ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (29th of October 2020) - ConsumerDataStandardsAustralia/standards GitHub Wiki
ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (29th of October 2020)
When: Weekly every Thursday at 3pm-4.30pm AEDT
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:
Desktop or Mobile Devices
https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61 2 6246 4433
- Quick Dial: +61262464433,785383900%23%23
- Other Global Numbers: https://conferencing.csiro.au/Call-in.php
- Meeting Number/Access Code: 785 383 900
Agenda
- Introductions
- Actions
- CDR Stream updates
- Q&A
- Any other business
Meeting notes
Introductions
- 5 min will be allowed for participants to join the call.
Recording
The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Actions
| Type | Topic | Update |
|---|---|---|
| Standards 1.5.1 | Published | Link to change log here |
| Decision Proposal - Energy | Decision Proposal 116 - Billing Data Payloads | View the Decision Proposal 116 here |
| Decision Proposal - Energy | Decision Proposal 115 - Tailored Tariff Data Payloads | View the Decision Proposal 115 here |
| Maintenance | 5th Maintenance Iteration underway | List of scope and agenda(s) can be found here |
| DSB Newsletter | To subscribe to DSB Newsletter | Link here |
| ACCC Newsletter | To subscribe to ACCC Newsletter | Link here |
| ACCC Newsletter | Newsletter published on the 28th of October 2020 | View the newsletter here |
| Request for clarification | These are to be moved to the CDR Support Portal from Consumer Data Standards Maintenance GitHub | Current requests will be answered and closed out, for new requests - we ask you raise these via the form here or via email to [email protected] |
| CDR Support Portal | Known issue - those who are subscribed to follow a user profile may not be receiving email notifications of new posts being published | Issue/ Ticket raised with ZenDesk - update pending investigation with Support team |
| End of Year | The Data Standards Body would like feedback on the End of Year and how we'd like to operate over the seasonal break. | Survey to capture when we would like to 'break' and when we'd like to 'reconvene'. Survey |
CDR Stream Updates
Provides a weekly update on the activities of each of the CDR streams and their workplaces
- ACCC Rules
- ACCC CDR Register (Technical)
- DSB CX Standards
- DSB Technical Standards - Banking
- DSB Technical Standards - Energy & Engineering
Presentation
The ACCC’s rules team will give an overview of the proposed CDR rules expansion amendments. This will include an opportunity for Q&A about any aspect of the proposed rules and the consultation, which closes on 29 October 2020
This is an implementation call, which is designed to give stakeholders an opportunity to ask our team questions to clarify specific points of uncertainty about the CDR Rules and Standards. To maximise the value of the session, the chair of the meeting will prioritise answering those types of questions.
We recommend that more general comments and feedback, for example about our overall policy direction or implementation timelines, should be provided to us in consultation submissions or other written correspondence.
| # | Question |
|---|---|
| 1 | What consideration has been given to the fact that Farrell 2.0 is being finalised in late October and its potential impact on implementation timing of these changes? |
| 2 | with the proposed rules where both Accredited ADR AND another ACCREDITED ENTITY are in data flow from an ADH. will it be necessary to show both the brand and the potential provider on the dashboards or only the entity directly connected to the ADH? |
| 3 | Will their be further changes to the rules in light of the latest proposed treasury amendments to the Act? Especially with regard to the potential for expanded capabilities for outsourced service providers? |
| 4 | How about distributing a questionaire regarding impact and delivery timelines to all? |
| 5 | Next question ... will we have a Go To Market launch as did NPP? so we can educate consumers |
| 6 | Im wondering how it will work across sectors and if tiering will apply. E.g. will an unrestricted ADR from the Electricity sector be able to request banking sector data on behalf of a consumer |
| 7 | What is the view on "use" of CDR data as it pertains to Machine Learning. i.e. Data cannot be "unseen" by the model if/when consent to use has been withdrawn |
| 8 | We have many questions with the current requirements. In parallel, we have other Rules from a future state to consider, which we do not have much time to consider as we struggle to deliver to 1 July. |
Q&A
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can pre-submit questions to the DSB mailing box.
