Question

Can you provide guidance on pros and cons of the account editing ability referred to in the CX Guidelines Data Holder (DH) | Manage Authorisation section?

"It is at the discretion of data holders to provide functionality to add/remove additional accounts from the data sharing arrangement."

I feel this feature would be of benefit to customers in creating and managing arrangements as they wish, but understand there may be concerns from data recipients on how this occurs.

Accounts in an arrangement may change due to other reasons anyway, so I'd like some clarity around the key concerns and potential impacts of the direct editing ability.

Answer

DHs are not prohibited from introducing account and authorisation editing. However, the DSB has not explicitly recommended DH-side account amendment due to the potential service impacts raised by Accredited Data Recipients (ADRs). The DSB will reconsider this view if live implementations demonstrate that direct editing meets a consumer need.

Below are some of the activities that have informed the DSB's view:

• ADRs have noted that account or authorisation amendment may result in negative service impacts. The DSB touched on this in our amending consent workshop summary in relation to authorisation amendment.
• The DSB workshopped this and related ideas in a consent management workshop, summarised here. This workshop suggested that DH-side functionality was limited in utility and introduced the risk of ADR service impacts for the consumer.
• Research conducted in 2019 (see 'Stream 2' report) suggested that the lack of purpose information on DH dashboards would limit the ability for a consumer to be informed when withdrawing or amending an authorisation.

Data Holders (DHs) seeking to provide account editing are encouraged to raise an issue on the GitHub Standards Maintenance repository. The DSB will assess the issue and consider it for inclusion in the CX Guidelines.