ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (18th of March 2021) - ConsumerDataStandardsAustralia/standards GitHub Wiki
ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (18th of March 2021)
When: Weekly every Thursday at 3pm-4.30pm AEDT
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:
Desktop or Mobile Devices
https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61 2 6246 4433
- Quick Dial: +61262464433,785383900%23%23
- Other Global Numbers: https://conferencing.csiro.au/Call-in.php
- Meeting Number/Access Code: 785 383 900
Agenda
- Introductions
- Actions
- CDR Stream updates
- Presentation
- Q&A
- Any other business
Introductions
- 5 min will be allowed for participants to join the call.
Recording
The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Updates
Type | Topic | Update |
---|---|---|
Standards | Version 1.7.0 Published | Link to change log here |
Maintenance | 6th Maintenance Iteration underway for 2021 | Read about the Maintenance Iteration - If you would like to join these please reach out to [email protected] |
Maintenance | Decision Proposal 161 - Banking Maintenance Iteration 6 | Link to consultation |
DSB Newsletter | To subscribe to DSB Newsletter | Link here |
ACCC Newsletter | To subscribe to ACCC Newsletter | Link here |
ACCC Newsletter | 3rd of March 2021 Edition | View in browser here |
DSB Newsletter | 12th of March 2021 Edition | View in browser here |
Consultations | Decision Proposal 160 - CX Standards This is a placeholder issue for consultation on CX Standards for non-individual consumers, business partnerships, and secondary users. This proposal is not yet ready for publication. This placeholder issue has been opened to gather initial community commentary on the scope and content of the proposal. While the intention is for this consultation to focus on the relevant items raised in Noting Paper 157*, the DSB encourages feedback on any additional CX Standards and CX Guidelines that the community views as required for the purposes of non-individual consumers, business partnerships, and secondary users. *Items 12-14. Item 16 on secondary user withdrawal standards will be dealt with separately. - Non-individual Consumers - Business Partnerships - Secondary users | Link to consultation |
Consultation | Decision Proposal 162 - CX Standards, Joint Accounts, Authorisation Flow | Link to consultation |
Consultation | Decision Proposal 164 - Endpoint Metrics | Link to consultation |
Consultation | Decision Proposal 165 - Brand aware metrics | Link to consultation |
Consultation | Decision Proposal 166 - CX metrics for Data Holders | Link to consultation |
Consultation | Decision Proposal 167 - Direct to consumer | Link to consultation |
Consultation | Decision Proposal 168 - Separate Consents, Authorisation Withdrawal | Link to consultation |
Consultation | Noting Paper - White Label Conventions | Link to consultation |
Consultation | Decision Proposal 173 - Energy Draft Feedback Cycle 2 | Link to consultation |
CDR Support Portal | New Support Portal Article on Brands in the Consumer Data Right Ecosystem | Link to Article on Brands in the Consumer Data Right Ecosystem |
CDR Stream Updates
Provides a weekly update on the activities of each of the CDR streams and their workplaces
Organisation | Stream | Member |
---|---|---|
ACCC | CDR Register (Technical) | Ivan Hosgood |
ACCC | Onboarding | Jorina van Malsen |
DSB | CX Standards | Eunice Ching |
DSB | Technical Standards - Banking | Mark Verstege |
DSB | Technical Standards - Energy & Engineering | James Bligh |
Presentation
Presentation this week Ivan Hosgood from the ACCC and Mark Verstege from the Data Standards Body will walk through Scenarios 1 and 2 in the latest Noting Paper - White Label Conventions and covered in the CDR Support Portal Guide "Brands in the Consumer Data Right Ecosystem".
Q&A
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can pre-submit questions to the DSB mailing box.
