-
Notifications
You must be signed in to change notification settings - Fork 56
ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (20th of May 2021)
When: Weekly every Thursday at 3pm-4.30pm AEST
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:
Desktop or Mobile Devices
https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: 785383900@csiro.webex.com
Phones - AUDIO ONLY
- Primary Australia: +61 2 6246 4433
- Quick Dial: +61262464433,785383900%23%23
- Other Global Numbers: https://conferencing.csiro.au/Call-in.php
- Meeting Number/Access Code: 785 383 900
- Introductions
- Actions
- CDR Stream updates
- Presentation
- Q&A
- Any other business
- 5 min will be allowed for participants to join the call.
The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may contact@consumerdatastandards.gov.au should they have any further questions or wish to have any material redacted from the record.
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
| Type | Topic | Update |
|---|---|---|
| Standards | Version 1.9.0 Published | Link to change log here |
| Standards | Version 1.10.0 Drafted | Link to Version Project Board here |
| Maintenance | 7th Maintenance Iteration underway | Agenda of the backlog session |
| Maintenance | Decision Proposal 178 - Banking Maintenance Iteration 7 | Link to consultation |
| DSB Newsletter | To subscribe to DSB Newsletter | Link here |
| TSY Newsletter | To subscribe to TSY Newsletter | Link here |
| TSY Newsletter | 17th of May 2021 Edition | View in browser here |
| DSB Newsletter | 14th of May 2021 Edition | View in browser here |
| Consultations | Decision Proposal 160 - CX Standards This is a placeholder issue for consultation on CX Standards for non-individual consumers, business partnerships, and secondary users. This proposal is not yet ready for publication. This placeholder issue has been opened to gather initial community commentary on the scope and content of the proposal. While the intention is for this consultation to focus on the relevant items raised in Noting Paper 157*, the DSB encourages feedback on any additional CX Standards and CX Guidelines that the community views as required for the purposes of non-individual consumers, business partnerships, and secondary users. *Items 12-14. Item 16 on secondary user withdrawal standards will be dealt with separately. - Non-individual Consumers - Business Partnerships - Secondary users |
Link to consultation |
| Consultation | Decision Proposal 162 - CX Standards, Joint Accounts, Authorisation Flow | Link to consultation |
| Consultation | Decision Proposal 166 - CX metrics for Data Holders | Link to consultation |
| Consultation | Decision Proposal 180 - Energy Draft Feedback Cycle 3 | Link to consultation |
| Design Paper | Design Paper: an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors | Link to consultation |
| Design Paper | Design Paper: a peer-to-peer data access model in the energy sector | Link to consultation |
| Consultation | Decision Proposal 182 - InfoSec Uplift for Write | Link to consultation](https://github.com/ConsumerDataStandardsAustralia/standards/issues/182) |
| Consultation | Decision Proposal 183 - Purpose Based Consents | Link to consultation](https://github.com/ConsumerDataStandardsAustralia/standards/issues/183) |
Provides a weekly update on the activities of each of the CDR streams and their workplaces
| Organisation | Stream | Member |
|---|---|---|
| ACCC | CDR Register (Technical) | Ivan Hosgood |
| ACCC | Onboarding | Chantelle Demian |
| DSB | CX Standards | Michael Palmyre |
| DSB | Technical Standards - Banking | Mark Verstege |
| DSB | Technical Standards - Energy & Engineering | James Bligh |
None this week.
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can pre-submit questions to the DSB mailing box.
