ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes | 20th of October 2022
When: Weekly every Thursday at 3pm-4.30pm AEST
Location: WebEx, quick dial +61-2-9338-2221,,1650705270##
Meeting Details:
Desktop or Mobile Devices
https://treasuryau.webex.com/treasuryau/j.php?MTID=m9614a7c6166155d3d950a8999e437f9f
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61-2-9338-2221
- Quick Dial: +61-2-9338-2221,,1650705270##
- Other Global Numbers: https://treasuryau.webex.com/cmp3300/webcomponents/widget/globalcallin/globalcallin.do?MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&serviceType=MC&serviceType=MC&serviceType=MC&siteurl=treasuryau&siteurl=treasuryau&siteurl=treasuryau&apiname=globalcallin.php&apiname=globalcallin.php&apiname=globalcallin.php&rnd=6124483603&rnd=6124483603&rnd=6124483603&tollFree=0&tollFree=0&tollFree=0&ED=1403111402&ED=1403111402&ED=1403111402&needFilter=false&needFilter=false&needFilter=false&actappname=cmp3300&actappname=cmp3300&actname=/webcomponents/widget/globalcallin/gcnredirector.do&actname=/webcomponents/widget/globalcallin/gcnredirector.do&renewticket=0
- Meeting Number/Access Code: 165 070 5270
- Introductions
- Actions
- CDR Stream updates
- Presentation
- Q&A
- Any other business
- 5 min will be allowed for participants to join the call.
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.
By participating in the Consumer Data Right Implementation Call you agree to the Community Guidelines. These guidelines intend to provide a safe and constructive space for members to discuss implementation topics with other participants and members of the ACCC and Data Standards Body.
| Type | Topic | Update |
|---|---|---|
| Standards | Version 1.19.0 Published on 13th of September 2022 | Link to change log here |
| Standards | Version 1.20.0 is being staged | View the branch here |
| Maintenance | Maintenance Iteration 12 | Last met on 14th of September 2022 Agenda for the Final meeting here |
| Maintenance | Decision Proposal 259 - Maintenance Iteration 12 | Changes, meeting notes and updates for the iteration can be found here |
| Maintenance | Maintenance Iteration 13 underway | Met 12th of October 2022 and the agenda for the meet is here |
| Maintenance | Decision Proposal 272 - Maintenance Iteration 13 | Changes, meeting notes and updates for the iteration can be found here |
| TSY Newsletter | To subscribe to TSY Newsletter | Link here |
| DSB Newsletter | To subscribe to DSB Newsletter | Link here |
| TSY Newsletter | 28th of September 2022 | View in browser here |
| DSB Newsletter | 14th of October 2022 | View in browser here |
| Consultation | Normative Standards Review (2021) | No Close Date Link to consultation |
| Consultation | Decision Proposal 229 - CDR Participant Representation | Placeholder: no close date Link to consultation |
| Noting Paper | Noting Paper 255 - Approach to Telco Sector Standards | Link to consultation |
| Noting Paper | Noting Paper 258 - Independent Information Security Review | Link to consultation |
| Consultation | Decision Proposal 267- CX Standards Telco Data Language Feedback closed: 15th of September 2022 Thanks to those who provided feedback on DP267 by 15th September. With the v5 rules out for consultation, the DSB will leave this issue open for comments while considering existing feedback and developing version 2 of DP267, which is expected to be published for consultation in October. |
Link to consultation |
| Survey | The Data Standards Body invite the CDR Community to provide feedback on the different Engineering Tools and platforms. | Link to survey |
| Survey | 2022 - 2023 CDR Implementation Call | Link to survey |
| Workshop | Next week on the CDR Implementation Call we will be utilising the time for a Telecommunications Standards and the Consumer Data Standards workshop | We will extend the Call by 30min to accommodate Community input |
| Webex | Plan to switch over to Microsoft Teams by early November 2022 | Updated invitations will be sent out in the coming weeks |
| Q&A | Updated Questions on Notice page | Link here and in the Q&A section |
| Tooling | Java Artefacts updated to V1.19.0 of the Consumer Data Standards | Link to the Java Artefacts |
| Tooling | Schema definitions and Type definitions are now up to date with the current version of the Standards v1.19.0 | - See the latest type definitions: @types/consumer-data-standards - npm (npmjs.com) - See the latest schema definitions: ConsumerDataStandardsAustralia/dsb-schema-tools (github.com) |
Provides a weekly update on the activities of each of the CDR streams and their stream of work
| Organisation | Stream | Member |
|---|---|---|
| ACCC | CDR Register | Emma Harvey |
| ACCC | CTS | Andrea Gibney |
| DSB | CX Standards | Michael Palmyre |
| DSB | Technical Standards - Banking, Infosec | Mark Verstege |
| DSB | Technical Standards - Energy | Hemang Rathod |
| DSB | Technical Standards - Telecommunications | Brian Kirkpatrick |
| DSB | Technical Standards - Register | James Bligh |
| DSB | Technical Standards - Engineering | Sumaya Hasan |
None this week.
