Consumer Data Right (CDR) Policy¶
| Code | CON-007 |
| Domain | Customer & Conduct |
| Owner | Head of Customer Experience |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | AU |
| Business domain | BD01 |
| Review date | 2027-03-25 |
Regulations: Consumer Data Right (CDR) — Open Banking¶
Purpose¶
Govern the platform's obligations as an accredited data holder under Australia's Consumer Data Right (CDR) framework, ensuring that customer consent for open banking data sharing is captured, maintained, and honoured in accordance with the CDR Rules and associated data standards.
Scope¶
All CDR data sharing activities conducted by the platform in Australia, including data shared with Accredited Data Recipients (ADRs), CDR-authorised consumer consent flows, and the platform's data holder dashboard obligations.
Policy statements¶
The platform SHALL obtain explicit, informed, and specific consent from each customer before sharing any CDR data with an Accredited Data Recipient. Consent must describe the data recipient, the data sets to be shared, the permitted use, and the duration of the sharing arrangement.
The consent capture flow SHALL use the CDR authorisation code flow as required by the CDR Rules and Consumer Data Standards. The platform SHALL not capture CDR consent through a channel that bypasses the authorisation server flow.
Each consent arrangement SHALL be stored with: the arrangement identifier, the ADR's CDR Register accreditation details, the granted data cluster(s), the sharing period, and the full consent payload. Consents SHALL be individually revocable.
The platform SHALL enforce data minimisation: data sharing is restricted to the specific data clusters granted in the consent arrangement. Sharing outside granted scope is prohibited and SHALL be enforced at the gateway.
CDR consents expire at the end of their sharing period. The platform SHALL automatically invalidate expired consents and SHALL not honour data requests under an expired arrangement.
Customers SHALL be able to view all active CDR sharing arrangements, see what data is being shared with each ADR, and revoke any arrangement at any time through the in-app consent management screen. Revocation SHALL take effect within 60 seconds.
Upon revocation or expiry of a CDR consent, the platform SHALL notify the ADR and cease data sharing immediately. The ADR's deletion obligations are a CDR Register responsibility; the platform's obligation is to stop providing access.
All consent grants, amendments, revocations, and expirations SHALL be recorded in an immutable consent audit log, retained for a minimum of seven years, and made available to ACCC and AUSTRAC on request.
The platform SHALL maintain the CDR consumer dashboard at the required URL path (/cdr/consent-dashboard) to allow customers to manage their CDR sharing arrangements independently of the main app settings flow.
The platform SHALL register and maintain its data holder accreditation status with the CDR Register. Any changes to the platform's data holder capabilities or accreditation scope SHALL be notified to the ACCC within the required timeframe.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-049 | Open banking consent management | GATE |
OB consent grant endpoint rejects any payload that does not carry the jurisdiction profile's required fields (CDR arrangement_id, OBIE permission codes, etc.) per per-profile Ajv JSON Schema validation — non-compliant CDR consent attempts are rejected before any row is inserted. |
Part of Customer & Conduct · Governance overview
Compiled 2026-05-22 from source/entities/policies/CON-007.yaml