Design Paper: Consumer Data Right Consent Review

[CDR-CX-Stream]

Overview

Treasury and the Data Standards Body are exploring opportunities to simplify the CDR Rules and standards to support better consumer experiences while maintaining key consumer protections.

The design paper seeks stakeholder feedback on a number of change proposals relating to rules and standards for CDR consents. Topics for feedback include:

• bundling of consents
• selection of key consent terms
• withdrawal of consent information
• notifications
• consents for de‑identification
• dark patterns.

It also seeks feedback on topics for future consideration.

Consultation documents can be found on Treasury's consultation page here, and versions of the design paper can be accessed below: Consent Review Design Paper - PDF Consent Review Design Paper - DOCX

Stakeholder forums

A stakeholder forum will be conducted on 6 September from 11am-12pm to assist stakeholder understandings of the proposed changes and to provide the opportunity for discussion and feedback.

If you would like to participate in this stakeholder forum, please register your interest at CDRRules@treasury.gov.au.

Feedback

You can submit responses to this consultation up until 06 October 2023. Feedback may be provided by email and on this Data Standards GitHub respository. Stakeholders are encouraged to use GitHub for ongoing discussions regarding the Consent Review, which may help inform the development of feedback.

Feedback posted on GitHub is public by nature at the time of submission. Content posted on GitHub should be made according to the community engagement rules published by the DSB.

Further details regarding submissions can be found on Treasury's main consultation page for the Consent Review, here.

[CDR-CX-Stream]

The original post has been updated with details of the Consent Review Design Paper consultation.

This consultation is being jointly conducted by the Treasury the Data Standards Body to explore opportunities to simplify the CDR Rules and standards to support better consumer experiences while maintaining key consumer protections.

Feedback for this consultation can be provided up until 06 October 2023.

[CDR-CX-Stream]

Treasury and the Data Standards Body invite you to participate in the CDR Consent Review design paper stakeholder forum which will be held virtually on Wednesday 6 September 2023, between 11am – 12pm (dial-in details below).

---

Microsoft Teams meeting Join on your computer, mobile app or room device Click here to join the meeting

Meeting ID: 473 458 252 719 Passcode: vmHFPH Download Teams | Join on the web Join with a video conferencing device teams@vc.treasury.gov.au Video Conference ID: 135 942 461 8 Alternate VTC instructions Image

Learn More | Meeting options

---

This forum is an opportunity for discussion and feedback on the proposals in the design paper that relate to the CDR Rules. Please note this forum will not cover the proposals in the design paper relating to the operational enhancements design paper. These measures will be addressed in a separate online forums (further details provided below). Public consultation on the design paper is open until Friday 6 October 2023.

The design paper seeks stakeholder feedback on a number of change proposals relating to rules and standards for CDR consents, including:

• bundling of consents
• selection of key consent terms
• withdrawal of consent information
• notifications
• consents for de identification
• dark patterns.

It also seeks feedback on topics for future consideration.

Treasury is also open to any bilateral meetings as part of this consultation. If you would like to arrange a meeting, please email CDRRules@treasury.gov.au.

Please note Treasury is also offering the following online forums in September:

Forum topic	Date and time
Non-bank lending	13 September, 10am – 12pm
Operational enhancements – CDR representative and outsourced service provider measures	14 September, 10am – 11am
Operational enhancements – other measures (secondary users, nominated representatives and avoidance of harm)	14 September, 2 pm – 3 pm
Operational enhancements – Energy measures	15 September, 10am – 11am

[SumitGSB]

