ACCC & DSB Data Holder Working Group Agenda & Meeting Notes 2020_04_02 - ConsumerDataStandardsAustralia/standards GitHub Wiki
When: Weekly every Thursday at 3pm-4pm AEDT (2pm-3pm AEST)
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:
Desktop or Mobile Devices
https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61 2 6246 4433
- Quick Dial: +61262464433,785383900%23%23
- Other Global Numbers: https://conferencing.csiro.au/Call-in.php
- Meeting Number/Access Code: 785 383 900
- Introductions
- Outstanding actions
- CDR Stream updates
- Presentation: CX Update
- Q&A
- Any other business
Meeting notes
- 5 min will be allowed for participants to join the call.
Outstanding questions
Question | Update |
---|---|
Issue 56 - KID value in the JWKS | ACCC are in the process of drafting an answer. It will be responded to within the issue's comments |
Issue 162 - Product Reference Data Conformance to CDS | ACCC are currently reviewing this issue |
Provides a weekly update on the activities of each of the CDR streams and their workplaces
- ACCC Rules
- ACCC CDR Register (Technical)
- DSB CX Standards
- DSB Technical Standards
CX Update covering:
- Overview of CDR CX
- CX Consultation for Joint Account Holders
- CX Consultation for CDR Logo
Questions will be received by the community via WebEx chat before the questions are opened to the floor.
Currently received pre-submitted questions:
# | Question |
---|---|
— Is there an obligation to have an internal dispute resolution process in place for PRD for potential third party participant (TPP) disputes? For example, ie if we believe a TPP is 'misbehaving' or the volume of requests could negatively impact our systems, we can reject or throttle their requests (as per the Standard’s provision for Exemptions to Protect Service). Would we need to have a process in place to manage any disputes arising from this action by a TPP (ie the data requester/recipient) for compliance purposes? While the rules are defined in 6.1 Requirement for data holders―internal dispute resolution, at the moment, the Standards make no mention of dispute management requirements however it does state that standards relating to NFRs will commence on a date specified by the Data Standards Chair after an analysis of actual usage in a production implementation. This will become a binding data standard under the Consumer Data Rules and therefore will clause 5.1 of Schedule 3 also be binding for Product Reference Data? — If so, what would be an example of an appropriate control to manage internal disputes for PRD data requests? — Would the ACCC regulate this for PRD? — Is there any information we would need to capture and/or provide to ACCC to support a dispute resolution process? |
For discussion |
Description Of Issue: The current version of the standards mandate single consent. Until November 2020 data recipients MUST NOT implement scenarios that support concurrent consent. Only single, extant consent scenarios should be implemented until this date. Given the that refresh token is hard wired to this single consent, logically, there can only be one active refresh token at a time. The spec currently says: Until November 2020 data recipients MUST actively revoke previously supplied refresh tokens, immediately after receiving the tokens for a newly established consent, using the revocation end point. Recommended Solution: [Bank] believes that, based on the decision to only support a single extant consent, it should say: Until November 2020 data recipients MUST actively revoke previously supplied refresh tokens, before requesting a newly established consent. |
For discussion |
CX question around the date that needs to be shown in the Historical Data screen that dat holders need to show in the Confirmation screen of the authorisation. Is this a static date of 1 January 2017 or is it a variable date that changes on the date range of what transactions are requested. | For discussion |
- Maintenance Iteration Cycle 03 to commence next Monday 6th of April 2020, it is a eight week iteration. First two weeks are open for consultation of what is to be prioritised
- Michael Palmyre ran through a presentation on the call around the 101 of CX Requirements and Guidelines
# | Question | Answer |
---|---|---|
1 | Question on RFC2110 | DSB to action with ACCC on the specificity of MUST and SHOULD in the context of CX Guidelines |
2 | Question on the focus of the Current Standards work is ‘Banking Specific’ when is Energy to commence? | Focus has been initially only Banking, now Energy Sector conversations are commencing – watch this space |
3 | Question around the distribution and retrieval of CDR Logo? | ACCC to take action for answer |
4 | Question around will business accounts follow the same model as joint accounts? | No, joint accounts will not be the decision or approach for business accounts, the DSB and ACCC will undertake consultation when the time comes for the different account and entity type. |
5 | Will the dispute process cover abuse of Transaction endpoints by third parties? | No, dispute process will only cover consumer data complaints for the initial launch – open for revision at a later date |
Other business
- None
- DSB to action with ACCC on the specificity of MUST and SHOULD in the context of CX Guidelines
- ACCC to take action for answer on distribution model for the CDR Logo