Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design Paper: Consumer Data Right Consent Review #321

Open
CDR-CX-Stream opened this issue Jul 26, 2023 · 9 comments
Open

Design Paper: Consumer Data Right Consent Review #321

CDR-CX-Stream opened this issue Jul 26, 2023 · 9 comments
Assignees
@CDR-CX-Stream
Labels
Category: CX A proposal for a decision to be made for the User Experience Standards Category: Design Paper A paper combining policy, rules, standards and implementation concerns for a single topic Industry: All This proposal impacts the CDR as a whole (all sectors) Status: Feedback Period Closed The feedback period is complete and a final decision is being formulated

Comments

@CDR-CX-Stream
Copy link
Member

CDR-CX-Stream commented Jul 26, 2023
edited

Overview

Treasury and the Data Standards Body are exploring opportunities to simplify the CDR Rules and standards to support better consumer experiences while maintaining key consumer protections.

The design paper seeks stakeholder feedback on a number of change proposals relating to rules and standards for CDR consents. Topics for feedback include:

  • bundling of consents
  • selection of key consent terms
  • withdrawal of consent information
  • notifications
  • consents for de‑identification
  • dark patterns.

It also seeks feedback on topics for future consideration.

Consultation documents can be found on Treasury's consultation page here, and versions of the design paper can be accessed below:
Consent Review Design Paper - PDF
Consent Review Design Paper - DOCX

Stakeholder forums

A stakeholder forum will be conducted on 6 September from 11am-12pm to assist stakeholder understandings of the proposed changes and to provide the opportunity for discussion and feedback.

If you would like to participate in this stakeholder forum, please register your interest at CDRRules@treasury.gov.au.

Feedback

You can submit responses to this consultation up until 06 October 2023. Feedback may be provided by email and on this Data Standards GitHub respository. Stakeholders are encouraged to use GitHub for ongoing discussions regarding the Consent Review, which may help inform the development of feedback.

Feedback posted on GitHub is public by nature at the time of submission. Content posted on GitHub should be made according to the community engagement rules published by the DSB.

Further details regarding submissions can be found on Treasury's main consultation page for the Consent Review, here.
@CDR-CX-Stream CDR-CX-Stream added Status: Proposal Pending A proposal for the decision is still pending Category: CX A proposal for a decision to be made for the User Experience Standards Industry: All This proposal impacts the CDR as a whole (all sectors) labels Jul 26, 2023
@CDR-CX-Stream CDR-CX-Stream self-assigned this Jul 26, 2023
@CDR-CX-Stream CDR-CX-Stream changed the title [Placeholder] Design Paper: Consumer Data Right Consent Review Aug 25, 2023
@CDR-CX-Stream
Copy link
Member Author

The original post has been updated with details of the Consent Review Design Paper consultation.

This consultation is being jointly conducted by the Treasury the Data Standards Body to explore opportunities to simplify the CDR Rules and standards to support better consumer experiences while maintaining key consumer protections.

Feedback for this consultation can be provided up until 06 October 2023.

@CDR-CX-Stream CDR-CX-Stream added Status: Open For Feedback Feedback has been requested for the decision Category: Design Paper A paper combining policy, rules, standards and implementation concerns for a single topic and removed Status: Proposal Pending A proposal for the decision is still pending labels Aug 25, 2023
@CDR-CX-Stream CDR-CX-Stream mentioned this issue Aug 30, 2023
Closed
@CDR-CX-Stream
Copy link
Member Author

Treasury and the Data Standards Body invite you to participate in the CDR Consent Review design paper stakeholder forum which will be held virtually on Wednesday 6 September 2023, between 11am – 12pm (dial-in details below).

Microsoft Teams meeting
Join on your computer, mobile app or room device
Click here to join the meeting

Meeting ID: 473 458 252 719
Passcode: vmHFPH
Download Teams | Join on the web
Join with a video conferencing device
teams@vc.treasury.gov.au
Video Conference ID: 135 942 461 8
Alternate VTC instructions
Image

Learn More | Meeting options

This forum is an opportunity for discussion and feedback on the proposals in the design paper that relate to the CDR Rules. Please note this forum will not cover the proposals in the design paper relating to the operational enhancements design paper. These measures will be addressed in a separate online forums (further details provided below). Public consultation on the design paper is open until Friday 6 October 2023.

The design paper seeks stakeholder feedback on a number of change proposals relating to rules and standards for CDR consents, including:

  • bundling of consents
  • selection of key consent terms
  • withdrawal of consent information
  • notifications
  • consents for de identification
  • dark patterns.

It also seeks feedback on topics for future consideration.

Treasury is also open to any bilateral meetings as part of this consultation. If you would like to arrange a meeting, please email CDRRules@treasury.gov.au.

Please note Treasury is also offering the following online forums in September:

Forum topic Date and time
Non-bank lending 13 September, 10am – 12pm
Operational enhancements – CDR representative and outsourced service provider measures 14 September, 10am – 11am
Operational enhancements – other measures (secondary users, nominated representatives and avoidance of harm) 14 September, 2 pm – 3 pm
Operational enhancements – Energy measures 15 September, 10am – 11am

@SumitGSB
Copy link

SumitGSB commented Aug 30, 2023 via email

@CDR-CX-Stream
Copy link
Member Author

Thank you to those who participated in the CDR Consent Review design paper forum. The forum was a valuable opportunity for Treasury and the Data Standards Body to hear your feedback and questions about the design paper.

The slides from the presentation can be found below:
Consent review design paper forum.pptx

The slides include a hypothetical future state consent flow that incorporates:

  • the ADR-side consent review change proposals;
  • authentication uplift (demonstrating an app2app flow; see the upcoming DP327 and NP326 papers); and
  • DH-side account specification improvements based on FAPI 2.0, Rich Authorisation Request functionality, which is hinted at in the Future work on consent section of the consent review design paper

As noted in the presentation, stakeholders are encouraged to consider the consent review proposals and hypothetical future state in light of the consultations on screen scraping, any consultations on action initiation and, in relation to the dark patterns proposal in particular, the Treasury's consultation on Unfair Trading Practices.

@CDR-API-Stream
Copy link
Contributor

Please find the Data Standards Body video on the Design Paper.

@OAIC-CDR
Copy link

OAIC-CDR commented Oct 5, 2023

Please find the OAIC's submission to the Consent Review - CDR rules and data standards design paper.
OAIC submission - CDR Consent Review - design paper.pdf

@JRossTicToc
Copy link

Tic:Toc welcomes the Treasury's and the DSB’s consent review proposals and the CX research that has been undertaken by the DSB to support their development. We are supportive of any proposals that would reduce the current level of friction in the CDR consent flow, noting that this has and continues to be a key factor preventing transition to the CDR for existing use cases. This is because any negative impact on consumer conversion can have a substantial effect on the commercial viability of transitioning to CDR. We understand and support consumer expectations around transparency and control, as noted in the CX research, but would also note that this must be balanced against consumer expectations for efficient digital processes. In our experience consumers who choose to use a digital application process to apply for a home loan (as opposed to other channels) do so with an expectation that the entire process will be seamless and fast, and this is usually their paramount consideration.

On some particular issues raised in the design paper we make the following comments:

• Bundled consents - we support amendments to enable the bundling of consents required for the provision of a product or service and consider that this should include disclosure consents. The ability to bundle disclosure consents should not be constrained by assumptions or pre-conceived notions about the purposes for which data may need to be disclosed. The paper seems to take a mind-to position on this issue which suggests that a greater understanding of the provision of digital products and services is required. While there may be some cases where disclosure is a primary purpose for collection (such as to an adviser), important uses cases such as collection of data to support home loan applications could be unduly impacted by a limited approach as suggested in the paper. For example, provision of white-labelled loans usually involves a number of parties including a consumer facing-brand, various service providers (including data aggregation and credit services intermediaries, mortgage documentation and settlement providers), the funder and insurers. Given the application of CDR to all data derived from CDR data, disclosures of CDR data (even a loan amount) in this supply chain need to be specifically authorised under the CDR and should be able to be covered by a bundled consent. It should also be noted that the OSP rules do not always apply here because the disclosures would be occurring in many cases to an entity for whom the ADR acts a service provider outside of the CDR.
• Pre-selected datasets – we agree with the proposals to allow for pre-selection of required datasets noting that use cases where responsible lending obligations apply mean that failure by a consumer to actively select a dataset and to authorise collection of data from all relevant accounts, would prevent a compliant credit assessment from being completed. In such circumstances it is a false choice to require consumers to actively select all required datasets.

@biza-io
Copy link

biza-io commented Oct 6, 2023

Please find attached our submission regarding the CDR Consent Review:
2023-10-06_CDR_Consent_Review_-Response_Letter(FINAL).pdf

@CDR-CX-Stream
Copy link
Member Author

This consultation is now closed. The Treasury and DSB are reviewing submissions. Thanks to everyone for engaging and providing comprehensive feedback on this Design Paper.

@CDR-CX-Stream CDR-CX-Stream added Status: Feedback Period Closed The feedback period is complete and a final decision is being formulated and removed Status: Open For Feedback Feedback has been requested for the decision labels Oct 8, 2023
JamesMBligh added a commit that referenced this issue Oct 10, 2023
@JamesMBligh
Merge pull request #321 from ConsumerDataStandardsAustralia/defect/307
4b5153d 
Incorrect non-normative example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CDR-CX-Stream CDR-CX-Stream

Labels
Category: CX A proposal for a decision to be made for the User Experience Standards Category: Design Paper A paper combining policy, rules, standards and implementation concerns for a single topic Industry: All This proposal impacts the CDR as a whole (all sectors) Status: Feedback Period Closed The feedback period is complete and a final decision is being formulated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@CDR-CX-Stream @CDR-API-Stream @biza-io @SumitGSB @JRossTicToc @OAIC-CDR