In principle, an authorisation will always be visible on the data holder (DH) dashboard of account holders when the authorisation was initiated by another account holder (i.e. a joint account holder) or a secondary user. The status of the authorisation may change for the non-initiating account holder to an 'inactive' state if the authorisation has expired, or there are no longer any relevant accounts being shared as part of the authorisation. For example:

Relevant accounts no longer being shared in an authorisation

If a relevant account is no longer being shared as part of an authorisation, then the account should still be displayed in the non-initiating account holder's view of the authorisation. The authorisation may still display as ‘active’ to the non-initiating account holder if other relevant accounts remain in the authorisation, but the specific relevant account for which data is no longer being shared may be tagged as 'inactive' or ‘disabled’.

If no relevant accounts are being shared as part of the authorisation, then the authorisation should still be displayed on the non-initiating account holder’s dashboard, but the authorisation itself should no longer display as ‘active’ to the non-initiating account holder. This is because the contents of the authorisation no longer relate to the non-initiating account holder.

The CX Guidelines present possible visual design solutions for both scenarios in the guidance for Data holder dashboards: Authorisations, Joint accounts.

In both scenarios, the non-initiating account holder’s view of the authorisation may not always correspond with the actual status of the authorisation for the initiating account holder or secondary user. That is, the authorisation may display as ‘inactive’ for the non-initiating account holder despite the actual authorisation remaining active. Neither scenario would alter the status of the actual authorisation for the initiating account holder or secondary user, as accounts are dissociated from authorisations as per the technical standards.

The ceasing of sharing for a particular account can occur for several reasons, which may include: 

• For all accounts: because the account being shared has become ineligible and is no longer supported by the data holder
• For joint accounts:
  • because an approval to disclose joint account data in relation to a particular authorisation has been removed under rule 4A.13(1)(e) of the CDR Rules; or
  • the disclosure option for that account has been changed to a 'non-disclosure option' under rule 4A.7 of the CDR Rules
• For secondary users:
  • because the secondary user instruction has been withdrawn by the account holder under rule 1.15(5)(b) of the CDR Rules; or
  • where a data holder offers the optional functionality described at rule 4.6A of the CDR Rules, an account holder chooses to block disclosure of CDR data from a secondary user to a particular accredited data recipient (ADR). See Ceasing Secondary User Sharing.

Where a data holder offers the optional functionality of allowing an account holder to choose to stop a secondary user disclosing data in relation to a particular authorisation, the account holder ceases sharing on this basis.

Technical implementation

The technical implementation of these dashboard display options is at the DH's discretion, provided it remains compliant and produces the intended outcome. For example, a DH may implement functionality such that the relevant account is physically removed from the authorisation, and only visually displayed in the arrangement for record and historical purposes. Alternatively, a DH may implement this functionality in a way that the disclosure of data from the relevant account is technically 'paused'. However, regardless of the DH's choice of technical implementation, certain conditions may exist for who can re-commence data sharing and how data sharing for an account may re-commence, such as:

Joint accounts

• If the disclosure option is changed to a non-disclosure option, a joint account holder or secondary user of the joint account cannot re-share the joint account through a new or amended consent. In this instance, it would display as an unavailable account in the authorisation flow. Sharing from that account can only occur again if all joint account holders agree to a less restrictive disclosure option. If an approval for the relevant account has remained in place for an active arrangement, and a less restrictive disclosure option is re-introduced, then the sharing of data from that account must automatically re-commence.
• If an approval to disclose joint account data in relation to a particular authorisation has been removed, a joint account holder or secondary user of the joint account can add the joint account to a new or amended consent where the pre-approval or co-approval disclosure options apply to the joint account.

Secondary users

• If a secondary user instruction has been withdrawn, the secondary user cannot re-share the account data through a new or amended consent. In this instance, it would display as an unavailable account in the authorisation flow to the secondary user.
• If an account holder makes a new secondary user instruction for the same secondary user, the sharing of data must automatically re-commence for any of the secondary user's authorisations that remain active.

If an approval for a secondary user to share data as part of a particular authorisation has been removed, the secondary user of the account can add the account to a new or amended consent.