ING Bank (Australia) Limited has paid penalties totalling $53,280 for allegedly failing to comply with Consumer Data Right (CDR) Rules and making a false or misleading representation to consumers, after the ACCC issued it with four infringement notices.

The ACCC alleges that ING Bank missed three important legislated deadlines and made a misleading statement to consumers on its website about the reliability and security of its CDR service.

The CDR is an economy-wide data sharing program that enables Australians to leverage the data businesses hold about them for their own benefit. It has commenced in the banking and energy sectors.

The transfer of consumer data is at the direction of consumers.

Under the CDR Rules, ING was required to be in a position to share data for certain financial products by specific deadlines. This included data relating to residential home loans by 1 November 2021, and data relating to joint accounts by 1 October 2022.


Top Australian Brokers


The ACCC alleges that ING Bank did not meet all of these obligations as required. This meant ING Bank was not able to facilitate certain consumer data sharing, as it was not capable of receiving consumer data requests from accredited data recipients acting on behalf of consumers.

The ACCC alleges that by failing to meet its obligations, ING potentially denied its customers the full benefits of being able to use the CDR program.

“Under the CDR, consumers have a right to safely and securely share certain data with accredited providers, including fintech firms and other third parties, who in turn can use that data to create better customised products and services for the consumer,” ACCC Commissioner Peter Crone said.

“Unlike customers of most other banks, many ING customers were not able to fully benefit from the services of accredited businesses using their CDR data.”

“Allowing consumers to share CDR data relevant to these services, including those relating to financial management and comparison tools, is important, especially given current cost of living pressures and rising interest rates,” Mr Crone said.

“All data holders are reminded that failure to comply with the CDR Rules will result in scrutiny by the ACCC and may result in enforcement action, with potentially serious consequences including infringement notices or court proceedings.”

The ACCC also alleged that ING Bank breached the Australian Consumer Law by making a false or misleading representation on its website. Between 28 October 2021 and 2 February 2022, ING Bank represented its accredited person request service had been operational since 1 July 2021 and was therefore a reliable and secure system for customers to use to share data, when this was not the case.

“All CDR participants are warned that any claims about the CDR must be accurate and able to be substantiated, or they risk breaching the Australian Consumer Law, which can attract significant penalties if the ACCC commences court proceedings,” Mr Crone said.

ING Bank removed the allegedly false or misleading representation from its website after the ACCC raised its concerns.