Current received pre-submitted questions:
Answer provided
| Ticket # | Question | Answer |
|---|---|---|
| 246 | Holding Day - location The extent of any historic calls is limited by the Consumer Data Right Legislation. It is referred to as the holding day and is the 1st of January not more than 2 years earlier than the designation instrument.For banking this is the 1st January 2017. | ‘The earliest holding day for the CDR in banking is 1 January 2017. This is specified in paragraph 5(3) of the Consumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019.’ |
| 233 | Is there a need to correlate pending and posted transactions such that the data recipient doesn't end up with duplicate transactions (ie a pending transaction that is later duplicated by a posted transaction)? | CDR Support Portal |
| 212 | Please explain what return code should be specified in the case of an incorrect 'page' parameter.i.e. Given an DH has 25 records that match a certain request, in that request the ADR specifies - page-size of 10 AND page=5 Then clearly some form of error should be returned, as page 5 does not exist in this case.Questions; - Should the DH return a 200 with no data, page 1 by default, or some 400-range error, and if so which one. - Additionally, where is this specified in the data standards? | CDR Support Portal |
| 207 | We intend to measure availability of the (/Authorisation Endpoint) by using an un-registered ADR client , and if the system responds with an error thereby blocking the request to proceed, we will consider that API is functional. This saves us from constructing an ecosystem of test entities (required if we want to proceed to successful issue of token) and it does not add spurious calls to our metrics. We believe it is compliant with the definition of availability on the standards. We would welcome any comment/advice on our intended approach | CDR Support Portal |
Response pending
| Ticket # | Question | Answer |
|---|---|---|
| 173 | Appreciate if we could get some answers to these github issues.Expectations when a consumer closes their account/relationship with an ADR Issue 313 | Taken on notice |
| 189 | I have been unable to find guidance on when a CDR Policy must be made available by Data Holders. A literal reading of the regulation would suggest that it should be made available as soon as any data sharing occurred (i.e 1 October for most data holders). However, the vast majority of a typical CDR Policy is only relevant for customer data sharing. Can you confirm that a Data Holder does not need to provide a CDR Policy until they begin customer data sharing? | Taken on notice |
| 190 | I am seeking guidance on how "wholesale" products are handled in the CDR. In this context I'm talking about products that are sold via alternative channels, but branded by the Data Holder. Examples would be term deposits sold through marketplaces such as Australian Money Market or Cashworkz, or loans sold through brokers. In these cases, the terms and conditions may differ from directly sold retail products. As the channels are generally not ADIs and therefore not Data Holders, I would assume any obligations would fall back on the product originating ADI. It's unclear if these products are "publicly available" under the CDR definitions as they are not sold directly by the ADIs concerned. Additionally, the terms and conditions can vary across the re-sellers and so if required, how should they be exposed in the PRD APIs? A separate entry for each re-seller, or a generic entry with, for example, no rates given? Any additional guidance around "wholesale" products sold through alternate channels would be appreciated. Thanks. | Taken on notice |
| 192 | We, are looking for clarity on requirements that are compulsory for account & transaction data on Phase 1 & 2 products, specifically for joint accounts. We understand that ACCC provided the Joint Account Guidance where scenarios are outlined. The question we have is on the status of Joint Account Guidance document – are the requirements derived from this document compulsory to implement, or only suggested but not compulsory? Specifically the next two requirements – are they compulsory to implement for account & transaction data on Phase 1 & 2 products release: 1. ‘Pause’ via JAMS (Scenario 4a & b) If one of Joint Account Holders removes an election via JAMS for an account that is already in an active sharing arrangement with 3rd party, authorisation should not be withdrawn, but the data sharing for that account should be stopped. Removal of election via JAMS for joint account does not cause removal of this account from authorisation. It only caused the data sharing to stop for this account. 2. Resume via JAMS (Scenario 4c & 7) After the requirement above, if both Joint Account Holders elect though JAMS for this same joint account that is ‘paused’ in an active sharing arrangement to be shared back (meaning this account is marked back as ‘available for data sharing’), the data sharing should continue as this account was never removed from authorisation in the first place. | Taken on notice |
