Question
As part of the Authentication flow, there is a CDR Policy link on the Login (Customer ID) and OTP screens.
To comply with internal Privacy policies and with Australian Energy Regulator (AER) regulations, however, energy retailers need to have customers explicitly agree to a set of specific CDR Terms and Conditions, specifically to do with handling of personal information, and CDR sharing of information metering, billing etc.
As part of the Data Holder Authentication Flow, is it acceptable to include a checkbox along the lines of "I agree to CDR Terms and Conditions and there will be a public link the actual T&C that consumers have to tick before they continue?
Answer
Additional Terms & Conditions are not permitted under the CDR. The internal privacy policy of an energy retailer does not override this position nor does any AER regulation or requirement.
See:
- CDR Rules, main section, Part 1 - Preliminary, 1.2, Simplified outline
- CDR Rules, main section, Part 2 - Product Data Requests, 2.1 Simplified outline
Comments
0 comments
Please sign in to leave a comment.