Question

According to this Concurrent Consent knowledge base article, concurrent consent requires multiple arrangement IDs. 

Is it mandatory for ADRs to support concurrent consent?

If a Data Holder solution requires an ADR to recognise separate CDR Arrangement IDs, but the ADR has not implemented this functionality, what is the recommended action by the Data Standards Body?

Answer

The concurrent consent approach defined in the standards is made up of a variety of statements, some of which apply to the data holder and some that apply to the ADR. 

The ADR is not obliged to pass an existing arrangement ID when creating new consent. If a new concurrent consent is to be created, then a consent will be established without a pre-existing arrangement ID.

An arrangement ID needs to be passed by the ADR only when an existing consent is being revoked and amended in an atomic step, such as extension or modification of consent.

The ADR is obligated by the standards to implement the arrangement revocation end point defined in the information security profile, so that a the data holder can notify the ADR if the consumer revokes an arrangement via the data holder's dashboard or assisted channel.

See:

• Concurrent consent
• CDS CDR arrangement ID