| 195 | Could you please provide clarity about what “a product that is publicly offered” (under the ACCC CDR Rules) and “products that are currently openly offered to the market” (under the CDR Standards for Banking APIs) means when it comes to sharing required PRD. Specifically, if a phase 1 product is currently only offered by direct invitation to existing customers (i.e. not through online application channels), is PRD required to be shared? | Taken on notice |
| 196 | https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/329 https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/330 | Taken on notice |
| 204 | Clarification on Data holder providing link to CDR policy: This question relates to Part 7 – Rules relating to privacy safeguards, section 7.2.1.According to this rule, a Data Holder (DH) will need to include details of the complaints process on the Consumer Data Right (CDR) policy..The question is at which stage (wireframe) is the CDR policy expected to be shown on Data holder side. As per the CX guidelines, the CDR policy is only visible on the Data recipient Consumer dashboard as attached. | Taken on notice |
| 208 | Seeking further clarification with regards to the CDS rule - Part 5, Division 5.2 (Rule 5.10) which states that5.10 Other conditions on accreditation (1) The Data Recipient Accreditor may, in writing: (a) impose any other condition on an accreditation: (i) at the time of accreditation under subsection 56CA(1) of the Act; or (ii) at any time after accreditation; and (b) vary or remove any conditions imposed under this rule. and that ... (5) The Accreditor: (a) may, but need not, give public notice of a condition or variation imposed or removed under this rule; and (b) may do so in any way that the Accreditor thinks fit. Example: The Accreditor could give public notice of a description of the effect of the conditions, rather than of the conditions themselves.Background: Given that these conditions could be varied and nebulous there is the potential of impact on data holders when engaging or providing CDR Data to an Accredited Data Recipient (ADR) As example - What if the condition is:1. the ADR is only allowed access to a subset of CDR Data; or 2. only able to receive a particular period of CDR data; or 3. only able to hold authorisation for a particular period.Question: Due to the above are Data holders required to identify and comply with these conditions; and if there is a breach of a condition due to CDR data passed from a Data Holder to an ADR, where does liability sit?Adding some more clarification on the context related to the question, 1. Will these conditions placed on the ADR , be within the metadata update endpoint i.e. DH be informed of these new imposed conditions via metadata update? 2. Regardless of whether it’s in the metadata end point or not, who will be liable to ensure the correct information has been shared between the DR and the DH? a. Will it be on the DR – that they are only requesting the information they have been accredited for? b. If a DH has packaged information, and there is a data set in that package – is it up to the DR to only consume the information they are conditioned to or is it up the DH to remove the set of information DR is not allowed to access ? | - |
| 209 | Where there is a joint account with a Power Of Attorney, what are the rules around sharing data, when both parties are required to authorise the sharing of data? The Power of Attorney question also relates to individual accounts. Where a request has been made, however it has been made from the Power of Attorney, what rules apply to sharing the data? If we have deemed the transaction not be be causing financial or physical harm, is there an issue with sharing the data? | - |
| 210 | We have noticed the answer provided on ZenDesk in relation to the minimum product grandfather period (https://cdr-support.zendesk.com/hc/en-us/articles/900002707406-Minimum-Product-Grandfather-Period), which asked if there were criteria required for products which have been grandfathered. Based on the response that said “No. If the product is open or was closed for less than 12 months it should be included." We note that products can either be on-sale or not-for-sale (grandfathered). We therefore seek clarification on whether the intention of the previous response with respect to required consumer data is as in the attached table. | - |
| 214 | Wanting to confirm the following in the phasing table: 1. Part 4 for 1 Feb 2021: is this a MUST timeframe or can FI's fall back to the 1 July 2021 as the MUST date? 2. Part 3 for 1 July 2021: has it been finalised that CDR Consumers (customers/members of the bank) can request their information directly from the FI? | - |
Notes
- TBA
Question and answers
| # | Question | Answer/ Action |
|---|---|---|
Other business
- TBA
Appendices
- TBA
Next Steps
- TBA