The ACCC issued four infringement notices to CBA, citing the bank's failure to enable data sharing for certain business and partnership accounts. The CDR framework allows consumers to share their data with accredited third parties to access better deals on products and services. The ACCC noted that consumers faced difficulties accessing CDR-enabled services due to CBA's non-compliance.
CBA acknowledged the issue, stating it self-reported the breach and accepted the findings. The bank plans to notify affected customers about possible remediation options. This incident marks the second major bank penalty in 2025 for CDR breaches, following National Australia Bank's A$751,200 fine earlier this year.
The ACCC emphasized that banks have had sufficient time to comply with CDR obligations and warned of continued enforcement for future violations. This development highlights the critical need for financial institutions to adhere strictly to data-sharing regulations to maintain consumer trust and avoid substantial penalties.
Published: Monday 15th December, 2025
Please Note: If this information affects you or is relevant to your circumstances, seek advice from a licensed professional.
