Question
Can a business nominated representative be associated with both individual and business accounts under the same consent?
Answer
This depends on what credentials the Data Holder (DH) uses to authenticate the nominated representative. If the nominated representative is an individual, the credentials may include the individual's personal profile if they have personal accounts with the DH. The credentials may include the individual's business employee or representative profile. If the nominated representative is a non-individual or partnership, the DH can decide what credentials are appropriate for the purposes of sharing.
Question
In a scenario where DH permits a nominated representative access to both individual accounts and business accounts, is the DH required to display both individual and business data cluster language, in both authorization flow and consumer dashboard, if "common.customer.*" data cluster is included?
Answer
If a scenario allows the sharing of individual and business accounts in a single consent, the data language standards differ only for the customer language (i.e. common:customer.basic:read or common:customer.detail:read). The language standards for all other data clusters are agnostic. Importantly, the person authorising the sharing of data is not equivalent to the CDR customer for the purposes of the customer data cluster. As the previous response suggests, the expectation is that DHs request that the nominated representative specify the context in which they are sharing. The consent will then be established in that context, which will also determine if the DH is to use individual or business customer language.
Comments
0 comments
Please sign in to leave a comment.