In the latest version of Consumer Data Standards and CX guidelines there is nothing specifically related to re-authorisation process.
There is Data Standards Body/Data61 prototype (both re-authorise via data recipient and data holder) below that was created a while ago: http://559gwh.axshare.com/#g=1&p=reauthorise_via_holder
For the Data Standards Body:
- In the case of a re-authorisation initiated on the data holder side, we assume the data recipient needs to be informed about it. Do we currently have a CDR endpoint similar to the withdrawal process as part of the data holder Dashboard?
- Is this prototype considered as a consent update?
The Standards and Guidelines do not currently support re-authorisation. This has been noted in the CX Standards and Guidelines since v1.0.0 last year as per the following:
The CX Standards and Guidelines do not cover re-authorisation. This position reflects current CDR Rules. Further CX work on re-authorisation is encouraged to identify ways in which re-authorisation flows can be simplified without compromising the quality of consumer consent
That is, re-authorisation is not currently permitted or supported in the rules, standards, or guidelines.
The prototype referenced was part of early stage CX research on re-authorisation conducted last year. This explored initiation points for re-authorisation, including from the Data Holder side. The path of re-authorising solely on the Data Holder side is not being pursued for various reasons, but work is underway to consider how to support re-authorisation in general. These now outdated CX artefacts have been kept public for transparency and documentation purposes but are not to be interpreted as reflective of current rules or standards.
The CX Workstream is currently testing how existing consents can be amended (see Phase 3 reports on rounds 4 and 5), including how to extend the duration of an existing consent (i.e. re-authorisation). The ACCC is concurrently considering rules to support various amending consent scenarios.