Executive summary
This report contains findings and recommendations based on two rounds of qualitative CX research conducted in November 2021. Fourteen participant consumers were engaged in 1:1 research sessions that ran for 90 minutes each. Prototypes of the Insight Disclosure Consent flow were used to facilitate discussion and generate insights in relation to disclosure consents more generally. The purpose of this research was to inform standards development for Insights and Trusted Adviser Disclosure Consents.
It was hypothesised that if we present the below information to the consumer in relation to insights, data clusters, and data handling statements, then we can support informed disclosure consents:
- What the insight will tell the non-accredited person (non-AP), with a realistic and easy to understand example
- When the insight will be generated, and the period the insight will refer to (which may be implicit)
- Why the insight will be generated
- How the insight will be generated, e.g. the origin(s) and source(s) of the data used to generate the insight
- What regulations and protections do or do not apply to disclosed data
- Where insights can be reviewed and accessed
- Where to go for help if there’s a problem
This research was informed by earlier consultation and research conducted in 2020 and 2021 including the following:
- Noting Paper 207 consultation
- Draft v2 Rules consultation (see concepts 5.1: TA disclosures and 5.2: Insight disclosures)
- Draft v3 Rules consultation
- CX research (see research brief and summary of preliminary research on draft v2 rules)
- Consumer Policy Research Centre (CPRC) report: Vulnerability, capability, opportunity
Full details on the public consultation and final decision proposal outcome can be found on Decision Proposal 222 - CX Standards | Insights and Trusted Adviser Disclosure Consents.
The Consumer Data Right (CDR) aims to give consumers control over information about themselves and share that information with third parties. The CDR promotes competition, encourages innovation, and consumer empowerment.
The CDR’s consent and transparency requirements facilitate more consumer control, privacy conscious behaviour, and the development of trust as a competitive advantage.
- For consumers, the CDR is a safe, secure, transparent, and government regulated ecosystem that consumers can opt in to.
- For ADRs, the CDR facilitates effective pathways to consumer outcomes by enabling access to machine-readable data for more accurate, tailored, and real-time insights.
The Data Standards Body’s Consumer Experience (CX) Working Group is helping organisations provide intuitive, informed, and trustworthy data sharing experiences with positive consumer outcomes in the short and long term.
The insights and recommendations found in this report are shared for general community knowledge; to inform the development of standards, guidelines, and the CDR more generally; and to support the CDR’s development in a way that is research-driven and centred on consumer consultation.
NB: This report does not necessarily reflect the position or direction of the government or the Data Standards Body. Recommendations found within these reports represent a set of possibilities that are reviewed and considered and may be subject to change. Reports inform rules and data standards development but should not be seen as indicative of the CDR’s direction.
- The data standards cover technical and CX requirements and are published on the data standards website.
- Standards are consulted on through GitHub and change requests can be made on the standards-maintenance page.
- CX Guidelines and other CX-related artefacts can be found on the CX guidelines website.
- CX and community engagement reports can be found in our CX Reports page.
- Keep up to date by signing up to our mailing lists and subscribing to our blog.
- Contact us at cx@consumerdatastandards.gov.au.
Research approach
As part of our work to provide intuitive, informed, and trustworthy data sharing experiences, we tested concepts that explored how consumers might consent to disclosing data to a non-accredited person. Participants were given the scenario of applying for a new rental property, where they were offered the option to consent to sharing data insights from their bank with a real estate agent in an effort to bypass a number of manual processes.
- Inform the development of requirements for describing insights and what they will reveal.
- Inform the development of disclosure notifications in relation to non-accredited persons.
- Provide intuitive, informed, trustworthy insight and trusted adviser disclosure experiences.
Two rounds of 1:1 interviews with a total of 14 participant consumers using interactive prototypes.
- Round 1 (11 Nov - 16 Nov, 2022)
- 6 total participants, all new to CDR
- Round 2 (24 Nov - 30 Nov, 2022)
- 8 total participants, 2 were new to CDR, 6 were familiar with CDR based on past research engagements
If we articulate the below details in relation to insights, data clusters, and data handling statements, then we can support informed insight disclosure consents:
Insight descriptions
- What the insight will tell the non-AP, with a realistic and easy to understand example
- When the insight will be generated, and the period the insight will refer to (which may be implicit)
- Why the insight will be generated
- How the insight will be generated, e.g. the origin(s) and source(s) of the data used to generate the insight
Disclosure notifications
- What regulations and protections do or do not apply to disclosed data
- Where insights can be reviewed and accessed
- Where to go for help if there’s a problem
- Understand consumer comprehension of insights based on the specified attributes
- Understand how to meaningfully describe what an insight is and what it may reveal
- Understand consumer needs and expectations to support informed insight and trusted adviser disclosures
- Assess consumer understanding of which regulations and protections do or do not apply to disclosed data
- Assess levels of interaction with content based on the proposed design pattern
Who did we research with?
