Executive summary
This report contains findings and recommendations based on three rounds of qualitative and quantitative Consumer Experience (CX) research, conducted from September to November 2022. In total, 290 consumers participated in research activities ranging from 1:1 moderated interview sessions to unmoderated surveys and prototype tasks.
The purpose of this research was to examine the viability of simplifying rules and standards for Consumer Data Right (CDR) consents and dashboards, as identified by the Consent Review Working Group.
Prototypes of a collection and use consent flow were used to facilitate discussion with consumer participants, and generate quantitative metrics relating to engagement, comprehension and sentiment.
Key research questions included:
- How might we simplify the consent flow while maintaining intuitive, informed, and trustworthy data sharing experiences?
- Balancing the display of information with the need to maintain an informed and trustworthy experience; and
- Balancing interaction loads while offering control and intuitive experiences.
- How might changes to the consent flow impact consumer empowerment and choice, comprehension and informed consent as well as trustworthiness of the CDR?
This includes:
Specific hypotheses, insights, and their results included:
The CX research suggests that the proposed changes to the consent flow would not meaningfully impact consumers’ comprehension, empowerment and trust.
Eight out of twelve research questions were strongly supported by the research evidence. While the evidence from this research for the remaining four questions was indeterminate, this report provides recommendations based on current and past CX research.
The evidence suggests yes.
The evidence suggests yes.
The evidence is indeterminate, but this could still be done safely and intuitively.
The evidence is indeterminate, but this could still be done safely and intuitively.
The evidence suggests yes.
The evidence suggests yes.
The evidence suggests yes.
The evidence suggests yes.
The evidence suggests yes.
The evidence is indeterminate, but this could be explored further.
The evidence is indeterminate, but this could be explored further.
The evidence suggests yes.
This research was also informed by earlier consultation and research conducted across 2020–2022 including the following:
- Noting Paper 273 consultation
- Phase 3 CX research reports
- Disclosure Consent research report
- Consumer Policy Research Centre (CPRC) report: My Data, My Choices
Full details on the public consultation and outcomes can be found on Design Paper 321: Consumer Data Right Consent Review.
Research approach
Following the recommendation in the CDR Rules Design Review to examine the viability of simplifying the rules for CDR consents and dashboards, Treasury has established the Consent Review Working Group with Data Standards Body’s (DSB) Consumer Experience team. The Working Group’s aim is to review the CDR consent rules and standards, as well as potential future directions for CDR consents.
Who did we research with?
What did we do?
What did we test?
Consent Score
The Consent Score is an artefact developed to provide a visually simplified representation of a consent flow’s performance. This graph aggregates the various metrics used in research, based on a formula that considers several variables and areas.
Consent Scores for Existing state (round 1) compared to Iterated simplified state (round 3)
For the above Consent Scores graph, the breakdown across round 1 and 3 is as follows:
Existing collect and use consent (round 1) | Simplified collect and use consent (round 3) | Difference | |
Empowering and Voluntary | 63.32% | 52.81% | -10.51% |
Informed and Comprehensible | 74.10% | 66.31% | -7.79% |
Trustworthy | 49.21% | 45.49% | -3.72% |
Total Score | 62.21 / 100 | 54.87 / 100 | -7.34 |
At a glance there appears to be an overall decrease in Consent Scores across rounds 1 and 3. However for the majority of round 1 and 3 scores, the differences were not statistically significant. This means there is not enough evidence to conclude that there is a real difference between round 1 and round 3 results. As such, we cannot establish a cause-and-effect relationship. The differences in scores are likely to have happened by chance (e.g. participant selection), rather than design changes.
Two degrees experienced a statistically significant decrease:
- Engagement/interaction degree for Empowering and Voluntary
- Subjective degree for Informed and Comprehensible
The large and statistically significant decrease can be explained by the removal of the ‘actively select’ requirement for datasets in the simplified consent flow, which automatically resulted in a lower score.
However, the presence of active selection functionality in the current state consent flow could be considered a false choice where a consumer cannot continue without selecting required datasets. As such, the simplified consent flow’s lower scores for ‘Empowering and Voluntary’ could be considered to reflect a more accurate and realistic baseline score for this aspect of consent in general.
The small but statistically significant decrease can be explained by:
Note: Consent Scores across round 1 and 3 were compared using Student’s t-test to assess the statistical significance of the different scores.
Changes to the Consent Flow
Changes in data sharing landscape
Empowering and voluntary
Informed Consent and Comprehension
Trustworthiness
Findings
What did we learn?
The participants in our research demonstrated various expectations and needs relating to:
- The display of information
- Control and choice
Separation of consents (bundling)
Can collection and use consents be granted in a single action without reducing empowerment or comprehension?
