ACCC wants fintechs to improve data standards
The competition regulator wants fintechs receiving bank data under the government’s data porting regime to face tough penalties if they fail to meet stricter privacy standards that will be introduced to protect customers.
Releasing a framework for rules to govern the new “consumer data right” (CDR) – which will begin with bank data and then be extended to telecommunications and utilities – the Australian Competition and Consumer Commission said its accreditation regime would require data recipients to be “fit and proper”, have “effective” risk systems to protect information and privacy, and to take out insurance to cover potential data breaches.
Suggesting it will adopt a tougher approach towards open banking than regulators in the UK, where under a similar regime data has been flowing freely into lower quality fintechs, the ACCC said companies that fail to comply with accreditation standards could be hit with litigation.
“The ACCC’s current position is that rules imposing obligations on data holders or accredited data recipients will be specified to be civil penalty provisions,” the regulator said on Wednesday.
Leakage a ‘flaw’
However, the ACCC has also left open the potential for banking data to be used outside the regulated system.
It said it planned to allow customers to send banking data to non-accredited parties – which the legislation provides for – so long as it first goes through an accredited recipient, who must warn the customer that if they share it more broadly (for example, with their accountant or a mortgage broker), they will lose the regime’s protections.
To read more, please click on the link below…