Question

1. We are interested in the thinking and history behind the definition of eligible CDR consumer in the Rules. The requirement for a customer to be a holder of an open account means that a primary use case (i.e. credit checks/loan origination) will not be available for some customers with respect to given data holder/s.
2. What is the logic in requiring the data holder to expire consents if/when a consumer becomes ineligible via the current rules? It appears to be both an impost on the data holder to satisfy and a sub-optimal consumer experience.
3. If we take the case of a customer who has a transaction account with a data holder but has not registered for online banking and has never accessed the account online, are they an ineligible customer? This is assuming they are over 18 years old and that they could access online banking if they wanted to, however they have to go through a process to register and get access credentials. Other customers of the same data holder, with the same product, are currently assessing their account online.
4. The same customer from the previous question now registers for online banking and can access their account online. Do they become an eligible customer now?
5. What is the consequence of sharing data for customers who do not have at least one account that is set up in such a way that it can be accessed online, assuming the customer is over 18 years old?

Answer

1. The concept of an ‘eligible’ CDR consumer relates to the class of consumers who can share data under the CDR.  For individuals, it captures customers of the data holder who are over 18 and have at least one open and online account.  These customers will have online credentials with a data holder through internet or mobile banking.  
   
   The purpose of this is to enable data holders to leverage those existing online credentials, for example when it comes to authentication in the CDR – making the experience of using the CDR a digital one.  Due to the definition of ‘consumer’ under the Act, without the concept of ‘eligibility’ in the Rules data holders would be required to share CDR data for a broader range of their customer base, including those who have not activated online banking and those who are former customers.  
   
   As noted at paragraph 3.1 of the Rules Framework, the ACCC recognises the utility of providing former (and wholly offline) customers with the right to access CDR data, however, these were not considered a priority class of consumers for the initial implementation of the CDR in light of issues such as consumer authentication.    
   
   A consumer who seeks to open an account with a new provider will be able to share their CDR data from any data holder with whom they are eligible at the time.  We note that consumers are also able to share data from closed accounts for a certain period of time (see here) – provided they are still eligible for that particular data holder (i.e. have at least one open account). 
   
   
2. The requirement for authorisation to expire when a consumer ceases to be eligible follows the rationale above, i.e. once a customer has closed all of their online accounts with a particular data holder, they no longer have an ongoing digital relationship with the data holder or any active credentials through which they could be authenticated. Therefore, any authorisation to continue disclosing expires at the same time.
3. As set out in Sch 3, Clause 2.1 of the rules, one of the conditions for eligibility is that the CDR consumer's has an account that 'is set up in such a way that it can be accessed online by the CDR consumer.'  If the CDR Consumer doesn't have at least one account set up in that way, as appears to be the case in your example, they would not be eligible. 
4. Yes.
5. As noted above, a CDR consumer who does not have at least one account set up in a such a way that it can be accessed online would not be an eligible consumer.

For more information, please see our knowledge articles on Offline accounts and Internet banking and accessibility requirements.