We are trialling Sli.do for Question and Answer. Join our Q&A live here: https://www.sli.do/ Code: #169517
| Ticket # | Question | Answer |
|---|---|---|
| 609 | I would like to get some clarifications on some joint account topics that were not covered in the implementation call on the 25th of Feb and the JA workshop today. Would be great if you could pass them to the team currently looking at joint accounts to get clarification/cover in the upcoming guidance updates: | We can answer a number of these queries from a DSB perspective, but for the remaining queries we refer to the following statement from the CDR Rules division:To our valued CDR participants, We have undertaken a review of the CDR Support Portal as a channel for providing guidance on CDR Rules. Based on the volume and nature of questions we have received recently, we have decided to move to a model based on publishing guidance to the community, rather than providing individual responses to stakeholder questions. Our goal is to prioritise the provision of guidance that is accessible, transparent and has industry-wide application. We intend to develop this to meet clear community needs, which we will identify and prioritise based on questions and issues raised by stakeholders. We kindly ask for your patience as we work our way through the tickets, feedback and guidance |
| 609 | 1a) Should JAs where one AH in not eligible be treated as not eligible at all, eg: not shown in the authorisation flow, not share data from these accounts? | JA eligibility is deemed collectively, meaning if any AH is not considered an eligible consumer then no AH can share data from that JA. It is still possible to show the JA in the authorisation flow, but it cannot be selected and as such would fall in the 'unavailable account' category as articulated in the CX Standards. |
| 609 | 1b) What if the requester wants to share customer data, should customer data be shared even if the 2nd account holder is not eligible, give customer data is excluded from the joint account requirements? | If the data being requested is not specific to an account (e.g. Saved Payees, Name and Occupation) then no accounts need to be selected/shared in order to share that data. It is possible to establish an authorisation even when no accounts have been selected. See the following knowledge article: https://cdr-support.zendesk.com/hc/en-us/articles/900003286226 |
| 609 | 2) AH1 and AH2 have a JA together. They have both selected a pre-approval sharing option for the account. If AH1 removes the data sharing selection is the AH2’s selection authomatically removed? Scenario 6, page 11 in the guidelines seems to imply so. This raises usability concerns as a customer has already provided a disclosure option and they would not expect to be requested to provide it again, unless they have previously cancelled it themselves. | See general statement from the ACCC |
| 609 | 3) AH1 and AH2 have a JA together (account1). They have both selected a pre-approval sharing option for the account. AH1 has removed the selection |
See general statement from the ACCC |
| 609 | 4)Can it be confirmed that the only data type that is not considered joint account data is customer data, that is: customer name, email, address, phone# and occupation? The rest of the data requested to be shared via the data standards are considered JA data: accounts list, account number and BSB, account balance, account detail, transactions, transaction details, direct debits, scheduled payments, payees and payees details, products associated with the account and products’ details | Customer and payee scopes are not considered to be specific to an account, including a joint account. And finally, you may be aware that the joint accounts model is being revisited in a joint Treasury/DSB consultation. This pause and revision may have some bearing on this topic. |
| 609 | 5)What does ‘delink and account from their digital profile’ or ‘use a silent account digitally’ mean in the context of the JA guidelines, page 13 section 9.6 | See general statement from the ACCC |
| 609 | 6)Is there an obligation for the data holder to inform the data recipient that the approval was removed while the original authorisation is still in place? | See general statement from the ACCC |
| 609 | 7)What treatment applies to partnership account? JA guidance document states (page 3) they are not considered JA | See general statement from the ACCC |
| 609 | 8) Question asked In the implementation call and pending answer: Should the JAMS be shown in the authorisation flow if the customer does not select a joint account or customer data | See general statement from the ACCC |
| 609 | 9) Question asked In the implementation call and pending answer: Paragraph 8.5 of the JA Guidance document states that any joint account holder may remove an approval to share data. Does it mean that DHs must allow the data sharing requestor to revoke part of the authorisation, assuming the authorisation was for individual and joint accounts. Or can the obligation be met by allowing the requestor to revoke the whole authorisation only? | See general statement from the ACCC |
| 731 | We are unable to access the CX Guidelines v1.7 as per v1.6 and wanted to know if this will change- the organization has blocked access to just this link on the site. We are also unable to easly access the Consent - Withdrawal wireframe. Is there any way to access these another way. | We have advised other organisations to seek and gain access to this page (which uses the Notion platform), similar to the process organisations undertook to participate on GitHub. A number of ADIs, including major banks, have now been granted access to the new CX Guidelines website. Given this transition and the greater accessibility of this platform over the PDF versions, we do not currently have any plans to provide alternate access to these artefacts. In the future we may consider hosting version-controlled open source assets on the consumerdatastandards.gov.au website. These would be limited to downloadable design files and would not fully reflect content on the new website. However this work is not currently planned so we recommend requesting that your organisation provide access to the current platform. |