Update: Questions on Notice
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can submit questions outside of the CDR Implementation Call to the CDR Support Portal.
In regards to topics for questions, we ask the participants on the call to consider the Community Guidelines when posing questions to the subject matter experts.
| Ticket # | Question | Answer |
|---|---|---|
| 1524 | The guidance in Secondary Users in the banking sector guidance states that where a secondary user loses account privileges and is consequently no longer an eligible secondary user on the Account (but remains an eligible CDR consumer – with authorised consents which related to the Account and which also relate to other account/s) – if the secondary user instruction for the Account is not withdrawn – and the authorised consents remain current, if the secondary user regains account privileges on the Account, sharing must recommence under the secondary user’s existing authorisations in relation to the Account. we would like to verify that this is accurate as from a hierarchy perspective, this places the secondary user instruction above account privileges. We query whether this is likely to align with customer expectations when revoking account privileges and would like to confirm this is the intent? We do note that whether or not sharing is enabled on the Account in respect of the secondary user’s previously authorised consents will hang on whether the secondary user has continued to be an eligible CDR consumer. |
This is a correct interpretation of the ACCC’s guidance. Where an individual loses account privileges for a specific account, the person will cease to be a secondary user of that account. However, the loss of account privileges does not affect an account holder’s existing secondary user instruction. The secondary user instruction will remain current unless it is withdrawn. For the person’s authorisations to not expire under rule 4.26(1)(c), the person must continue to meet the eligibility requirements under rule 1.10B and clause 2.1 of schedule 3, (e.g. because the person holds another account that is accessible online with the data holder). If the person remains eligible, and the secondary user instruction remains in place, they will recommence being a secondary user of the account if and when they regain account privileges. |
| 1645 | If an individual becomes deceased and subsequently a deceased estate (trust organisation) is established to manage the deceased individual’s estate and their accounts, is it acceptable to exclude deceases estates from the classification of an “Organisation” and the deceased estate would not be allowed to share data. | The definition of “eligible” in rule 1.10B(1)(a)(ii) refers to an “individual”, which we interpret to mean a living, natural person. This means when a CDR consumer dies they become ineligible for the purposes of the CDR Rules and their authorisations expire (see rule 4.26(1)(c)). |
| 1649 | Few weeks ago during CDR implementation call, I asked one question related to the obligation for the DH to provide a consent dashboard to the partners and non-individual entities when a nominated rep authorises a consent. " the ACCC guidance confirms the ‘CDR consumer’ is the actual non-individual / partnership, not the Nominated Rep. A DH has an obligation to provide the ‘CDR consumer’ with the consumer dashboard under rule 1.15. Therefore do we need to offer ‘View only’ consumer dashboard for the: Q1. non-NR partners of the partnership Q2. other individuals linked to the non-individual entity (that aren’t NRs) (view only given 1.15(2A) specifies that only a NR can manage authorisations). Related to notification requirement: Q3. do we need to notify "non-NR partners of the partnership" and "non-individual" entities when consent is authorised by the nominated rep (NP)? We are in the design phase for Nov' 2022 and the response to this question is really very important to consider. Awaiting your feedback. |
The ACCC has recently published an article on Providing dashboards to nominated representatives acting on behalf of CDR consumers which answers your question. |