---

Microsoft Teams meeting Join on your computer, mobile app or room device Click here to join the meetinghttps://teams.microsoft.com/l/meetup-join/19%3ameeting_M2ZmNzM5YWUtMWVlNi00YzVkLTkyYWEtNDIzMWI1NGQ2NTI1%40thread.v2/0?context=%7b%22Tid%22%3a%22e3202e4f-132d-4d52-9c9d-2fbd69af06db%22%2c%22Oid%22%3a%223b47c981-e7d5-46a9-8038-083f6762b831%22%7d Meeting ID: 452 630 007 579 Passcode: pv3u3h Download Teamshttps://www.microsoft.com/en-us/microsoft-teams/download-app | Join on the webhttps://www.microsoft.com/microsoft-teams/join-a-meeting Join with a video conferencing device @. Video Conference ID: 133 981 027 5 Alternate VTC instructionshttps://dialin.plcm.vc/teams/?key=958206530&conf=1339810275 Or call in (audio only) +61 2 7208 4918,,241143369#<tel:+61272084918,,241143369#> Australia, Sydney Phone Conference ID: 241 143 369# Find a local numberhttps://dialin.teams.microsoft.com/7e6f76c9-1d34-4417-ad5a-19d71d4122ac?id=241143369 | Reset PINhttps://dialin.teams.microsoft.com/usp/pstnconferencing Learn Morehttps://aka.ms/JoinTeamsMeeting | Meeting @.&messageId=0&language=en-US>

---

---

From: CDR-CX-Stream @.> Sent: Wednesday, August 30, 2023 5:49 PM To: ConsumerDataStandardsAustralia/standards @.> Cc: Subscribed @.***> Subject: Re: [ConsumerDataStandardsAustralia/standards] Design Paper: Consumer Data Right Consent Review (Issue #321)

CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Treasury and the Data Standards Body invite you to participate in the CDR Consent Review design paper stakeholder forum which will be held virtually on Wednesday 6 September 2023, between 11am - 12pm (dial-in details below).

---

Microsoft Teams meeting Join on your computer, mobile app or room device Click here to join the meetinghttps://teams.microsoft.com/l/meetup-join/19%3ameeting_Zjc3NWViMzMtNTQ3NC00N2NiLWFlZWEtZGJkNjk5NGUyZTZk%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%22cf37ac3c-bcc6-4635-9f07-50bf4989d5c5%22%7d

Meeting ID: 473 458 252 719 Passcode: vmHFPH Download Teamshttps://www.microsoft.com/en-us/microsoft-teams/download-app | Join on the webhttps://www.microsoft.com/microsoft-teams/join-a-meeting Join with a video conferencing device @.**@.> Video Conference ID: 135 942 461 8 Alternate VTC instructionshttps://vc.treasury.gov.au/teams/?conf=1359424618&ivr=teams&d=vc.treasury.gov.au&ip=20.37.11.144&test=test_call&prefix=555&w Image

Learn Morehttps://aka.ms/JoinTeamsMeeting | Meeting @.***&messageId=0&language=en-US>

---

This forum is an opportunity for discussion and feedback on the proposals in the design paperhttps://treasury.gov.au/consultation/c2023-434434-consent that relate to the CDR Rules. Please note this forum will not cover the proposals in the design paper relating to the operational enhancements design paper. These measures will be addressed in a separate online forums (further details provided below). Public consultation on the design paper is open until Friday 6 October 2023.

The design paper seeks stakeholder feedback on a number of change proposals relating to rules and standards for CDR consents, including:

• bundling of consents
• selection of key consent terms
• withdrawal of consent information
• notifications
• consents for de identification
• dark patterns.

It also seeks feedback on topics for future consideration.

Treasury is also open to any bilateral meetings as part of this consultation. If you would like to arrange a meeting, please email @.**@.>.

Please note Treasury is also offering the following online forums in September: Forum topic Date and time Non-bank lendinghttps://treasury.gov.au/consultation/c2023-434434-expansion 13 September, 10am - 12pm Operational enhancements - CDR representative and outsourced service provider measureshttps://treasury.gov.au/consultation/c2023-434434-consent 14 September, 10am - 11am Operational enhancements - other measureshttps://treasury.gov.au/consultation/c2023-434434-consent (secondary users, nominated representatives and avoidance of harm) 14 September, 2 pm - 3 pm Operational enhancements - Energy measureshttps://treasury.gov.au/consultation/c2023-434434-consent 15 September, 10am - 11am

- Reply to this email directly, view it on GitHubhttps://github.com/ConsumerDataStandardsAustralia/standards/issues/321#issuecomment-1698667002, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A32LQWUWKI443BFGJVWWPULXX3V7FANCNFSM6AAAAAA2X7ABEU. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

---

Please consider our environment before printing this email.

