CDR) in the banking sector that were initially mandated to go live on 1 February 2020 will now be delayed.
The ACCC said consumers' ability to direct major banks to share their credit and debit card, deposit account, and transaction data with other service providers will be deferred until 1 July 2020.
Meanwhile, consumers' mortgage and personal loan accounts will not be made available for sharing until 1 November 2020.
The ACCC said the delay means the consumer watchdog, which has been has been charged with oversight, specifically responsible for rule-making, consumer education, and eventually the enforcement of the CDR, can continue to make reforms and ensure necessary security and privacy protections are in place.
"The CDR is a complex but fundamental competition and consumer reform and we are committed to delivering it only after we are confident the system is resilient, user friendly, and properly tested," ACCC commissioner Sarah Court said.
"Robust privacy protection and information security are core features of the CDR and establishing appropriate regulatory settings and IT infrastructure cannot be rushed."
Court said in mid-November that while the deadline was "extraordinarily tight", the ACCC was in the final stages of finalising the build of a register, which will be a list of all the accredited and participating data receivers under the CDR.
"We're finishing that. The banks are finalising their builds, the data receivers are finalising their builds and getting ready for accreditation, and we have just commenced what's going to be an intense testing period to try and ensure we have connectivity, all the security standards, and architectures we need built into the system," she said at the time.
The ACCC has been drafting up rules since March that stipulates how data requests would be made under CDR, which will be slowly rolled out in phases, starting with the financial services sector -- specifically the big four banks -- through an Open Banking regime.
Eventually, the CDR will be extended to the energy and telecommunications sectors.
Prior to the release of the implementation guidelines of the CDR, the Australian Privacy Foundation said the CDR privacy safeguards were not sufficient, and that the government had "severely" underestimated the need for more thought across the entire legislative change.
Meanwhile, the Communications Alliance has been concerned that the legislation will not be overly applicable to industries other than banking, and that the rushed through process will result in a disjointed framework that is not well thought out.
The ACCC said following the update to the timeline, it will "conduct further consultation" to examine whether consequential changes will need to be made to other phases of the CDR.
The consumer watchdog has named the 10 financial services firms and startups that will be testing components of the first tranche of the Consumer Data Right.
But it also thought its amendments were going to be put into Australia's encryption Bill.
Legislation to be passed nearly two years after the new regime was officially announced.
Generic product data via APIs kick off the first tranche of Australia's Consumer Data Right.
Consumers will soon be able to easily compare and switch energy service providers.