CX Guidelines | Updates stemming from 2024 Consent Review changes

[CDR-CX-Stream]

Description

In August 2024, the Treasury conducted a consultation on proposed consent and operational enhancement amendments to the CDR Rules. The DSB simultaneously consulted on Decision Proposal 350 to outline the expected changes to the standards to support the proposed rules.

This issue outlines the anticipated updates to the CX Guidelines that will be required to reflect the expected rules and standards changes.

The community are invited to provide feedback on these draft CX guideline changes ahead of any final rules or standards changes to expedite their release. Additional requests for guidance to support the proposed rules and standards can also be made in this thread.

The final CX guidelines will necessarily adjust to the final rules or standards, and as such these draft artefacts are subject to change and should not be interpreted as finalised guidance.

N.B. the draft CX guidelines only outline where a proposed rule and standards change has an associated user interface or consumer experience component. As noted in DP350, CDR agencies will not provide guidance on the proposed nominated representative changes until any relevant rules are made.

Intention and Value of Change

The DSB publishes CX guidelines to assist participants with implementation of the CDR. The publication of draft CX Guidelines will allow the community to provide feedback on proposed changes and seek further clarifications where necessary.

Consulting on these draft guidelines before the associated rules and standards are finalised will allow their release to be expedited to facilitate implementation. The final artefacts will be published on the CX Guidelines website pending this consultation and the making of any final rules and standards.

These draft guidelines will be discussed with CDR agencies in conjunction with this consultation to ensure alignment before publishing.

N.B. The CX guidelines shared in this issue are in draft state and represent proposed rules and standards that have not been made. These wireframes should not be taken as definitive guidance of compliance with the rules and should not be considered as legal or compliance references for the purposes of implementation.

Areas affected

Changes are expected to impact all variants in the following areas of the CX guidelines:

• Collection and use consent
• Disclosure consents
• Amending consent
• Consent management (data recipient)
• [NEW] Notifications: CDR receipts
• [NEW] Notifications: 90 day notifications

New item or change proposed

Many changes will be mirrored across multiple flows. For example, many of the draft changes to the default data recipient dashboard will be also reflected in the other data recipient dashboard guidance, such as for amended consents, disclosure consents and withdrawals. As such, we intend to consult on the following subset of flows:

• Collection and use consent: Default example
• Collection and use consent: Using outsourced service providers
• TA disclosure consent: Detached flow
• TA disclosure consent: Consolidated flow
• Amending consent: Business consumer disclosure consent
• Consent Management (Data recipient): Collection and use - Default example
• [NEW] Notifications: CDR Receipts
• [NEW] Notifications: 90 day notifications

Feedback

The DSB invites community feedback on these artefacts and any other CX guidelines seen as necessary to support the proposed August 2024 rules and associated data standards. This issue will be progressed in MI21.

---

:warning: Disclaimer :warning: The CX Guidelines provide optional implementation examples for key rules, standards, and best practice recommendations.

They demonstrate key aspects of the consent model, but certain areas may be considered out of scope. This may include, for example, where the rules and/or standards are silent or non-prescriptive to provide CDR participants with flexibility or discretion according to their own systems or protocols.

:heavy_exclamation_mark:The CX Guidelines span policy, rules, standards, and best practice, so requests will be considered on a case by case basis and timings may not fall within a Maintenance Iteration cycle.

Importantly, the CX Guidelines are optional to follow, but the CDR rules require CDR participants to have regard to them. The CX Standards differ in that they are binding data standards that must be followed.