search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Consumer's Data Holder(s) not available in ADR consent flow (potentially list not up-to-date) #616

Closed anzbankau closed 1 month ago

anzbankau commented 9 months ago

Description

In the current consent flow to share data, the ADR displays a list of Data Holders that a consumer can select to share data from. There is no specific obligation for ADRs to display all Data Holders that participate in the CDR regime within this list, hence some ADRs opt to provide consumers with a list that does not include all Data Holders. This can result in consumers not being able to create a consent to share data from their Data Holder, which is confusing for the consumer, and not aligned to the intent of the principles of the CDR; in this scenario the consumer is not given the choice to share their data because their data holder is not available. Given we have received customer complaints, we are seeking feedback on this issue and suggest a change to the CX standards for ADRs to take reasonable steps to keep their data holder list complete and up-to-date.

Area Affected

CX standards

Change Proposed

Require ADRs to take reasonable steps to keep their data holder list complete and up-to-date

WestpacOpenBanking commented 8 months ago

We acknowledge the confusion that consumers may have when encountering this issue and that they may be unclear who is responsible for the list of Data Holders presented to the consumers for selection.

In light of last week’s discussion on this topic, we understand there are various reasons (incl commercial reasons) why ADRs do not offer a complete list of Data Holders to ingest data from. This is a policy issue for consideration by Treasury and we strongly recommend that is not something that should be addressed through standards. We suggest removing the question from Maintenance Iteration #17, referring it to Treasury, and closing the issue.

Currently there are a wide range of DPs still to address and focus on the remaining issues in the maintenance iteration would be a more effective use of time.

Thanks

TT-Frollo commented 6 months ago

Agree with Westpac this is a policy decision. Further for input into any suggested policy change, an ADR may have both commercial and operational or implementation issues with specific Data Holder implementations that they then choose to not make them available. Commercial services to consumers should be the choice of the ADR. There are also situations where DH implementations have errors where ADR's choose not make these DH available during those periods. Large number of consent authorisation failures can also be an example.

markskript commented 6 months ago

We understand the concerns of ANZ but also agree with Westpac that this is a policy issue. There are various aspects that need to be reviewed here, both commercial and operational.

nils-work commented 2 months ago

Hi @anzbankau Feedback to date suggests that a change to the Standards may not be a preferred solution to the stated issue. Do you consider it should remain open for further consultation or could be closed pending any further comments by 31 May 2024?