Archived 2024-08-29. See the latest Consumer Data Standards. See also CDS Guide, Authorisation and Consent.
NOTE: The following article refers to Version 1.3.0 of the Consumer Data Standard. Refer to the latest Version of the Standards when referring to answers given.
Question
- From our understanding, the consent is individual and independent between the organisations, as per the rules and standard. That is to say, you can give consent for accessing your own accounts (personal) or the accounts belonging to one, and only one, company. For each of the profiles (personal, company A, company B,...), the list of accounts that the customer would be able to choose, is different.
- In this case (when the client is identified as having multiple profiles e.g. individual/personal, company A, company B), do we need an additional screen to be displayed as part of the consent flow after authenticating and validating the eligibility of the client where he/she could select which profile he/she wants to give consent and then select the corresponding accounts which the data is to be shared with the data recipient?
- If a new screen is required, should the selection on this additional screen be exclusive (i.e radio buttons) meaning that a consent is required per profile and not per client?
- Confirming that this scenario is part of the first release in exposing customer data?
Answers
- That understanding is correct. Consent is established between a given Data Recipientsoftware product, a given Data Holder and Consumer. Consent cannot span more than one organisation. In v1.3.0 of the standards, concurrent consent will be introduced. This will allow a single Data Recipient software product to establish one or more active consents for a Consumer to a given Data Holder. This is being introduced to allow Data Recipients to meet their obligations for data minimisation especially where one data recipient software product has many use cases that require different types of data.
- Yes. This flexibility is allowed and is recommended (if required) in the CX Guidelines, p.77
- This should be aligned to how banks recognise their customers today. If the bank allows for multiple customer profiles, banks can provide customers with a way to select the profile they want to share within.
- The flexibility is already allowed, but when it applies would be based on rules phasing (e.g. types of accounts in scope)
See
</>
Comments
0 comments
Please sign in to leave a comment.