New Experiment for Q&A
We are trialling Sli.do for Question and Answer. Join our Q&A live here: https://www.sli.do/ Code: #11096
Current received pre-submitted questions:
Answer provided
Ticket # | Question | Answer |
---|---|---|
308 | I have a closed account with a data holder that was closed 23 months ago. Based on the CDR rules the account is eligible for consent. The consumer provides consent for 12 months (maximum duration) for this account to an ADR. After a month, the account becomes ineligible for data sharing, and the Data Holder will reject data requests. The consent is however valid for another 11 months. If this is the only account in the consent, then the consent is as-good as not exiting. Can the Data holder trigger notifications to the consumer stating that you have an account which you had consented to and data cannot be shared? Do you want to revoke consent and take it to a closure instead of an ADR requesting data for that account and DH rejecting (i.e not sending data) that request. Alternatively during the consent flow, indicate explicitly to the ADR that even though consent can be granted for 12 months, data will not available after a month. This would allow the ADR to send a consent which is valid for just a month. I would like to hear views and thoughts (on this edge case). | A data holder is only required to provide CDR data from a closed account in response to a consumer data request if the data requested is ‘required consumer data’ [see Schedule 3, Clause 3.2(5)]. As you note, 24 months after an account closes, the data holder is no longer required to provide the data listed in the relevant part of Clause 3.2(5) to the customer. However, it may choose to do so (as ‘voluntary consumer data’). Under sub-rule 4.23(1)(e), the data holder must give the CDR consumer information about the time period for an authorisation (if an authorisation is being sought over a period of time). If the data holder is not intending to provide voluntary data for the account after data ceases to be required consumer data, the shorter period for authorisation should be reflected in the request for authorisation for the account. On the ADR side, we note that for a closed account an ADR may be able to collect the CDR data it needs over a short period of time, as no new data will be generated on a closed account. Any consent to use could persist for longer. |
569 | I'm wondering if there are any plans or guidance for allowing Data Holders to introduce a way for a customer to easily identify an arrangement. This may be useful where a customer has many concurrent arrangements and wants to phone the call centre for a specific revocation. In the CDR Rules Exposure draft it seems there was an idea for ADRs to supply some consent metadata like 'Consent 1', 'Consent 2', but otherwise the Data Holder may only have the consent grant date, accounts it contained, data clusters etc. I don't think arrangement ID (which may be a GUID) would be a good option, but a simple ID may help. Any thoughts? | No functionality currently exists for an ADR to provide DHs with differentiating information for concurrent consents, but this is something we are looking to consult on in relation to the 'CX of DH Dashboards' issue. The CX Guidelines suggest that a DH may want to allow consumers to create user-defined tags (p.106), which may help in this scenario if implemented. Otherwise, nothing currently prohibits a DH from providing a separate ID to help consumers identify concurrent arrangements - the rules and standards on dashboard designs are fairly open. That said, if you were considering a DH-provided ID, it is worth assessing against the possibility that ADR-supplied metadata could be supported in future. The CX of DH Dashboards issue hasn't been considered urgent as concurrent consents aren't expected to scale in the early phases of CDR, which may have some bearing on DHs providing extra functionality in the short term. |
653 | I wanted to clarify if a Data Recipient can request Schedule Payments using a consent that has only bank:regular_payments:read scope attached to it? | Yes this is possible. Provided the ADR has the accountId they can collect the scheduled payment data using only this scope. This may be because they have previously collected the account data under an amended consent or using concurrent consent, the ADR may have established one consent with the account scopes and another with the scheduled payment scope. CDR Support Portal Article |
Response pending
Updating the table below - if your question/ ticket has not received a response yet the team continues to work on a response. We do apologise for the delay on some tickets, the teams are doing their best to get to everyone's questions.
To our valued CDR participants, In light of the movement of the Rules function to the Treasury, we are assessing the current support structure and requests open on the CDR Support Portal. We kindly ask for your patience as we work our way through the tickets and support model; we will endeavour to get back to you as soon as possible. Thank you for your support.
Useful Links
A work in progress - open for feedback from the community on what you would like to see.
Organisation | Description | Link |
---|---|---|
OAIC | Main landing page for the Office of the Australian Information Commissioner and the Consumer Data Right | Link |
DSB | CX Artefacts - The CX Guidelines provide optional examples of key requirements and recommendations to help organisations build best practice consent models. CDR Participants should also refer to the CDR Rules, data standards, and privacy guidelines for a complete view of obligations to facilitate compliance. | Link |
DSB | Consumer Data Standards Main Page - About the DSB team, engaging with our consultations and Events | Link |
DSB | The Consumer Data Standards - The technical and consumer experience standards for the Consumer Data Right | Link |
DSB | The Banking Product Comparator - a demonstration of Product Reference Data from Data Holders as part of the Consumer Data Right | Link |
DSB | GitHub Consultations - all public consultations from the Data Standards Body | Link |
DSB | Java Artefacts - An Open Source Project comprised of reference implementations of both Data Holders and Data Recipients | Link |
ACCC & DSB | The Consumer Data Right Support Portal Knowledge base for the Consumer Data Right covering Rules through to Technical articles and questions | Link |
ACCC | ACCC Main focus area/ landing page for the Consumer Data Right | Link |
ACCC | GitHub Consultations - all public consultations from the ACCC Register Team | Link |
ACCC | CDR Register Design Reference | Link |
ACCC | Public page for the Consumer Data Right | Link |
ACCC | Participant Portal page including sign-up and log-in | Link |
TSY | Consumer Data Right background and historic records from the Treasury | Link |