Archived 2022.11.20. Content moved to error scenarios and responses.
Question
When a Data Holder (DH) has a valid consent with several associated accounts, what happens if there is a reason not to disclose data relating to one of those accounts. Is this considered a refusal, as described in CDR Rules, Main section, Part 4, division 4.2, 4.7 Refusal to disclose required consumer data in response to consumer data request?
If data is requested for three accounts, does the DH return data on an Accredited Data Recipient (ADR) request for the other two accounts?
If there are reasons not to disclose on two of the three accounts, does this constitute two refusals to disclose data?
Should the request receive a 200 OK (success) HTTP response code?
Answer
Each scenario above is considered a valid refusal.
A refusal is an active decision not to present data for a valid Consumer Data Right (CDR) request that has been appropriately authorised by the customer.
In the second scenario, where there are two blocked accounts, this constitutes only one refusal. The refusal count corresponds to the number of invocations. A call to get a list of accounts with two blocked accounts counts as one refusal. A second call to the same API counts as a second refusal.
The DH should respond with a 422 Unprocessable Entity error response, specifying the list of accounts that will not be serviced. The ADR (Accredited Data Recipient) may then make a modified bulk API request, excluding the accounts that are not shareable.
See:
- CDS Get Bulk Balances
- CDS Get Bulk Direct Debits
- CDS Get Scheduled Payments Bulk
- CDR (Consumer Data Right) Rules, 4.1 Consumer data requests made by accredited persons
- CDR (Consumer Data Right) Rules, 4.7 Refusal to disclose required consumer data in response to consumer data
Comments
1 comment
I think the references to rejection(s) in the answer above should refer to refusal(s) for the Rule 9.4 form, to avoid confusion with Rejections as required by the Get Metrics API.
Please sign in to leave a comment.