Date posted: 31/10/2023

Submission on screen scraping, should it be regulated?

We do not consider a case for regulation has been made and that market forces, not regulation, should drive uptake of the consumer data right (CDR)

In brief

  • Cyber security is critically important, regulating screen scraping is not the answer
  • Consumer education is key to minimizing when, and who with, they share personal information
  • Participation in the CDR is voluntary and should be driven by market forces, not regulation

The Consumer Data Right Policy branch in the Treasury released for consultation a discussion paper on screen scraping. The paper seeks feedback on the proposition that screen scraping should be regulated to minimise harm to consumers and banned where the CDR is a viable alternative.

Cyber security

The paper raises the concern that service providers that utilise screen scraping to capture and store consumers' login details place consumers at risk if their cyber security protections are breached. The presumption is that the cyber security protections of such providers are lower than those of other financial institutions such as banks. The paper also acknowledges that there have been no such breaches reported.

Harm associated with cyber security breaches is not related to a particular type of technology, such as screen scraping. Data and cyber security protection are best addressed through technology-neutral regulation on data and cyber security to capture all parties using any digital or manual process to collect, store or use personal data. 

Consumer protection

The paper refers to the year-on-year increase in scams and frauds, and resulting harm, as a reason to consider regulating screen scraping. Yet the National Anti-scam Centre statistics show the most common approach of scammers to gain personal information is via a text message.  

This again indicates that the risk of harm is not associated with a particular technology but rather the lack of awareness by consumers to check who is asking for their personal details and for what purpose. 

Regulating a single technology rather than educating consumers will see the resulting framework failing to improve with the key focus of the discussion paper, consumer protection. 

Consumer data right (CDR)

Ultimately, consumers are more likely to choose a service or product that is reliable and easy to use. Currently, services and products built on screen scraping harness the speed, scale, accuracy and customisation of data this technology allows.

As the CDR matures and covers the breadth of data available through other technologies, providers of financial products are likely to choose to access the necessary data via the CDR.  

Market forces, rather than the government, will drive a transition of product providers to seek access to consumer data through the CDR.  


With the rate of technological change today, regulating a single technology, in this case, screen scraping, will not mitigate the risks raised in the discussion paper. Equally, a well-functioning CDR that meets or exceeds data accessibility through screen scraping will drive a natural transition away from screen scraping in those areas covered by the CDR without the need for regulation. 

How to make Australia a world-leader in cyber security by 2030

We recommended providing education, tools and support, through a single portal and in plain language

Read more

CA Cyber Security Playbook

Cyber security hub and playbook includes practical tools and strategies to prevent, prepare and recover from cyber- attacks.

Read more