What Is The Consumer Data Right? An Australian Guide

The Consumer Data Right, or CDR, is an Australian Government framework that gives people more choice and control over how their data is shared.

For banking, CDR lets you choose to share eligible bank data with an accredited provider or a service operating through an approved CDR arrangement. The official CDR website describes the system as opt-in and says data is transferred using secure automated technology.

That matters because many personal finance apps are only useful when they can see more than one account. CDR gives Australians a regulated way to share data for services such as product comparison, financial and cashflow management, and new digital tools.

CDR is opt-in

You do not have to use CDR. If you do use it, the consent flow must explain what data is being shared, how it will be used, who can access it, how long access lasts, and how you can manage or withdraw consent. A CDR consent can run for a maximum of 12 months from the date it is given or last amended, and you can withdraw consent at any time.

CDR is active in banking and energy

The CDR website states that CDR is active in banking (since 2020) and energy (since 2022). Non-bank lending is the next sector: product data sharing obligations are scheduled to commence on 13 July 2026, with consumer data sharing obligations starting from 9 November 2026 for initial providers. In the banking context, CDR can include data such as customer information, account information, balances, transaction details, direct debit information, scheduled payment information, and saved payee information where available.

Who regulates CDR?

The CDR system is led by the Australian Government's Treasury, working with the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). The Data Standards Body, which sits within Treasury, develops the technical and consumer experience standards. The ACCC is responsible for the accreditation process; the OAIC regulates privacy and confidentiality under the CDR.

The OAIC states that CDR has strict privacy protections and security requirements built into the system, including 13 legally binding privacy safeguards.

How Cove Money uses CDR

Cove Money operates as a CDR Representative of Fiskil Pty Ltd. Fiskil is the Accredited Data Recipient that collects and discloses CDR Data on behalf of Cove Money.

Under the CDR representative model, an unaccredited business (a CDR representative) can provide services directly to consumers through a written contract with an unrestricted accredited person (a CDR principal). The principal is liable to consumers for the actions of the representative, including under the privacy safeguards.

Cove Money receives bank data on a read-only basis. Cove Money does not receive or store your bank login credentials. Authentication and consent are handled through the CDR flow made available by your bank, Fiskil, and the CDR framework.

Why it matters for everyday money management

When your money is spread across banks, cards, savings accounts, and loans, it can be hard to see the full picture. CDR can help a service like Cove Money show connected accounts, balances, transactions, bills, cashflow, and insights in one place, using data you have authorised.

Cove Money is still a personal finance information and tracking service. It does not provide financial product advice, personal financial advice, legal advice, tax advice, accounting advice, or credit advice.

---

This article is general information only and does not constitute personal financial advice. Consider seeking advice from a licensed adviser before acting.