| 763 | What happens if two joint account holders do not agree on a disclosure option for an account? Can they still share data from that account by approving the "approval" but not agreeing on the disclosure option? The joint account has not disclosure option set, but authorisation is still approved by both joint account owners. This is sort of a 'default' co-approval mode, with the exception that every authorisation attempt will result in a new invitation to elect a disclosure option. | The existing rules do not allow any joint account data to be shared unless all joint account holders agree to apply a disclosure option (i.e. 'opt-in'). This means an authorisation cannot be 'co-approved' where no disclosure option has been applied, as the scenario you described suggests. You may be aware that the joint accounts model is being revisited in a joint Treasury/DSB consultation. This pause and revision will have some bearing on this query. |
| 777 |
Our interpretation is:
Could you please assist with advising if our interpretation is compliant with the CDR Rules and the Standards. Our question is:
|
Yes. I can confirm that the other interpretations in your query are also correct, but note the following:
|
| 786 |
Question: Our onboarding experience to-date has been sub-optimal, both into the CDR platform as a brand and with the Conformance Test Suite (CTS). Very few things have worked first time, despite platform adoption being mandatory and to a deadline. Whilst our interactions with CDR Technical Operations have been positive, they are often drawn out requiring multiple Jira tickets and conference calls. Are there any plans to improve platform implementation and support processes, potentially including reviews with the user community prior to releasing platform features and supporting documentation? Background: As a Data Holder and started our on-boarding early. The process was emergent and subject to change and the technology platform was not ready for brands. This resulted in a production incident on the CDR platform and manual onboarding exercise conducted by CDR Technical Operations. Our experience with using the standard onboarding to the Conformance Test Suite (CTS) has been sub-optimal and problems have been difficult to diagnose. This is due to a combination of inadequate documentation and low-touch support. The Banking industry are early adopters of an immature platform but without the luxury of opting out of directly contributing to feature development. For clarity this feedback is in relation to the CDR platform (the registry, portal, CTS etc.) and not the standards. |
Appreciate the feedback you have provided below regarding platform implementation and support processes. We recognise the benefit this would provide and have raised this further internally to the relevant Conformance Test Suite (CTS) teams for discussion. To assist with Bankwest’s progress, we currently have CDR-292 raised for the most recent issues that Bankwest have encountered. We have reached out to Bankwest to assist, most recently on the 14th May and again today but are currently awaiting a response. To proceed further we require Bankwest to reattempt the scenarios so we can further investigate any issues encountered. Based on recent releases we believe that the previous issues have been resolved and would like to confirm this with you. If you have any questions, please feel free to contact us at CDRTechnicalOperations@accc.gov.au. |
| 788 | Hi there - Im looking to submit an application to become accredited - how can i find the online application form? | Please check out: How do data recipients apply for accreditation? The primary registration point is the CDR Participant Portal: https://portal.cdr.gov.au/ |
Updating the table below - if your question/ ticket has not received a response yet the team continues to work on a response. We do apologise for the delay on some tickets, the teams are doing their best to get to everyone's questions.
To our valued CDR participants, We have undertaken a review of the CDR Support Portal as a channel for providing guidance on CDR Rules. Based on the volume and nature of questions we have received recently, we have decided to move to a model based on publishing guidance to the community, rather than providing individual responses to stakeholder questions. Our goal is to prioritise the provision of guidance that is accessible, transparent and has industry-wide application. We intend to develop this to meet clear community needs, which we will identify and prioritise based on questions and issues raised by stakeholders. We kindly ask for your patience as we work our way through the tickets, feedback and guidance
A work in progress - open for feedback from the community on what you would like to see.
| Organisation | Description | Link |
|---|---|---|
| OAIC | Main landing page for the Office of the Australian Information Commissioner and the Consumer Data Right | Link |
| DSB | CX Artefacts - The CX Guidelines provide optional examples of key requirements and recommendations to help organisations build best practice consent models. CDR Participants should also refer to the CDR Rules, data standards, and privacy guidelines for a complete view of obligations to facilitate compliance. | Link |
| DSB | Consumer Data Standards Main Page - About the DSB team, engaging with our consultations and Events | Link |
| DSB | The Consumer Data Standards - The technical and consumer experience standards for the Consumer Data Right | Link |
| DSB | The Banking Product Comparator - a demonstration of Product Reference Data from Data Holders as part of the Consumer Data Right | Link |
| DSB | GitHub Consultations - all public consultations from the Data Standards Body | Link |
| DSB | Java Artefacts - An Open Source Project comprised of reference implementations of both Data Holders and Data Recipients | Link |
| ACCC & DSB | The Consumer Data Right Support Portal Knowledge base for the Consumer Data Right covering Rules through to Technical articles and questions |
Link |
| ACCC | ACCC Main focus area/ landing page for the Consumer Data Right | Link |
| ACCC | GitHub Consultations - all public consultations from the ACCC Register Team | Link |
| ACCC | CDR Register Design Reference | Link |
| ACCC | Public page for the Consumer Data Right | Link |
| ACCC | Participant Portal page including sign-up and log-in | Link |
| TSY | Consumer Data Right background and historic records from the Treasury | Link |