iscover 
The Australian Competition and Consumer Commission (ACCC) has fined the Commonwealth Bank of Australia (CBA) $792,000 for failing to comply with Consumer Data Right (CDR) data-sharing rules for a number of business and partnership accounts.
The largest bank in Australia paid the penalties based on four infringement notices issued by the ACCC, regarding the failure to enable data sharing for certain business consumers and partnership accounts.
Consumers were unable to share their data in order to access CDR-related products such as those used for business accounting, according to the ACCC.
This meant affected customers were forced to use manual workarounds or resort to less secure data-sharing methods.
CBA did try to remedy the situation and provide redress to consumers, and the bank reportedly co-operated throughout the investigation and committed to an administrative resolution with the ACCC. This included enabling consumer data sharing for remaining accounts by 19 December 2025 and providing remediation to customers.
Affected business customers who meet the eligibility criteria will receive a goodwill payment as part of the remediation.
Business customers who can substantiate additional financial and non-financial loss will also receive further payments.
Commenting on the fine, ACCC deputy chair Catriona Lowe said: “This is the highest total penalty to date for an alleged breach of the CDR Rules.
“We will continue to focus our compliance and enforcement efforts to enable the benefits the CDR system delivers for consumers, including more choice and greater access to better deals on products and services.”
The fine comes after the National Australia Bank (NAB) set the previous record fine of $751,200 in penalties for alleged contraventions of CDR rules.
Other recent fines include a penalty of $33,000 against HSBC in 2024 and a $133,200 penalty against ING Australia in 2022.
“Banks have now had a few years to understand and implement their CDR obligations,” Lowe said.
“This penalty against CBA should serve as a reminder to all CDR participants that failing to comply with the Rules may result in the ACCC taking enforcement action.”
CDR is an economy-wide data sharing right, designed to enable consumers to use the data financial businesses hold about them for their own benefit.
The four major banks – including CBA – have been required to enable consumer data sharing of in-scope products for non-individual CDR consumers since November 2021.
There has been slow, but growing use of the CDR in the past few years. The first half of 2025 saw a 55 per cent rise in CDR participants compared to the preceding six-month period, and the ACCC said it expects this number to continue to grow as the CDR expands to the non-bank lending sector from mid-2026.
[Related: NAB hit with record penalty for breaching CDR rules]