Our approach to recruitment
A broad and diverse range of participants were recruited to help reduce bias and research out risk. A ‘no edge cases’ approach is taken to support the design of an inclusive CDR. Instead of focusing on those who are already likely and able to adopt CDR, our research focuses on removing the barriers to CDR being inclusive and accessible, which will make CDR easier and simpler to access for everyone.
The recruitment process strives to reflect the demographic percentages outlined in the Australian Bureau of Statistics 2016 Census Data, and explicitly recruits those who may be experiencing vulnerability or disadvantage.
Participants have varying levels of:
- Digital ability, financial and data literacies and experiences
- Privacy awareness
- Confidence in the English language
- Trust in Government and commercial organisations
Detailed demographics
Age | R1 total participants | R2 total participants | % overall | Notes |
18-24 | 1 | 2 | 21.4% | young person defined as 12-24 years of age (ref: 2010 National Strategy for Young Australians) |
25-34 | 3 | 1 | 28.6% | |
35-44 | 2 | 2 | 28.6% | |
45-54 | 0 | 1 | 7.1% | |
55-64 | 0 | 2 | 14.3% | |
65+ | 0 | 0 | - | older person defined as 65+ years of age (ref: 2018 Australian Bureau of Statistics) |
State or territory | R1 total participants | R2 total participants | % overall |
ACT | 0 | 0 | - |
NSW | 4 | 3 | 50% |
NT | 0 | 0 | - |
QLD | 0 | 0 | - |
SA | 0 | 1 | 7.1% |
TAS | 0 | 0 | - |
VIC | 1 | 4 | 35.8% |
WA | 1 | 0 | 7.1% |
Rural vs metro | R1 total participants | R2 total participants | % overall |
Metropolitan/Inner City | 1 | 6 | 50% |
Suburban/Outer City | 4 | 2 | 42.9% |
Large town | 0 | 0 | - |
Small or remote town | 0 | 0 | - |
Rural location | 1 | 0 | 7.1% |
Gender | R1 total participants | R2 total participants | % overall |
Man | 1 | 3 | 28.6% |
Woman | 5 | 5 | 71.4% |
Non-binary/gender fluid | 0 | 0 | - |
Identity | R1 total participants | R2 total participants |
I am of Aboriginal and/or Torres Strait Islander descent | 0 | 1 |
I have a non-English speaking background | 2 | 1 |
My Parents have a non english speaking background | 2 | 2 |
I migrated to Australia from another country | 4 | 2 |
I have accessibility needs | 0 | 0 |
I am LGBTQI+ | 0 | 2 |
Working | R1 total participants | R2 total participants | % overall | Notes |
Employed by a company | 4 | 6 | 78.6% | |
Self-employed | 0 | 1 | 14.2% | |
Retired | 0 | 0 | - | |
Unemployed | 1 | 0 | 7.1% | |
Temporarily not working but has a job to go to | 1 | 0 | 7.1% | Maternity leave |
Other | 0 | 1 | 7.1% | Permanently unable to work |
Financial hardship in last 12 months | R1 total participants | R2 total participants | % overall |
Yes | 3 | 2 | 35.7% |
No | 3 | 5 | 57.2% |
Unknown | 0 | 1 | 7.1% |
Last rented | R1 total participants | R2 total participants | % overall |
Within the last 6 months | 0 | 3 | 21.4% |
6-12 months ago | 2 | 2 | 28.6% |
12-24 months ago | 4 | 2 | 42.9% |
24+ months | 0 | 1 | 7.1% |
What did we do?
A qualitative approach was used to test a low-fidelity prototype and explore existing and anticipated consumer behaviours, expectations, and needs. Following the first round of research, iterations were made to the prototype based on the findings before a second and final round was conducted.
- Data sharing experience and use case All participants were asked interview questions to understand their current views on data sharing, consent and privacy risks. They were also asked some preliminary questions related to the use case of rental applications.
- Collection, use and insight disclosure flow
- Informed consent and Comprehension & Trust and Propensity to share data
All participants engaged with an online prototype via a moderated 1:1 session and were asked in-depth questions.
All participants were given a survey form at the end of their session.
Participants were given a survey to gauge their levels of comprehension, trustworthiness and propensity to share in the context of the research scenario. These questions and methods were adapted from Greater than X’s Phase 2 research.
- Informed consent and Comprehension
- Who they were sharing data from and with (CDR actors),
- Why they were sharing their data (perceived benefit),
- What types of data they elected to share,
- How long they were sharing data for (sharing period),
- Why they might stop sharing (risks or concerns),
- What happens if they don’t share data (voluntary consent),
- How they might stop sharing their data, and
- What would happen to their redundant data
- Trustworthiness and Propensity to share
- How trustworthy they deem the CDR and its actors to be?
