Data transfer and ownership in Australia is tested by open source

Open source mock version of Consumer Data Right plays a part in ensuring control over own data

Published on: 18/08/2021

Since 2017, individuals and small businesses in Australia have had the possibility of comparing products and services of, for instance, accredited banks. The system behind (consisting of a number of APIs) is tested on an ongoing basis by an open source mock version. This testing increases the security of the Consumer Data Right Register.

Photo by Kelly Sikkema

The Australian Government established a website with a services for citizens and smaller businesses, the Consumer Data Right (CDR). CDR is an opt-in service active in banking, that helps manage finances, to access services and deals by providers among other things. As an opt-in service, the intention is for users to only share data that they consent to and thereby remaining in control. The providers cooperating with the service are accredited and the CDR is strictly regulated by the Government. CDR is fully functional with banks and plans to further develop in the energy and telecommunications sectors too.

A mock version of the CDR is available on Github in C#. The mock version gives the actors behind CDR the possibility to test the security of code on an ongoing basis without risking the loss of users’ data. It includes code and documentation to assist development and testing of the processes of data transfer.


Comparison based on real data

The process behind the data transfer service of the CDR is straightforward and takes less than two minutes. On an accredited provider’s website, the user can give permission for the provider to access personal or business data. With the CDR, users gain greater control over their own data by helping to monitor their finances and securely share data. These data include but are not limited to:

  • Name and contact information,
  • Details about potential business,
  • Account number, name, and type,
  • Transaction data.

The user’s identity will then go through a verification process and they will be able to receive comparisons of products and service based on real data. When a user wishes to compare products, there is competition of the marketplace (among providers), and a user may potentially switch providers depending on the better offer.

The Data Standards Body within the Federal Treasury is responsible for the creation of technical standards while the Federal Treasury as a whole is the lead agency. The Data Standards Body has set up the format and process for the data sharing under the CDR. The technology behind consists of APIs.


Privacy and security

The mock version on GitHub helps testing as well as privacy and security in a community of developers:

This repository contains a mock implementation of the Mock Register and is offered to help the community in the development and testing of their CDR solutions.

- Github for mock register

Co-operating bodies for the CDR are the Office of the Australian Information Commissioner (OAIC) and the Australian Competition and Consumer Commission (ACCC).

The format and sub-services have been developed since May 2018 and are still ongoing.


Final take-aways

  • A mock version of the Consumer Data Rights Register is a central piece in ensuring good code and the privacy and security of it.
  • Data transfer between individuals/small business owners and accredited providers in the financial sector is quick and simulates competition between the providers when comparisons of services and products are presented to the individual.