Welcome to the Consumer Data Right Support Portal

Check out our guides, browse through our FAQs, and post your own questions for Support.

New to the Consumer Data Right? Learn more

Revocation of consent on Joint Accounts Follow

Avatar
ACCC Regulatory Guidance
  • Created:
  • Last edited:
  • Updated

Questions

In the following scenario: both Joint Account Holder (JAH)s provided their nominations on Joint Account A. JAH1 creates a data sharing consent on the joint account. JAH2 then revokes their nominations.

What should be returned for a Get Accounts call?

Should the data of the joint account be deleted/de-identified when a nomination is revoked (but the consent is still active)?

Answer

[ACCC Answer] Where an election has been revoked by JAH B, data must no longer be shared on that joint account (clause 4A.10). The data holder should not call the ADR’s revocation end point. Data on any other account should continue to be shared. As the ADR is not made aware of the account no longer being shared, the redundancy requirements under privacy safeguard 12 are not triggered.

[DSB Answer] The HTTP status code will depend on the method the account is being requested. If the accountId is provided in the path of the URL then a 404 (Not Found) applies. If the accountId is requested via the request body (e.g. Get Balances For Specific Accounts) then a 422 (Unprocessable Entity) applies.

See Standards Maintenance Issue 351

Comments

0 comments

Please sign in to leave a comment.