Bank of Queensland Ltd has paid a penalty of $133,200 after the ACCC issued it with an infringement notice for allegedly breaching the Consumer Data Right (CDR) Rules by failing to provide a service enabling consumers’ data to be shared.

The CDR is an economy-wide data sharing program that enables Australians to leverage the data businesses hold about them for their own benefit. The CDR was first rolled out to banking in July 2020 for the major banks, with all other banks required to share certain data by 1 July 2021.

The transfer of consumer data is at the direction of consumers.

Under the CDR rules, Bank of Queensland was required to be in a position to share data for financial products, including savings accounts, term deposits and credit cards, by 1 July 2021.

The ACCC alleges that Bank of Queensland did not meet this obligation on 1 July 2021 as required.


Top Australian Brokers


Bank of Queensland did not make the required services available until 13 December 2021, which meant that the bank’s customers were unable to share their CDR data for more than five months after the date by which this service was required to be available to them.

“Under the CDR, consumers have a right to safely and securely share certain data with accredited providers, including fintech firms and other third parties, who in turn can use that data to create better customised products and services for the consumer,” ACCC Commissioner Peter Crone said.

“For the CDR to work effectively for consumers, participants including all banks must meet their data sharing obligations within the timeframes set by the regulations” he said.

“In the current environment of rising interest rates, consumers benefit from greater access to information and tools to help them compare products and make informed decisions about switching banks, and the CDR assists this” Mr Crone said.

The ACCC closely monitors compliance with CDR obligations and provides support for participants to assist them in preparing for and entering the CDR program.

“As it is rolled out, the CDR will increase consumer choice and promote the innovation needed to improve competition in financial services and other areas. It will play a central role in enhancing productivity,” Mr Crone said.

If CDR participants do not comply with their obligations, the ACCC will consider taking enforcement action in line with the CDR Compliance and Enforcement Policy. This can include administrative outcomes, enforceable undertakings, infringement notices, suspension or revocation of accreditation, or commencing court proceedings.

This is the first infringement notice the ACCC has issued for an alleged breach of the CDR Rules.

A number of banks were delayed in implementing their CDR solutions, in part due to issues related to the COVID-19 pandemic and a shortage of skilled IT resources. In deciding to issue an infringement notice to Bank of Queensland, the ACCC took into account a number of factors, including the period of alleged non-compliance, the number of customers potentially impacted, the resourcing constraints Bank of Queensland faced in developing its CDR infrastructure and the steps it took to limit the duration of its non-compliance.

Originally published by ACCC