ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (13th of May 2021)

When: Weekly every Thursday at 3pm-4.30pm AEST
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:

Desktop or Mobile Devices https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.

Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]

Phones - AUDIO ONLY

• Primary Australia: +61 2 6246 4433
• Quick Dial: +61262464433,785383900%23%23
• Other Global Numbers: https://conferencing.csiro.au/Call-in.php
• Meeting Number/Access Code: 785 383 900

---

Agenda

1. Introductions
2. Actions
3. CDR Stream updates
4. Presentation
5. Q&A
6. Any other business

Introductions

• 5 min will be allowed for participants to join the call.

Recording

The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Updates

Type	Topic	Update
Standards	Version 1.9.0 Published	Link to change log here
Standards	Version 1.10.0 Drafted	Link to Version Project Board here
Maintenance	7th Maintenance Iteration has commenced	Agenda of the backlog session
Maintenance	Decision Proposal 178 - Banking Maintenance Iteration 7	Link to consultation
DSB Newsletter	To subscribe to DSB Newsletter	Link here
TSY Newsletter	To subscribe to ACCC Newsletter	Link here
TSY Newsletter	7th of May 2021 Edition	View in browser here
DSB Newsletter	7th of May 2021 Edition	View in browser here
Consultations	Decision Proposal 160 - CX Standards This is a placeholder issue for consultation on CX Standards for non-individual consumers, business partnerships, and secondary users. This proposal is not yet ready for publication. This placeholder issue has been opened to gather initial community commentary on the scope and content of the proposal. While the intention is for this consultation to focus on the relevant items raised in Noting Paper 157*, the DSB encourages feedback on any additional CX Standards and CX Guidelines that the community views as required for the purposes of non-individual consumers, business partnerships, and secondary users. *Items 12-14. Item 16 on secondary user withdrawal standards will be dealt with separately. - Non-individual Consumers - Business Partnerships - Secondary users	Link to consultation
Consultation	Decision Proposal 162 - CX Standards, Joint Accounts, Authorisation Flow	Link to consultation
Consultation	Decision Proposal 166 - CX metrics for Data Holders	Link to consultation
Consultation	Decision Proposal 180 - Energy Draft Feedback Cycle 3	Link to consultation
Design Paper	Design Paper: an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors	Link to consultation
Design Paper	Design Paper: a peer-to-peer data access model in the energy sector	Link to consultation
Action	Is there a process or a future plan to provide access to CTS for technical solution providers (vendors of the DHs)?	If technical service providers are currently providing services for a participant who is being on boarded to CDR, then they are able to act on behalf of the participant with CTS activities. If the question is around a technical service provider who currently doesn’t have a participant that wants to come on board, or if they are looking to pass the CTS independently, then this is something that we will be looking into in the future.
Action	Is the ACCC considering a no-action position for the July obligations considering all the teething issues that are still appearing for participants?”	Please refer to link

Special Edition of the Consumer Data Right Implementation Call

This week we are hosting a special edition of the Consumer Data Right Implementation Call: focusing on the "Design Paper: an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors".

Agenda

Section	Topic	Notes
S1	Introduction to the workshop
S2	Framing of the Design Paper
S3	Joint accounts in a cross-sectoral context
S4	Opt-out proposal
S5	What ‘opt out’ means
S6	Complex joint accounts
S7	Standards considerations
S8	Question & Answer	Join our Q&A live here: https://www.sli.do/ Code: #453702
S9	Wrap up & Next Steps

Important Links

Announcement by Treasury Consultation location GitHub: Design Paper: an ‘opt-out’ data sharing model for joint accounts in the banking and energy sectors GitHub: Design Paper: a peer-to-peer data access model in the energy sector Relevant artefacts MIRO Board - Link to Opt Out

Q&A

Questions will be received by the community via WebEx chat or Sli.do before the questions are opened to the floor.

We are trialling Sli.do for Question and Answer. Join our Q&A live here: https://www.sli.do/ Code: #453702