- What increases or decreases their propensity to share CDR data?
- Marking a Likert scale with a score from 1 to 5. ‘1’ being a negative indicator, ‘3’ being a neutral indicator, and ‘5’ being a positive indicator.
- Providing open-ended responses for more qualitative questions.
Participants were given questions to assess their understanding and memory of the consent terms and prototype.
Participants were asked to recall:
Participants were given questions to assess their attitude towards the CDR process in the proposed use case.
Participants were asked:
Participants responded to these questions by:
For full details about criteria and metrics methods, read our
What did we test?
Prototype focus
- The disclosure consent flow, specifically insight descriptions, data clusters, the access period, data management, handling, and disclosure notifications.
Scenario
- A real world organisation was used as the accredited data recipient (ADR) in the research session to facilitate familiarity and help contextualise the proposition to the participant. For this round, the ADR was a rental property application tool and their real-world bank was the data holder (DH).
- The consumer was presented with a scenario where they were applying for a rental property that they were interested in.
- They were then presented with the ADR application, which required identification and supporting documentation, and then proceeded through the disclosure consent flow.
Round 1
Round 2
Findings
What did we learn?
The participants in our research demonstrated various expectations and needs relating to comprehension and transparency.
These findings strongly validated the DP222 hypotheses and generated significant insights in relation to key research questions, summarised below.
Hypothesis 1 - Insight descriptions
What will the insight tell the non-AP?
Finding
Most participants understood or described an insight as a "summary" of their information. They understood that insights reflected "broader data buckets." It was believed that insights may vary based on the ADR service.
Evidence
"So an insight is to me, I guess it would be looking at my data and drawing a conclusion or analysing it to help them make a decision. So in this case it would be them looking at some of my banking details or my ID details and analysing whether or not I would be a good person to lease out this property to."—R2P1
"[Insights are a] summary of personal details […] tailored to whatever service I’m using."—R1P2
"[Insights are a] high level summary of my bank transactions and provide what’s relevant […] you've already specified the incomes relevant and the specified that you rental payment history is relevant."—R1P4
"I definitely think of it as a summary of information or even an abstraction of data. The idea of putting things into broader data buckets is the way I think about it."—R2P8
Finding
Insight examples were well received, with participants positively commenting on the use of plain language and the level of detail that would be revealed.
Generally, participants were comfortable with the idea of sharing insights with the non-accredited person. Some hoped that insights would be “sufficient for [non-accredited person] to process applications without any bias.“
Most participants expressed interest in seeing their actual insights prior to disclosure to the non-accredited person. Some suggested that seeing their actual insights would bolster their confidence around what an insight would reveal.
Evidence
"It's pretty straightforward. It's worded pretty basically it gives little examples. It gives you what information will we share. It's great. I love that."—R2P5
"The insight itself is very simple."—R1P1
"The information is just handed to them in a nice succinct sentence."—R1P4
"So information that's useful is that by having all these examples, so it's actually good because this gives me a comfort that this is certainly what the real estate agent would be seeing rather than anything more."—R1P2
”And then I would expect that I would be able to see what information [insights] is going to be shared [...] So I wouldn’t expect the real estate agent to be able to see anything through the CDR until I had said, yes, I’m happy to share that [insights] with the agent.”—R1P4
Finding
Details surrounding what will not be shared with the non-accredited person increased comfort in the process. Participants were most concerned about the disclosure of their transaction data for this use case.
Participants valued the ability to choose the insights to disclose. They explained that they would not want to generate all insight as they are not willing to share certain data.
Participants questioned if insights could be combined or generated using multiple sources. They raised concerns that their insights alone would not accurately or negatively reflect their circumstance. Concerns arose from:
- Multiple incomes streams (such as family income, multiple casual jobs or cash payments);
- Temporary job loss due to the COVID-19 pandemic;
- Funds movement to optimise savings.
Evidence
"They don't even have to know occupation, account, balance transactions, direct debits and everything like that. That's bloody brilliant. I love that. I just love it."—R2P5
"Choose the insights that you would like us to generate [...] that overcomes the concern I had about what are those insights going to be, what data is going to be provided. The fact that I can consent about that is really good."—R2P6
"I've been working multiple jobs and different streams of income, for example. And it's easy for me to write in an email to a real estate agent, ‘oh I have multiple streams of income. Here's a variety of payslips to prove to you that I do earn $2,000 a week and not $50 a week, which is what you'll see.’ If you look at my bank statement and I would wonder how this would play into that, even though I'm pretty sure that's not the information that is intended to be shared this way, it would make me think about, well, wait a minute, am I allowed to explain the data? Or can I see what data you're sharing before I press any buttons to do with this?"—R2P8
Insights should be described using plain and concise language that seeks to achieve year 7 readability level. Where possible, the actual insight should be displayed.
