Consumer Data Standards CX Workshop: a summary

Dear Consumer Data Right participants and other interested parties,

On the 5^th June, participants from 26 organisations representing Data Holders, Data Recipients, and Consumer Advocacy Groups joined the CX Workstream and a variety of government agencies for a workshop in Sydney.

The overall purpose of the workshop was to facilitate the generation of a cross-sector perspective, to identify key areas of improvement for Data 61’s proposed Consent Flow; and for diverse industry perspectives to collaboratively inform alternatives to those key areas.

The outputs from the full-day workshop are being used to help frame and inform the decision to be made by the Chair of the Data Standards Body and ACCC as appropriate.

Workshop scope

The scope of the workshop was kept simple, focusing on the following as defined in the Rules: Consent, Authentication, Authorisation; and with the following assumptions:

• No consumer de/selection of data clusters;
• If a joint account:
  • The user has authorisation at the account level;
  • There is no multi-party approval.
• No closed accounts;
• Other flows and more complex scenarios that depart from the straightforward Consent Flow will be out of scope.

Sharing interpretations of the Consent Flow

Several organisations, including Data Holders and Data Recipients, opened the day by presenting their respective views and interpretations of the Consent Flow to the workshop group.  In particular, we heard from*:

• ARCA
• CBA
• NAB
• Westpac
• American Express
• ME Bank
• Google
• Intuit

Two key themes emerging across the presentations were:

• There is a degree of consistency across interpretations of the consent flow, in particular around the steps for consenting to and authorising the sharing of information;
• There is an overall desire to simplify the process, with different approaches described by data holders and recipients for how that might be achieved.  There was discussion around the need to balance friction in the Consent Flow and comprehension of the task with the desire to streamline the experience for consumers.

*Note: some organisations have agreed to share their workshop presentations publicly. They are available from the links above.

These presentations were followed by the Data61 CX team sharing the direction of our proposed Consent Flow.  This direction has been informed by: Phase 1 CX research; the first round of research sessions from Phase 2; and ongoing stakeholder discussions and feedback around different components of the Consent Flow.  The proposed Consent Flow presented by Data 61 at the workshop is available here.

Prioritisation of key issues and opportunities

Workshop participants had the opportunity to reflect on all the different Consent Flow perspectives that had been shared.  Building on this, they identified areas which they felt presented the greatest issues and opportunities.

Through a group prioritisation activity we were able to identify three key areas requiring further attention.  These areas were framed with How Might We questions.

1. Value proposition of CDR :
   • How might we communicate the value proposition of the CDR?
   • How might we communicate accreditation?
2. Potential enhancements to the Proposed Consent Flow:
   • How might we communicate the purpose of de-identified data?
   • How might we communicate the data request?
   • How might we communicate data clusters effectively?
   • How might we give consumers choice without cognitive overload?
3. Authentication:
   • How might we simply and securely authenticate the customer?

Describing potential solutions 

The afternoon focused on group-based ideation activities to unpack and explore each of these key areas. Each group collaborated on solutions and alternatives that sought to answer the How Might We questions.

Workshop participants identified four concepts that they felt would improve the consumer experience of the Consent Flow and offered the greatest potential for further exploration beyond the workshop. These were:

1. A proposed method for verifying the Data Recipient’s accreditation (for example, the use of static/dynamic codes that could be used to verify an accredited status);
2. A proposed concept for communicating the data request by removing data clusters from Data Recipient screens to avoid duplication of these in the Data Holder flow;
3. A proposed structure and layout of the data request aimed at communicating the data request; and
4. A set of principles to provide guidance around approaches to managing authentication.

Next steps

The CX Workstream is currently reviewing all of the workshop inputs (the presentations shared by Data Recipients and Data Holders) and workshop outputs (the concepts generated by the workshop group as well as the detailed feedback provided on the CX Workstream’s proposed Consent Flow). The workshops contributions will be considered alongside Phase 2 research findings and recommendations, and other community feedback, to inform revisions of the Consent Flow. All possibilities will consider feasibility, compliance to CDR rules, consumer experience, and the level of safety, security and privacy. The outputs from the day will be used to help frame and inform the decision to be made by the Chair of the Data Standards Body and ACCC as appropriate.

Keep in touch

• Sign up to our mailing lists
• See our past updates
• Find other information on the Consumer Data Standards website
• View the online presence of other technical workstreams on Github
• If you would like to participate in any of our discussions across the four streams or provide any feedback, you can do so via email to cdr-data61@csiro.au.

Best regards,
The CX Workstream