The ACCC issued four infringement notices to CBA, citing the bank's failure to enable data sharing for certain business and partnership accounts. The CDR framework is designed to empower consumers by allowing them to share their data with accredited third parties, facilitating better deals on financial products and services. CBA's non-compliance hindered this process, affecting consumers' ability to access CDR-enabled services.
Consumers reported difficulties in accessing these services due to the bank's lapse. In response, CBA acknowledged the issue, stating that it had self-reported the breach and accepted the ACCC's findings. The bank plans to notify affected customers about potential remediation options.
This incident marks the second major penalty for a CDR breach in 2025, following National Australia Bank's A$751,200 fine earlier this year. The ACCC emphasized that banks have had ample time to understand and implement their CDR obligations and warned of continued enforcement for future violations.
For consumers, this development highlights the critical role of data rights in the financial services industry. It serves as a reminder to stay informed about how financial institutions handle personal data and to advocate for transparency and compliance with data-sharing regulations.
Published: Thursday 11th December, 2025
Please Note: If this information affects you or is relevant to your circumstances, seek advice from a licensed professional.
