Consumer Data Right: Draft Privacy Impact Assessment

This consultation process has now been completed. Submissions available
Consultation Type
Consultation Paper

Key Documents

On 9 May 2018 the Government committed to implement the Consumer Data Right (CDR) in line with the recommendations of the Review into Open Banking in Australia.

Treasury has prepared a first version of the Privacy Impact Assessment (PIA) for the CDR, in accordance with the Privacy (Australian Government Agencies – Governance) APP Code 2017. The draft PIA is based on the CDR regulatory framework proposed in the Treasury Laws Amendment (Consumer Data Right) Bill 2018. As recommended by the Office of the Australian Information Commissioner (OAIC) in its Guide to undertaking PIAs, extensive consultations have taken place on the privacy risks and concerns associated with introducing consumer data access and portability rights and the approach that is being taken to mitigate those risks. This has occurred as part of, for example:

  • the Productivity Commission’s Data Availability and Use Inquiry;
  • the Open Banking Review (OBR) and the Government’s consultation on the Final Report of the OBR; and
  • consultations on two drafts of the Bill.

The draft PIA documents the outcomes and learnings from these consultations.

The Government is seeking comments on this document by 5pm Friday 18 January 2019, to be considered as part of the development of a revised version.

The revised PIA, incorporating the views of the public as well as key decisions on the Consumer Data Rules and standards, will be completed ahead of the Autumn Parliamentary sitting period.


15 submissions were received for this consultation.

AGL Energy - pdf 167.44 KB
Commonwealth Bank - pdf 1.76 MB
FinTech Australia - pdf 153.33 KB
ID Exchange - pdf 1.16 MB
Illion - pdf 382.43 KB
Law Council of Australia - pdf 223.73 KB
Red Energy/Lumo Energy - pdf 585.09 KB
SecureLogic - docx 626.12 KB
Simply Energy - docx 105.74 KB