Ceasing secondary user sharing

Following the registration of the Competition and Consumer (Consumer Data Right) Amendment (2024 Measures No. 1) Rules 2024 on 12 November 2024, the CDR Rules no longer require data holders to provide a service allowing an account holder to indicate they no longer approve disclosures initiated by a secondary user to a particular accredited person. However, data holders can continue to offer this functionality voluntarily.

If a data holder chooses to provide this service and an account holder makes such an indication the data holder must stop sharing CDR data to the indicated accredited person in response to a consumer data request by a particular secondary user (rule 4.6A(a)(ii)).

This is distinct to the mandatory requirement to allow an account holder to withdraw a secondary user instruction. Please see the guidance on secondary users in the banking sector or guidance on secondary users in the energy sector for more information.

The rules also do not require data holders to allow an account holder to stop secondary user sharing in relation to a particular authorisation but data holders are permitted to provide that additional functionality.

We encourage data holders who have questions about secondary user obligations to log a ticket on the CDR Support Portal.