To consumers, the data requested and the service being delivered are inextricably linked. Bundling of collection and use consents accurately reflects consumers’ mental model of providing access to data for a service. A use consent outlining a clear description of the service also provides consumers with reassurance and clarity to justify the data requested in the collection consent.
If use and collection were required to be granted in separate actions, this would break consumer mental models, resulting in a consent flow that may feel unnecessarily onerous. The separation of these consents may also negatively impact the comprehension that the data collection is needed for the service to operate effectively.
Similarly, 2021 research into disclosure consents suggested that bundling a collection, use, and disclosure consent aligned with consumer mental models where the disclosure consent was essential to the provision of the service. The research focussed on a rental application proposition, where the sole purpose of collecting data was to disclose insights to a real estate agency.
Abiding by the Data Minimisation Principle (DMP) will help make the link between the data requested and use case clear. A clear purpose statement also helps highlight the relevance and importance of the data requested.
Research shows that the Personal Finance Management service was easily understood by participants. Opportunities exist to conduct further research using other use cases or sectors.
Opportunities
Existing requirements could be reviewed to allow collection and use consents to be requested and granted in a single action.
Can multiple uses be requested in a single flow without impacting comprehension or trustworthiness?
Consumers are open to opting in to additional services at the time of consent if they feel related, relevant and valuable. They expect any additional data requirements to be explicitly stated to allow them to make informed decisions.
Consumers expect additional uses to be presented as opt-in. Opt-in uses may also give consumers faith that the service is not asking for more control or more information than is necessary.
Opportunities
The research supports requests being made for related but non-essential “add-on” uses in a single consent flow, provided they require active selection by the consumer.
Pre-selected and actively selected options
Can required datasets be pre-selected or clearly indicated without impacting empowerment and comprehension?
Few participants mentioned a desire for control over what data would be shared unprompted. However, when probed during round 2-3 moderated interviews, many did express an interest in this control.
Most consumers were able to infer when data clusters are reasonably needed for the service. They understood that sharing less data would impact the service offering. The absence of control over datasets may have helped consumers draw this connection.
Active selection of datasets may be seen by some consumers as a marker of empowerment and control. This is despite an understanding that the service may be impacted by sharing less data, or that it may only be an illusion of control, where all data sets must be selected before they can proceed.
For others, active selection of data that is essential to the provision of the service is seen as a false choice, and an unnecessary step.
Heuristically, actively selecting required datasets imposes an increased interaction burden on consumers. This increased load may be seen as worthwhile if it leads to better engagement with the information. However, the research indicates that removing the actively select requirement does not meaningfully reduce engagement with data clusters.
Further, technical limitations mean that certain data clusters are a pre-requisite for others (e.g. the Transaction Details cannot be accessed without the Account Balances and Details cluster). This places a burden on consumers to understand technical dependencies and service requirements.
Similar issues have been addressed in other jurisdictions, such as the GDPR. Cookie consents implementations, for example, include the pre-selection and disablement of required permissions, often with a label of ‘Necessary’ or ‘Essential’. This relays the fact that the pre-selected permission is not optional for the service to operate, and as such cannot be de-selected.
Opportunities
To support simplification and informed consent, data clusters that are essential to the provision of a service (that is, the service cannot be delivered without them) could be clearly indicated without the presence of an interactive component, such as a checkbox or toggle.
CDR participants could be allowed (but not required) to do this if the good or service cannot be delivered without the requested data. This would require a reconsideration of existing requirements that prohibit pre-selection and require active selection.
However, where datasets are genuinely optional because they are not essential for the service to function, maintaining existing requirements that prohibit pre-selection would better match consumer expectations and alignment with the DMP.
Allowing optional permissions to be requested alongside ‘essential’ permissions could also be considered (see findings related to multiple use consents being requested in a single flow).
The DMP will factor into understandings of what is ‘essential’ or ‘required’. Consideration could be given to the scope and definition of a “good or service”, and how this might be governed by the DMP.
Further research on consumer control would be beneficial, particularly as the CDR expands to support other sectors, use cases, and the initiation of payments and actions.
Where the consent duration is essential to the provision of the service, can this be pre-selected or clearly indicated without impacting empowerment and comprehension?
Consumer participants thought critically about the link between the service on offer and the consent duration being requested. In the case of the Personal Finance Management service tested in the research, what was considered to be the most appropriate period was heavily influenced by personal circumstances.
Some consumer participants expected that the data recipient would determine the most appropriate duration option for the service.
Others, despite feeling comfortable with the suggested duration, wanted to be able to choose from different duration options.
