A data right for consumers has been evolving in Australia for some time. The Consumer Data Right as it is called has a short formal history. The seeds planted sometime ago. Now I don’t have time to explore a detailed origin story from my position in this post. I see it from deep time as it relates to our (humans) storytelling and how we record it. The record keepers of ancient civilisations. The conceptualising and formalising of a social contract during the “enlightenment” period. The evolution of modern communications technologies. The advent of the internet, the philosophical tenets and the usurping of it by corporate interests. But that’s a rabbit hole best explored in a divergent podcast conversation of some sort. So I’ll try and keep this bounded, as much as my mind is possible of.
What I cover here does not represent the companies I work for, with, or own a stake in. There are overlaps for sure. The professional work I do relates to all this. But this is my blog. Where I try to explore my perspective in writing. Unhindered by the constraints of the legal fictions I have to work within.
I’ve written this post for a few purposes and people. It’s raw and unencumbered. It’s somewhat of an opinion piece. Informed by my experience working directly and indirectly with CDR over a number of years.
Yes, it’s for those of you working in these fields related to CDR and open data ecosystems. You may be a policy maker or a technical lead for open banking. A designer working on open banking or CDR enabled products and services. Even an executive trying to lay down an adaptive strategy for your organisation. Maybe even just an interested netizen. Regardless of your work role or functional title I want you to try to take that hat off for now. Put your Australian citizen hat on. Your global netizen hat on. And see this through the human(ity) lens.
I know you can do that.
So let’s go…
Why it matters
I’ll cover this from my personal perspective and why it matters to m3, and thus, why it should for you too.
I have 2 young children. At the time of writing they are 5 and 7 years of age. Digital technologies are so normalised in their daily life. They are true digital natives. Unlike me who started out using a motorola brick phone working on construction sites from the age of 14. Accessing bulletin boards, geocities and IRC on 56k dial-up in the mid 90’s. I have baggage. I don’t take it for granted where this has all come from.
So let me paint a picture…
In our current digital world individuals feel disempowered. Most are apathetic. They want more meaningful control but feel powerless. They’re shocked when presented with the extent to which their data is extracted and used. They want to take action, but it’s still just too hard…
They care about their privacy. They want tech that makes their lives better. Without the false trade-offs.
Organisations, too, have been struggling.
Many remain ill-equipped to govern modern information businesses. Most board compositions are filled with people older than me. The boomers. They lack the practical skills and working knowledge on how to set and define information strategy. Let alone mitigate information risk. They lack the lived experience and embodied cognition to be, well, digital. Senior leadership and management (SLAM) have become addicted to the big consulting firms’ guidance. The 100+ page slide decks, spreadsheets and meaningless artefacts. The misaligned business models that seek to put bums on seats. To extend customer lifetime value. Not capability transference. This is also not isolated to Australia and CDR. It’s systemic. It’s prevalent across both the public and private sectors. It’s a global problem.
Now back to SLAM…
Can they upskill and build working knowledge needed to lead? Yes. Are they? In aggregate I’m not so sure. There is still a plethora of questionable data practices pervading. Bad vendor choices. Martech stacks built on surveillance tech. Software stacks lacking the right architecture for privacy and security by design. Countless data breaches. Information monopolies. Continued perspectives from VC’s to create more data moats. Funding terms that compromise any values and purpose driven fintech startup founder abound. Then there’s the misaligned incentives that were well covered with the Hayne Royal Commission. Remember that? Has much changed? Marginal gains, but not where it counts.
Yet CDR has the potential to be the foundation of Australia’s digital society. It can pave the way to a future where digital technologies make people’s lives better. A world where we are not slaves to meaningless digital interactions. Where our “digital twins” are not emulated on servers and experimented on. We can avoid buttressing another extractive industry. Those ones that have wrought havoc on our biosphere we rely upon for life. Cautionary tales abound so I’ll spare any further dystopic references.
It does not have to be this way.
The power we have is real. It matters for my children and yours. It matters for future generations that we get this right. We can make this work for all people. Data rights encoded? Yes. Solid and dynamic standards and guidelines? Yes, those too. But let’s get back to the purpose of CDR. And frequently remind ourselves of it.
To give Australian netizens more meaningful control over their data and enable more actionable choice, while catalysing competition and innovation across industries.
I’ll touch on some of the how later in this post. But first, let’s have a little recap.
Origins of CDR
What a journey this has been. I recall reading through the draft report from the productivity commission in Nov 2016. I was working at an Australian startup Meeco as Head of Platform Product. It was early in the game of personal data wallets and consent based data sharing experiences. The timing was still not right. Individual netizens were only getting a grasp of the value of the data they generated daily. Companies were still exploiting it. Knowingly and unknowingly. Regulators and policy makers were wrapping their heads around this whole opportunity space as well. But the seeds had been sprouting. The soil was being fertilised with ideas, perspectives, frameworks, standards and guidelines. Global trends were converging. The “Snowden Effect” was shifting consumer perception. Regulatory trends were being pushed with GDPR, though still wrought with issues. The rules of the game were changing.
I’d been exploring the various areas of this since 2009. Trying to get a sense of the intersecting problem space. I admit I did get excited when I was reading through the draft report. It was about time we moved in this direction in Australia. This has so much potential to transform the Australian digital economy. To transform people’s lives for the better. It’s ambitious. I love it. I was optimistic but skeptical at the same time as I read between the lines.
Was it going to be another regulatory framework laden with agendas? From the companies who want to continue the harvesting of peoples digital stories and lives? Could the government bureaucrats and policy makers actually do this well? Was there too much regulatory capture already for this to be successful? Was it going to come from a compliance and legal position? Would technical standards dominate? Can it be co-designed with citizens? Is co-design an oxymoron when it comes to any government initiative? Are these organisations and institutions trustworthy enough to really do this as it should be done?
I’m critical, as I should be. So should you.
But I know people at and have worked with those at the Data Standards Body. I’ve worked with banks and fintechs. Advocacy bodies and led workstreams in this area. I’ve watched agendas play out in meetings, working groups and workshops. So I have an informed perspective. Reflecting on this as I write, these complex multi-stakeholder initiatives are messy. They’re hard to navigate. And I remind myself of this often. It’s still early days…we can pause, reflect, adapt and course correct. What I’m presenting here is that we should.
We need to work with the world as it is. Yes. But that does not mean we lose sight of how it should be.
Lessons (not) learned
There are agendas. They are the world as it is. They are organisational, commercial and institutional. How they are surfaced transparently, managed responsibly and resolved collectively to maintain focus on the spirit of CDR is what matters.
I was a little frustrated watching the same mistakes get made that could have been learned from Open Banking in the UK. Warranted that CDR is way more ambitious than only banking and financial services. It’s a cross-sector, economy wide, consent based data sharing ecosystem.
So let me briefly cover some of the mistakes we didn’t learn from.
I’ll acknowledge a key difference from Open Banking in the UK as well. A CMA9 funded initiative. The big 9 banks like our Big 4 in Australia. They funded the Open Banking Implementation Entity. It’s easy for something to be bank centric when this is the case. Who pays the piper calls the tune. A rule of thumb that rings true. Whereas here we had the Data Standards Body. We had the interrelating parties of the Australian Competition and Consumer Commission, Office of the Australian Information Commissioner, Treasury and Data 61 (CSIRO). All meant to be working in unison.
The approach in the UK was technical standards driven. Not consumer outcome driven. This meant technocrats muddied the plot. I worked on CX guidelines for CDR and Open Banking in the UK. I’m not formally trained as an engineer. But I understand enough of the technical constraints and details to know it did not have to play out the way it did. Anyone that has dealt with Open Banking in the UK knows the challenge of all the acronyms and complexity of the standards. Authentication and authorisation. PSD2 blended with GDPR consent and more. It was a challenging ask for sure.
Incumbents did have legacy infrastructure to contend with. This meant the CMA9 had to get their shit sorted. The inherent challenges to shift to a world of open banking and API enablement. The architectural change path must have been daunting. There are many solution architects and business analysts with grey hairs and even some PTSD. It was a big technical ask. Never mind the usual politics that are part and parcel inside behemoth organisations. So behind the scenes the delays of the incumbents influenced the agenda and development of the standard and guidelines.
Another lesson is that UK consumers did not get the purpose and what outcomes open banking could enable for them. For good reason, it was not something designed with them. There was no regulatory and technical sandbox to learn with UK consumers. So it missed the mark at first. Very costly from an investment perspective I’d say. Did we learn from this? No, we did not.
Now there is much more I could dive into on learning from the UK or other jurisdictions but that’s more than enough. You get the point.
I also think there were glaringly obvious reference points globally that got missed. A meta-review of what frameworks in personal data sharing ecosystems already existed would’ve provided better direction. Something like MyData could have served as clear inspiration for those responsible at the beginning. This get’s at a crucial problem in policy and regulatory creation. The consultation process. It doesn’t work. We have limited cross-jurisdictional learning that is collaborative and well coordinated. It lacks interdisciplinary foundations. It’s a waste. It’s ineffective. It’s overly bureaucratic and slow. That’s one for another post on OpenGov though.
So those who had the responsibility to create something great missed the mark. Maybe it came from a place of pure ignorance with a dash of wilful ignorance. Or arrogance from the politicians in the policy room.
This stuff was evident as CDR shifted into gear in 2019. Lessons were not learned. Technical standards dominated. No co-design. A smidgen of participatory design in the CX workstreams. But they had small budgets to work with. And solid research programs and co-design programs are resource intensive. But the team did well within their constraints so I congratulate them for that.
It’s not too late to learn from this so let’s look at where we are now.
It’s a little patch of seedlings needing some compassionate and caring community gardeners.
I’m not going to write everything off. The stakeholders involved have still done a good job given the complexity. But I don’t believe we should settle for that.
We have some pretty solid technical standards and guidelines. The CX guidelines I know more intimately as I helped at the beginning. They unfortunately were plugged on at the last minute. Like “oh shit” this is the Consumer Data Right, right? Shouldn’t we have human centred design and a core CX research workstream leading here? Better late than never.
I’ll premise this with the fact the delays we all might have witnessed came during the convergence of many crises. Not least is COVID-19.
We have all the major 4 banks up and running as Data Holders. With many accredited. Then a range of data recipients accredited and many going through the process. There are two banks with dual status (Recipient + Holder) – Commonwealth and my beloved Regional Australia Bank. The little Aussie mutual from Armidale striving to show a way. Movement into the energy sector has already begun. This then moves into telcos and across other industry sectors.
There’s lot’s in store. Comparison and switching services. Personal financial management apps. Superannuation aggregation and consumer values aligned self-managed super funds. Peer to peer and institutional credit facilities and more. All CDR enabled. It’s exciting. But the same issues that were evident in the first place are still underlying the whole “regime”. Seriously? Regime? I cringe every time I read that word used. Language matters.
Unfortunately the ACCC is now moving to the bench, sidelined. It’s over to Treasury. That was a big blow in my view. The ACCC as a watchdog to ensure consumers are protected and anti-competitive behaviour is quashed early is essential for CDR success. They’ll maintain regulator status with the OAIC but the direction is going to be up to the Treasury. And the DSB will likely have political handcuffs. A huge brains trust constrained from contributing to strategic direction because of political whims. Maybe the inevitable change in government next year will mean we’ll see more meaningful progress.
Then we have the design papers as a nice little step-change in consultation process. This is positive. Time will tell if it makes much of a difference.
The joint accounts issues that have been a pain for many a data holder and recipient. Not less for the Australian “consumer”.
Then we have the consent dashboard issue. WTF? This was another of the missed lessons. Having every recipient with a dashboard. What a mess. It was obvious this was unworkable. When I led a CX workstream for consent management and revocation we* tested this. It was a small cohort but it was pretty clear that the current approach was untenable. I know there’s talks in the working groups involved on addressing this. But it was something that should’ve been baked into the ecosystem design from the outset.
(*We meaning >X a research, design and advisory firm I was leading with Nathan Kinch. Contracted by Data 61 for that workstream)
In summary, it’s all going ok. But I want something that is bold. Something that is beautifully ambitious. It is the future of the Australian digital economy we are talking about.
A future to work towards
I’ll write this as a reflective fictional short story of the future. It’s personal and relatable. It’s “science fiction”. For now.
The year is 2033, and the CDR has evolved. I’ve aged well, we did it. We navigated the mess. Data, information, knowledge and insight is at the fingertips of everyone that needs it. Outcome focused lifestyle services are abundant. We are the ones sensing. Individually and collectively. Not the ones being sensed. No faustian bargains needed.
I am going on a holiday to Japan with my family soon. It’s all booked. Seamlessly handled by a simple conversational agent. A personal digital concierge. The Finder family of companies have made this easy. Plane tickets, insurance and accomodation, transport and car hire, all sorted. Mobile network connection for international travel was a breeze. The ISPs have created easy ways to set this up now. My wife used to enjoy the bargain hunting aspect of this in the past. She doesn’t have to spend hours and hours anymore. I think she misses that a little.
Everyone has their itinerary ahead of time. Connected across all our social data wallets. It was booked on budget and to our family preferences beautifully. A short stopover in Singapore tacked on easily for a rendezvous with my daughter. Not much effort at all. Cross jurisdictional data sharing networks made this easy. Data cooperatives are abundant. The most trustworthy organisations became information fiduciaries. The ones that continued on their untrustworthy paths dissolved or faded into irrelevance.
Money knows no borders, nor does the data about it, or anything else related to data flows for that matter. The international OpenGov initiative meant that complex regulations got refactored. Machine readable regulations were harmonised. They all talk to each other now. Updating them is done using a very inclusive netizen engagement platform. Something that emerged out of the European Network of Living Labs. It’s been global since 2031. It was amazing to see the administrative burden of all the complex regulations lifted. Sure, automation meant people lost jobs. But the upskilling and reskilling initiatives saw that coming. Meaningful work was made available. People and whole industries adapted.
Communities thrived and governments became smaller.
They still serve an important purpose. But the systemic distrust and incompetence got nipped in the bud. A network of Independent Commissions Against Corruption with teeth served a treat. The confluence of crises in the 2020’s catalysed some serious change. There was honest reflection. There was bold and courageous leadership that emerged. Brought about through many conferences with people working through the hard truths. Localised and community based governance was realised. Renewable energies materialised. All enabled through private and secure data and communications networks. Combined with well coordinated collaboration and deliberative decision making.
Moving to a Type I civilisation seems within our reach as a species.
Data and information sharing initiatives were a big piece of the puzzle. CDR in Australia became a benchmark. Realising shared purpose became possible. Plans to create a flourishing future emerged. The collective moral imagination of our species was harnessed for good.
When we look in humanity’s mirror it is not black. It’s a rainbow.
Sounds like fantasy? It is.
But all we create as humans starts in our imagination. We just need to learn how to harness our moral imaginations better, together.
Getting there together
This is the tricky part. How might we do this with the spectre of poor governance and misaligned incentives? The hidden and not so hidden agendas? We’ve invested so much already. How might we overcome the pervading sunk cost fallacies?
How can we achieve this together?
We commit to designing the whole ecosystem for the qualities of trustworthiness.
The 7 signals and providing evidence of trustworthiness is the path we must take.
Image courtesy of Mat Mytka and Hilary Sutcliffe. Learn more.
We figure out how to break down the silos. Establish the channels and protocols to coordinate our collaboration across the ecosystem more effectively. We end systemic information asymmetry. Challenge and overcome overt power imbalances and break apart the information monopolies. We find sustainable ways to deliver high quality resources and energy to the people who need it most. Abundance is possible. There IS more than enough to go around. Despite the scarcity rhetoric we’ve been conditioned to believe.
We continue to pursue automating ‘machine appropriate’ tasks. Designing the technologies in a trustworthy way. Freeing people from meaningless digital interactions. Moving away from employment for the economy’s sake and spend more time living and loving life.
We prioritise individual wellness and its relationship to societal well-being. Surely if the Kiwi’s can do it, we can too.
CDR can change the game. It can re-energise a stale information sharing market. It can empower people with the tools and protections to decide how they take part. It can foster meaningful innovation and creativity. It can counter the ‘brain-drain’ from our country and fuel a powerful entrepreneurial ecosystem. It can put Australia on the map as a leader and innovator in modern information society. It can help the most trustworthy organisations get closer to the communities they serve. Learn about their needs, desires and challenges, and design for the outcomes that matter to them. This type of CDR ecosystem can support organisations in designing for data enabled, humanity centric, incentive aligned outcomes. Done with the people, not for them. It can help make doing what is right by people and the planet the best thing for commercial lines of business.
Doing this all requires a paradigm shift.
Away from product and service thinking. Away from zero-sum commercial models. Away from existing incentive structures. Those ones where short-term tradeoff decisions are made at the expense of meaningful human outcomes. It requires private and public partnerships. It requires organisations to actually be trustworthy and show evidence of it. It will be hard. Full of conflict, drama and loads of creative tension. But the mission matters so it’s worth it.
I cannot explore all the nuances of how right now. Nor can the entities that dominate CDR’s current manifestation. But we can do this better, together. We can pause, reflect, adapt and course correct. What I’ve touched on here is that we should.
Let’s co-create a CDR ecosystem that paves the way for human and planetary flourishing.
There is no easy path here but I know we can do better. I’ve been absent from the working groups over the past 2 years. Working on social ventures like Tethix. Watching from the sidelines and looking for signals amidst the noise. But I’m intent to get more involved and help on the future direction when I can.
At some point I’ll write the next part of this and explore how verifiably trustworthy, humanity centric technologies and systems can truly empower people and foster meaningful innovation. I’ll illustrate how by working together, meaningful and ambitious progress can be made. How the qualities of trustworthiness can be core to everything we do for the Consumer Data Right. How we can create a phygital world future generations will be honoured to inherit.
If you wanna chat, collaborate or have questions or criticisms of what you’ve read here, reach out. We can go further together.