Question
In accordance with the CDR standards:
- Is there a distinction between 'expired' and 'revoked' consents?
- Is it mandatory to show both states on a dashboard? If so, are we allowed to decide the name for each of the states?
Answer
There are no rules or standards that require CDR participants to use particular terms on their dashboard in relation to the consent status. There are no rules or standards requiring CDR participants to format their dashboards in any particular way. The only requirement is that the dashboard is simple and straightforward to use and prominently displayed. See CDR Rules, 1.14(1)(c) and 1.15(1)(c).
The CX Guidelines include some recommended approaches for how a dashboard can be formatted. See DH dashboards and ADR dashboards.
According to the rules, consents can be 'current' or 'expired'. CDR Rules 4.14(1) outlines how a consent can expire, including at the end of the period the CDR consumer consented to, or if the consent is withdrawn.
The rules require the Accredited Data Recipients (ADR) and Data Holder (DH) to provide information for each consent or authorisation on the dashboard:
- if the consent/authorisation is current, show when it is scheduled to expire. See CDR Rules 1.14(3)(f) for ADRs, and 1.15(3)(d) for DHs.
- if the consent/authorisation is not current, show when it expired. See CDR Rules 1.14(3)(g) for ADRs, and rule 1.15(3)(f) for DHs.
Both DHs and ADRs are expected to record how the withdrawal was requested by the consumer. See CDR Rules 9.3(1)(b) for DHs and 9.3(2)(b) for ADRs.
However, the CDR Rules do not require the method of withdrawal to be shown on the dashboard.
See CDS Guide, Authorisation and Consent, for discussion of aspects of revoking consent.
See CDR Rules: main section:
- Part 1, subdivision 1.4.3, 1.14 Consumer dashboard - accredited person, 1.14(1)(c)
- Part 1, subdivision 1.4.3, 1.14 Consumer dashboard - accredited person, 1.14(3)(f)
- Part 1, subdivision 1.4.3, 1.15 Consumer dashboard - data holder, 1.15(1)(c)
- Part 1, subdivision 1.4.3, 1.15 Consumer dashboard - data holder, 1.15(3)(d)
- Part 1, subdivision 4.3.2C, Duration of Consent 4.14(1)
- Part 9, subdivision 9.3.1, 9.3 Records to be kept and maintained, 9.3(1)(b)
- Part 9, subdivision 9.3.1, 9.3 Records to be kept and maintained, 9.3(2)(b)
Comments
0 comments
Please sign in to leave a comment.