Opportunities
While some goods and services can offer a range of consent duration options without resulting in a service impact, other use cases may require certain durations to function properly.
Where a specific duration is necessary for a service, data recipients could be allowed to pre-select the duration or specify the duration in text form. This would diverge from the current requirement to choose the period of the consent or actively select whether the consent would apply on a once-off or ongoing basis.
If optionality and flexibility exists, allowing consumers to choose a duration beyond the minimum duration would best support consumer empowerment. Consideration could be given to permitting data recipients to present the minimum required duration as “recommended”. However, allowing any duration to be presented as “recommended” other than the minimum required could mislead consumers.
Further research on minimum access periods for other goods and services would build on insights from the consent review research, which focused on a Personal Finance Management service.
Allowing for control over historic data access durations could be considered in the future, to empower consumers to adjust this depending on their individual circumstances.
Withdrawal of consent information
Can withdrawal information shown during consent be simplified without impacting comprehension and empowerment?
Communicating that consent can be withdrawn at any time is important for building trustworthiness and confidence. Consumer participants appreciated this being mentioned at various stages of the consent flow and throughout the consent model, with some stating that this gave them confidence to proceed.
Full withdrawal details in the CDR policy were appreciated. Likewise, withdrawal instructions in the CDR receipt reassured those who felt they may want to withdraw their consent before the end of the consent period.
Consumer participants expected the process for withdrawing consent to be intuitive, easily accessible, and self-service.
Opportunities
The existing withdrawal process largely meets consumer expectations, but certain requirements could be reconsidered.
The requirement to show withdrawal instructions in the consent flow could be removed and provided in the CDR receipt instead.
The requirement to state the consequences of withdrawal up front could instead be reserved for if a consumer decides to exit the consent process, at which point the CDR participant could contextually state the consequences of not proceeding.
Exisiting requirements to include full withdrawal details in the CDR policy and CDR receipt meet consumer expectations. Currently, CDR participants are required to include information provided when obtaining consent as part of their CDR receipt. If requirements for withdrawal instructions and consequences are removed from the consent flow, the CDR receipt requirements could be strengthened to explicitly include these elements.
The data holder dashboard requirement for withdrawal to be no more complicated than the process of giving the authorisation could be expanded to apply equally to consent withdrawals.
Supporting parties
Does the consistent display of supporting parties better align with consumer expectations?
CX research has consistently shown the importance of outlining all parties involved in the process who may access the data.
Consumer participants expected transparency around any OSP/intermediary involvement to allow them to make informed decisions about their consent.
Opportunities
Existing requirements could be reviewed to consider a consistent presentation of information relating to sponsors, principals and OSPs alike.
As per the CX Guidelines (Checklist references 1CO.03a.04, 1CO.03b.02, 1CO.03c.12), this could include the name(s), related accreditation number(s), and links to the related CDR policy of any supporting parties.
In other jurisdictions, such as GDPR, data recipients alert consumers periodically if/when supporting parties change. Such updates could be considered for CDR to ensure consumers are informed on an ongoing basis.
Data language standards
Can the data language ‘permissions’ be referred to in a more conversational way?
Consumers scan and process information differently.
- For some, data language lists made it easier for them to scan and understand permission details.
- For others, data cluster headings with short conversational paragraphs describing and explaining permissions were favourable.
Banking data language was easily understood by consumers in both formats. CX research on energy and telco language in 2020 and 2022 showed that some technical terms and jargon were unavoidable.
Opportunities
Flexibility in how data language is presented to consumers would help support different consumer preferences and comprehension of complex terms, which may differ by sector or target market.
The existing CX standards could be amended to explicitly allow flexibility in the format and presentation of the data language standards.
Further research could be conducted to refine CX guidelines on structure and content preferences for different sectors.
90-day notifications
Should the requirements for 90-day notifications be amended to provide clarity on their content, and to allow flexibility for consolidating them?
The value of 90-day notifications is clear. However, the rigidity of the current requirements for their delivery schedule may result in notification fatigue, particularly as CDR adoption grows.
The lack of detail around notification content means consumer control may be absent. Notifications without an actionable next step can result in frustration and disengagement.
Opportunities
The requirements could be reviewed to allow for flexibility to consolidate notifications. This might include guidance around consolidated notifications timing, to ensure consumer protections are maintained.
Consumer control and empowerment could be improved if CDR requirements specified that 90-day notifications require an actionable step to review active consents.
The requirements may consider allowing CDR participants the flexibility to deliver notifications via different channels, depending on the urgency or sensitivity of the notification.