Answer provided

Ticket #	Question	Answer
431	We are planning to go in with get metrics V2 only (ie we are not planning to build a v1 version). Can we please get confirmation that we can go in with only that version prior to 31st July?	Non-major ADIs should be implementing V2 of the Get Metrics API. Please see the Get Metrics FAQs we published earlier this year for further information about implementing the Get Metrics API.
771	In Account Details API - when a DH is sharing a fixed deposit/lending rate, is the additional value field meant to represent a fixed term duration as a generic property of a product or the amount of time remaining in fixed period? Example: If i have a 5 year fixed mortgage and have 3 years left of the fixed term period, would the API return P5Y or P3Y?	The intent was that it represents the fixed term from the opening of the account. This reduces the need for DHs to calculate on the fly. The specific end, or maturity, dates for loans or term deposits are captured in other fields in Account Details.
772	As per the specification[1], it says "The request MUST include the following parameters using the application/x-www-form-urlencoded format in the HTTP request entity-body: The request MUST include the following parameters using the application/x-www-form-urlencoded format in the HTTP request entity-body: " However, the sample request shown in the specification is as follows. Request POST https://data.holder.com.au/arrangements/revoke HTTP/1.1 Host: data.holder.com.au Content-Type: application/x-www-form-urlencoded client_id=s6BhdRkqt3& client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer& client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey ...& cdr_arrangement_id=5a1bf696-ee03-408b-b315-97955415d1f0 So, do we only need to send the cdr_arrragement_id or all the above parameters in the request? If we are sending only the cdr_arragement_id in the request, how does the client authentication is handled? Is the CDR arrangement revocation endpoint similar to the /token endpoint? Also, could you please send us a sample request & response so we can get a better understanding? Kindly appreciate your feedback and guidance on the above as soon as possible. [1] https://consumerdatastandardsaustralia.github.io/standards/#end-points	[Question] So, do we only need to send the cdr_arrragement_id or all the above parameters in the request? [Answer] Hi Chandima, the ADR or DH must send the cdr_arrangement_id as well as any parameters required for client authentication of the DH at the ADR or client authentication of the ADR at the DH. The statement you refer to requires the cdr_arrangement_id but doesn't preclude the other parameters. They are required as per the Client Authentication section of the standards: https://consumerdatastandardsaustralia.github.io/standards/index.html#client-authentication [Question] If we are sending only the cdr_arragement_id in the request, how does the client authentication is handled? [Answer] You must send the necessary client assertion for authentication as well as the cdr_arragenement_id. [Question] Is the CDR arrangement revocation endpoint similar to the /token endpoint? [Answer] Yes. [Question] Also, could you please send us a sample request & response so we can get a better understanding? [Answer] The DSB does not provide a sample outside of what is provided in the non-normative examples. [Question] For which go-live deadline will the above changes be affected? [Answer] The CDR Arrangement Revocation endpoint was required since November 2020. For non-major DHs going live on July 2021, it will be required at commencement of data sharing on that date. [Question] Will the CDR arrangement revocation endpoint be tested in the CTS? [Answer] Yes. The CTS tests both the ADR and DH hosted CDR Arrangement Revocation endpoint. [Question] If so, what version of the CDR arrangement revocation endpoint will be tested? [Answer] There is only one version of this defined in the standards. The current version will be tested.

Response pending

Updating the table below - if your question/ ticket has not received a response yet the team continues to work on a response. We do apologise for the delay on some tickets, the teams are doing their best to get to everyone's questions.

To our valued CDR participants, We have undertaken a review of the CDR Support Portal as a channel for providing guidance on CDR Rules. Based on the volume and nature of questions we have received recently, we have decided to move to a model based on publishing guidance to the community, rather than providing individual responses to stakeholder questions. Our goal is to prioritise the provision of guidance that is accessible, transparent and has industry-wide application. We intend to develop this to meet clear community needs, which we will identify and prioritise based on questions and issues raised by stakeholders. We kindly ask for your patience as we work our way through the tickets, feedback and guidance

Useful Links

A work in progress - open for feedback from the community on what you would like to see.

Organisation	Description	Link
OAIC	Main landing page for the Office of the Australian Information Commissioner and the Consumer Data Right	Link
DSB	CX Artefacts - The CX Guidelines provide optional examples of key requirements and recommendations to help organisations build best practice consent models. CDR Participants should also refer to the CDR Rules, data standards, and privacy guidelines for a complete view of obligations to facilitate compliance.	Link
DSB	Consumer Data Standards Main Page - About the DSB team, engaging with our consultations and Events	Link
DSB	The Consumer Data Standards - The technical and consumer experience standards for the Consumer Data Right	Link
DSB	The Banking Product Comparator - a demonstration of Product Reference Data from Data Holders as part of the Consumer Data Right	Link
DSB	GitHub Consultations - all public consultations from the Data Standards Body	Link
DSB	Java Artefacts - An Open Source Project comprised of reference implementations of both Data Holders and Data Recipients	Link
ACCC & DSB	The Consumer Data Right Support Portal Knowledge base for the Consumer Data Right covering Rules through to Technical articles and questions	Link
ACCC	ACCC Main focus area/ landing page for the Consumer Data Right	Link
ACCC	GitHub Consultations - all public consultations from the ACCC Register Team	Link
ACCC	CDR Register Design Reference	Link
ACCC	Public page for the Consumer Data Right	Link
ACCC	Participant Portal page including sign-up and log-in	Link
TSY	Consumer Data Right background and historic records from the Treasury	Link