Ask most Australians what rights they have when dealing with their bank, and the silence can be telling. The financial system is complex, the documentation dense, and the incentive to keep customers uninformed is — let's be honest — considerable. But Australian consumer and privacy law has built a surprisingly sturdy set of protections around the everyday banking relationship. Knowing them costs nothing. Using them could save quite a lot.
Your Data Belongs to You: The Consumer Data Right
Since 2020, Australia's Consumer Data Right (CDR) has given bank customers the legal right to access their own financial data and, crucially, to share it with accredited third parties of their choice. This is the legal backbone of Open Banking — and most Australians have never heard of it.
Under the CDR, your bank must provide you, on request, with a structured, machine-readable record of your transaction history, account details, and associated product information. This data can then be shared with ACCC-accredited comparison platforms, fintech services, or financial advisers — allowing you to find better rates, switch products, or build a clearer picture of your financial life without doing all the legwork manually.
How to use it
Visit your bank's app or internet banking portal and look for the "Data Sharing" or "Open Banking" section. The four major Australian banks are all required to support CDR data sharing. If you can't find it, contact your bank directly — they are legally required to provide access upon request.
The Privacy Act 1988: What Banks Must Tell You
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) that sit beneath it, any organisation holding personal information about you — including your bank — is required to:
- Tell you what information they collect and why
- Explain who they may share it with (including overseas recipients)
- Provide you with access to the personal information they hold about you, on request
- Correct inaccurate, out-of-date, or incomplete information if you request it
- Notify you if your information is involved in a data breach that is likely to cause serious harm
Requesting access to your personal information is your right, and banks cannot charge you an unreasonable fee for providing it. Most major institutions have an online privacy request form — though finding it often requires more persistence than it should. If you're struggling to locate it, a written request addressed to the bank's Privacy Officer is legally sufficient.
The Banking Code of Practice: Your Practical Protections
The Banking Code of Practice — adopted voluntarily by Australian Banking Association members, but with real teeth thanks to ASIC oversight — sets out a series of commitments banks make to their customers. The 2019 version, which came into effect following the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, significantly strengthened consumer protections. Key provisions include:
Fee Transparency
Banks are required to tell you about fees that apply to your accounts in clear language, and to notify you in advance when fees change. If you've been charged a fee you weren't told about, you have a legitimate basis to request a refund — and in many cases, banks will provide it without significant pushback.
Interest Rate Notification
Your bank must notify you when the interest rate on your savings account falls, and — this one surprises many people — must contact you if your home loan rate changes and you are on a variable rate. "Notify" has a specific meaning here: it must be before the change takes effect, not buried in a quarterly statement months later.
Default and Financial Hardship
If you are experiencing genuine financial hardship, the Banking Code requires your bank to work constructively with you before taking enforcement action. This includes the right to request a hardship arrangement — a formal process that can involve temporarily reducing repayments, extending loan terms, or suspending fees. Banks must consider all hardship applications in good faith.
"Most people who would benefit from a hardship arrangement never apply for one, because they don't know they're entitled to ask. The Code means you can ask — and the bank must take you seriously."
What Banks Keep Private — and What You Can Challenge
There are things banks legitimately keep confidential: risk models, fraud detection logic, and internal credit assessment frameworks. These are protected as proprietary information. However, there are several things that are sometimes presented as confidential but are in fact accessible:
- Your credit score and credit report: You are entitled to a free copy of your credit report from each of Australia's three major credit reporting bodies (Equifax, Experian, and illion) once per year — and at any time if you have been refused credit.
- The specific reasons for a declined application: While banks are not required to share their full internal credit policy, they must tell you the primary reason your application was declined under the National Consumer Credit Protection Act.
- Fee calculations: If you're charged a "break cost" or "early repayment adjustment" on a fixed-rate loan, you can request a detailed breakdown of how the figure was calculated. You don't have to accept the number at face value.
The AFCA: Your Free Dispute Resolution Option
If your bank has done something you believe is wrong — charged a fee incorrectly, failed to process a request, mishandled your data — and the bank's own complaints process hasn't resolved it, the Australian Financial Complaints Authority (AFCA) provides free external dispute resolution for consumers.
AFCA can award binding determinations of up to $1 million for certain complaint types, with no cost to the customer. In the 2024-25 financial year, AFCA resolved more than 100,000 complaints against financial services providers — and the majority of outcomes that went the distance favoured the consumer.
- Visit your bank's website and search for "Open Banking" or "CDR" to see your data-sharing options.
- Request your free annual credit report from equifax.com.au, experian.com.au, or illion.com.au.
- If you have a dispute your bank hasn't resolved: afca.org.au.
- For privacy complaints: the Office of the Australian Information Commissioner (oaic.gov.au).
A Note on What This Isn't
This article is a general overview of publicly available legal rights and does not constitute financial or legal advice. Individual circumstances vary, and if you're dealing with a significant financial matter, speaking to a licensed financial adviser or solicitor is always worthwhile. Many community legal centres across Australia offer free initial consultations on financial matters for people experiencing hardship.
The rights outlined here are real, tested, and accessible. The gap between having them and using them is usually nothing more than knowing they exist.