| 1655 | Where a data holder has 2 or more brands registered in the CDR Registry (and therefore appears as 2 or more brands to CDR participants), we would like to confirm that customer eligibility is determined separately 'within each brand'. Take ANZ and ANZPlus: say a single individual customer of ANZ is also a customer of ANZPlus, is over 18, and has online access to accounts in each of the respective digital channels. They are of course eligible for consumer data sharing in each brand. However, if the customer closes all accounts in ANZPlus, but retains an open account in ANZ, are they still eligible, or no longer eligible, in ANZPlus? | Eligibility of a CDR consumer is determined by Rule 1.10B. For the banking sector additional requirements are also included in Schedule 3 Part 2, Section 2.1. Schedule 3, section 3.2 Note 3 states: So long as the CDR consumer is eligible to make a consumer data request in relation to a particular data holder, they will be able to make or cause to be made a consumer data request that relates to any account they have with the data holder, including closed accounts (subject to subclauses (4) and (5)) or accounts that cannot be accessed online. Therefore, our view is that if the CDR consumer is eligible for at least one account, then all other accounts they hold with the data holder - whether or not those other accounts are located on a different digital channel - must also be available for CDR data sharing. More information is available in the article Digital channels and the eligibility of CDR consumers. |
| 1749 | Dear Zendesk, in relation to alternate notification schedules, we understand the rules and standards for joint account holders (and have implemented accordingly). We would like to confirm there are no objections to extending this functionality to individual account holders that have given secondary user instructions? An illustrative example would be: (1) the individual account owner sets their personal notification schedule to "I don't want any notifications", or "I only want a monthly update"; (2) their secondary user initiates a data sharing arrangement; (3) accordingly - and in line with 'relevant joint account holder' alternate notification setting behaviour - the account owner will not receive a notification, or will receive it at month end. We propose (recommend) that the system default for individual account holders be 'send notifications as soon as the event happens' (i.e. 'as soon as practicable'), but also that their preferences in relation to their notifications be respected. We see this as a benefit to the individual (incl. sole trader) account owner as it extends this feature to them, and also brings individual, sole trader, and joint account holder functionality into further alignment. Importantly, we can find no contradiction to this recommendation in the Rules (Comp. 7), CDR standards, or in the guidance on Privacy Safeguard 10. |
The CDR Rules do not expressly prevent an alternative notification schedule being offered to an individual account holder that have given secondary user instructions; however, there are a range of notification requirements in the CDR Rules that require notification to be given to the CDR Consumer "as soon as practicable”. There is no ability to shift these notifications to an alternative schedule. In particular we note rule 4.28 which outlines the notification requirements for consumer data requests on behalf of secondary users. This provision requires data holders to notify the account holder ‘as soon as practicable’ if an accredited person makes a consumer data request on behalf of a secondary user for a particular account, a secondary user amends or withdraws an instruction, or an authorisation given by the secondary user expires. These notifications must be given as soon as practicable notwithstanding any alternative notification schedule. We are happy to provide Treasury with feedback on this issue for them to consider the need for rules relating alternative notification schedules for individual account holders to align with joint accounts. |
| 1754 | Open Finance: Is there guidance available in relation to a bank reselling a product? eg: if a bank resells an insurance product, would the bank or insurance provider be expected to share data? | Treasury is responsible for the development of the CDR rules and the application of the CDR to future sectors in the economy. Treasury is still currently in the process of conducting consultation and the future data sharing obligations in Open Finance have yet to be finalised, including in relation to general insurance. As such, it is not yet possible to provide guidance in relation to your query. Treasury recently published a draft designation instrument for the non-bank lending sector which provides further information on the proposed datasets and designated data holders in the non-bank lending sector before a final decision is made. Treasury have provided that consultation on the remaining sectors in Open Finance, such as insurance, will occur later in the year and in early 2023. |
View a number of informative and useful links in the Consumer Data Standards Guide on Information Links.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
 |