Disclaimer: This message contains confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not view, disseminate, copy or take any action in reliance on it. If you have received this message in error please notify us immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Great Southern Bank a business name of Credit Union Australia Limited ABN 44 087 650 959 AFSL and Australian Credit Licence: 238317.

---

[CDR-CX-Stream]

Thank you to those who participated in the CDR Consent Review design paper forum. The forum was a valuable opportunity for Treasury and the Data Standards Body to hear your feedback and questions about the design paper.

The slides from the presentation can be found below: Consent review design paper forum.pptx

The slides include a hypothetical future state consent flow that incorporates:

• the ADR-side consent review change proposals;
• authentication uplift (demonstrating an app2app flow; see the upcoming DP327 and NP326 papers); and
• DH-side account specification improvements based on FAPI 2.0, Rich Authorisation Request functionality, which is hinted at in the Future work on consent section of the consent review design paper

As noted in the presentation, stakeholders are encouraged to consider the consent review proposals and hypothetical future state in light of the consultations on screen scraping, any consultations on action initiation and, in relation to the dark patterns proposal in particular, the Treasury's consultation on Unfair Trading Practices.

[CDR-API-Stream]

Please find the Data Standards Body video on the Design Paper.

[OAIC-CDR]

Please find the OAIC's submission to the Consent Review - CDR rules and data standards design paper. OAIC submission - CDR Consent Review - design paper.pdf

[JRossTicToc]

Tic:Toc welcomes the Treasury's and the DSB’s consent review proposals and the CX research that has been undertaken by the DSB to support their development. We are supportive of any proposals that would reduce the current level of friction in the CDR consent flow, noting that this has and continues to be a key factor preventing transition to the CDR for existing use cases. This is because any negative impact on consumer conversion can have a substantial effect on the commercial viability of transitioning to CDR. We understand and support consumer expectations around transparency and control, as noted in the CX research, but would also note that this must be balanced against consumer expectations for efficient digital processes. In our experience consumers who choose to use a digital application process to apply for a home loan (as opposed to other channels) do so with an expectation that the entire process will be seamless and fast, and this is usually their paramount consideration.

On some particular issues raised in the design paper we make the following comments:

• Bundled consents - we support amendments to enable the bundling of consents required for the provision of a product or service and consider that this should include disclosure consents. The ability to bundle disclosure consents should not be constrained by assumptions or pre-conceived notions about the purposes for which data may need to be disclosed. The paper seems to take a mind-to position on this issue which suggests that a greater understanding of the provision of digital products and services is required. While there may be some cases where disclosure is a primary purpose for collection (such as to an adviser), important uses cases such as collection of data to support home loan applications could be unduly impacted by a limited approach as suggested in the paper. For example, provision of white-labelled loans usually involves a number of parties including a consumer facing-brand, various service providers (including data aggregation and credit services intermediaries, mortgage documentation and settlement providers), the funder and insurers. Given the application of CDR to all data derived from CDR data, disclosures of CDR data (even a loan amount) in this supply chain need to be specifically authorised under the CDR and should be able to be covered by a bundled consent. It should also be noted that the OSP rules do not always apply here because the disclosures would be occurring in many cases to an entity for whom the ADR acts a service provider outside of the CDR.
• Pre-selected datasets – we agree with the proposals to allow for pre-selection of required datasets noting that use cases where responsible lending obligations apply mean that failure by a consumer to actively select a dataset and to authorise collection of data from all relevant accounts, would prevent a compliant credit assessment from being completed. In such circumstances it is a false choice to require consumers to actively select all required datasets.

[biza-io]

Please find attached our submission regarding the CDR Consent Review: 2023-10-06_CDR_ConsentReview-_ResponseLetter(FINAL).pdf

[CDR-CX-Stream]

This consultation is now closed. The Treasury and DSB are reviewing submissions. Thanks to everyone for engaging and providing comprehensive feedback on this Design Paper.