CDR receipts
Would specific guidance on what to include in a CDR receipt help to better meet consumer expectations?
CX research suggested that CDR receipts play an important role for informed consent and consent management.
The level of information provided in the research was broadly seen as sufficient and aligned with expectations, though some participants desired more detail.
Opportunities
Existing requirements could be revised to explicitly state what information to include in the CDR receipt. The specifications for a CDR receipt could be drawn from the artefact that tested successfully in CX research.
CDR receipts can continue to act as a record of the data sharing arrangement, with links to additional information (such as the CDR policy) as appropriate. This is especially important if critical information provided in the consent flow is reduced or only accessible upon-click.
Information relating to withdrawing consent was regarded as valuable. The research findings suggested that consumer expectations and control could be supported by providing the full details of a consumer’s right to withdraw, including instructions for how they can do so, in the CDR receipt.
Would further guidance on when to provide a CDR receipt better meet consumer expectations?
CDR receipts provide a point-in-time record of the consent given. This record is valued by consumers and expected by many. The CDR receipt provides another trust-marker for participants to feel reassured about their data sharing arrangement.
Opportunities
Further research could be conducted to understand meaningful triggers for CDR receipts and whether existing receipt delivery requirements could be expanded, but based on heuristic analysis the following could be considered:
- expiry (not just withdrawal);
- updates regarding redundant data handling, such as when data is expected to be deleted following consent expiry;
- the fact that data has been deleted once this has occurred.
Further research could be conducted to understand consumer appetite for CDR receipts when providing multiple consents in quick succession.
Dashboards for once-off consents
Are dashboards necessary for once-off consents?
Initial evidence suggests that in circumstances where a consumer has only a single once-off consent, a dashboard may not be necessary and a CDR receipt may suffice.
To assure consumers that their data is no longer accessed, greater importance and value is seen in notifying them in writing that their consent has expired, as per Rule 4.18(3).
Opportunities
Initial evidence suggests that there may be merit in reviewing the need for once-off consent dashboards, but preliminary analysis suggests that the use cases supported by this change would be limited in scope.
If once-off dashboards are reconsidered, it would be prudent to emphasise other means of managing and withdrawing consent, such as the CDR receipt or, in the case of withdrawal or record access, using a simple alternative method of communication.
Further research on consumer dashboards for once-off sharing and analysis of downstream impacts is recommended.
De-identification and deletion by default
Would a deletion by default approach improve consumer control, empowerment and trust?
Research evidence to-date highlights that while consumers are open to their data being de-identified and used to help improve services, their understanding of the risks and consequences of de-identification is low.
A deletion by default approach, which requires consumers to expressly opt in to de-identification and retention of their data, would better align with consumer expectations. A deletion by default approach would also better protect consumers who may not understand the risks, by not automatically enrolling them in a system they don’t fully understand.
While some consumers are happy to have their data de-identified, particularly to help improve products and services, others would prefer to have their data deleted. The ability to make a selection that aligns with their preferences would better empower consumers and provide them with control.
Current requirements stipulate that ADRs who de-identify and retain redundant data must provide consumers with the option to elect to have their data deleted instead. However, research indicated that consumers have an expectation that their data would be deleted by default, and that any de-identification and retention of their data should require them to explicitly opt in. A deletion by default approach, with a request for a de-identification consent could improve consumers’ trust in CDR participants’ handling of their data.
The requirements for requesting a de-identification consent are similar, but differ slightly, from those for de-identification of redundant data. The potential interactions between consumer elections to have their redundant data deleted, and separately granting de-identification consents are complex and likely to lead to confusion. Consolidating these two separate requirements and processes could simplify consent processes, the rules, and compliance.
Findings from this research strongly align with de-identification and deletion findings from Phase 3 research.
Opportunities
Existing requirements should be reviewed. A policy position of deletion by default should be strongly considered to improve consumer empowerment and control, facilitate informed consent, and better align with consumer expectations.
Consumers should still be able to expressly opt-in to their data being de-identified. This election could apply regardless of the data being redundant.
Allowing consumers to make granular selections when opting in to de-identification could improve consumer trust and empowerment. This granular control could allow consumers to opt in to uses they feel comfortable with, and not consent to those they don’t.
An introduction of granular control should be balanced against increased cognitive and interaction load to reduce the risk of consent fatigue.
Next steps
The insights and considerations from this research have informed the development of a design paper for the consent review. This design paper will be consulted on publicly, followed by consultation on any proposed rules and standards.
Further CX research may be considered for future work on the consent model, including to support any further simplifications, review, and the expansion of CDR to support other sectors and functionality, such as action-initiation.
Quick links to CX Guidelines: