Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The bank has been issued with four infringement notices after failing to enable data sharing for business accounts and partnerships.
The Commonwealth Bank of Australia has copped a $792,000 penalty after it was found to be in breach of Australia’s Consumer Data Right (CDR) Rules.
According to the Australian Competition and Consumer Commission (ACCC), the bank allegedly failed to enable data sharing for “certain accounts”, leaving business customers unable to access CDR-enabled products and services or share their data.
“This is the highest total penalty to date for an alleged breach of the CDR Rules,” ACCC deputy chair Catriona Lowe said.
“We will continue to focus our compliance and enforcement efforts to enable the benefits the CDR system delivers for consumers, including more choice and greater access to better deals on products and services.”
The big four banks, including CommBank, have been required to enable consumer data sharing where appropriate, including business customers. The CDR is an important component to allow customers to use data in ways that benefit them, such as sharing with accounting services or managing their finances.
The National Australia Bank was fined $751,200 earlier in 2025 for similar breaches relating to data quality issues.
“Banks have now had a few years to understand and implement their CDR obligations,” Lowe said.
“This penalty against CBA should serve as a reminder to all CDR participants that failing to comply with the Rules may result in the ACCC taking enforcement action.
“In the first half of 2025, the number of CDR participants increased by 55 per cent from the previous six months, and we expect this number to continue to grow as the CDR expands to the non-bank lending sector from mid-2026.”
At the same time, CommBank released a statement outlining its voluntary reporting of the issue to the ACCC.
“The investigation related to a failure to enable a subset of CBA accounts for data sharing. When CBA enabled data sharing for business accounts via the CDR in November 2021, some account types were not enabled. As a result, some customers may have been unable to share certain data with accredited recipients, and their providers,” CommBank said.
“CBA accepts the findings of the ACCC’s investigation into CBA’s compliance with its CDR obligations, and we apologise to our customers affected by this issue.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