ADRs should provide an insight example for consumers. When appropriate, the insight example may reflect use case criteria or be genericised, i.e.
- Use case specific- "Based on the last 6 months, average monthly income is over $5,000."
- Generic- "Based on [timeframe], average [criteria] is [value]."
ADRs should explain what information will not be disclosed to the non-accredited person.
ADRs should provide options or other means for the consumer to provide context or supply additional information around their insights. This may be provided as:
- additional text field;
- option to manually upload or email other documents;
- option to build insights using multiple DHs.
When will the insight be generated and what period will it refer to?
Finding
One participant questioned when and how quickly insights would be generated. In the presented scenario (applying for a rental property), they suggested that timing might impact the success of their application.
There was an understanding that insights were based on a point in time, and could vary depending on when it was generated.
Evidence
“It also doesn’t say how quick they do the report. Report's going to take 24 hours? It's going to take one minute? It's going to take two weeks?”—R1P1
“If I applied for one property on the first day access, and then I applied for another property on like the 58 day of access, my financial position could have changed significantly over that period. So the way I would understand the need for that is because I'd need to have another look and to generate new insights that are actually current. My account balance could have significantly increased, or I could have had a big debt that I paid off and my account could significantly decrease so I understand why that needs to happen. I think it's good that if it asks you again, because it prompts you that you're still consenting.”—R1P4
Finding
Most participants understood that insights would use data from a specified time period. Some valued knowing this information and suggested that it be presented upfront.
In the presented scenario (applying for a rental property), the specified time period was the 'last 6 months.' While most were satisfied with the time period, some participants questioned if this time period was necessary. Due to the COVID-19 pandemic, it was suggested that the information from the last 6 months would not facilitate accurate or favourable insights.
Evidence
"I'm guessing that's how they will use to generate historical data for six months, which I think is fair, six months is not too long. And I think it's sufficient to give a more than sufficient insight."—R1P2
"So I actually think that's quite sensible accessing data from the last six months. I think it's been made clear to me why that timeframe has been picked and it so they can verify my income. So if it was, if I was told six months at the start, without that context, I'd be a little bit confused. But now that I sort of understand why I'm okay with that."—R2P8
Finding
There were some questions regarding the format of insights.
In the presented scenario (applying for a rental property), some suggested that insights would be "attached" to their application as "a PDF summary" or "report."
Generally participants valued that their permission would be required to generate and disclose insights to other non-accredited persons.
Evidence
"That’s what I would have expected. I wouldn’t have expected that data could be gathered without providing additional consent."—R2P6
"It makes me feel more comfortable. The fact that asked me for my permission beforehand. […] You know, do you willingly consent to these? Are you comfortable? Like those make me feel a bit more better to give my information out. And I know the fact that it's just asking me for permission […] it seems more legit."—R2P2
The period the insight will refer to and when the insight will or is expected to be generated should be noted.
ADRs should provide upfront information regarding:
- when insights might be generated and disclosed;
- why insights require data from specified time period;
- what is the required time period;
- how actual insights might be reviewed and disclosed.
ADRs should provide assurance that consent is always required before generating and disclosing insights.
Why will the insight be generated?
Finding
All participants understood that insights are disclosed to non-accredited persons for a particular purpose and one-time only. There was a general understanding that insights would be used by the non-accredited person “to help them make a decision.“
In the presented scenario (applying for a rental property), participants generally believed that their identity and financial information would be required. Based on the amount of information revealed in an insight, some expressed more comfort in sharing insights with non-accredited persons.
Evidence
"I'm aware of the process, […] because I want this house, I know I'm going to have to go through this process and I'm going to have to verify my identity, my account balance and everything like that. I don't feel comfortable doing that, but I'm obviously just going to do it because I'm required to."—R2P2
"They want pretty much everything. They asked for a lot of info. [...] We’re not giving you a choice, if you want to apply, this is what you do. [...] Now that I know what the insights are, they're fantastic. Instead of the real estate trolling through everything that they request and the landlord as well. This just goes, 'Yup. That's all good. […] Yes. I can pay rent.' You're not bearing everything to people that don't necessarily need that much there. It's boiling it down to can a person pay rent, do they have a steady income, is their identity true and correct."—R2P5
"So it should just be for the sole purpose of the rental application and for no other purposes. That should be okay."—R1P6
"I also like that it's really clear what data is being shared and what for. That's often not clear on rental applications and in other data sharing areas of my life. Because I think I indicated at the start of this, yeah, everything was spelled out in terms of what I was sharing and why I was sharing it and where the data had come from."—R2P8
Where known, ADRs should explain why the non-accredited person requires the insight.
ADRs should provide transparency around:
- why insights would be generated;
- how non-accredited persons may use the insight
How will the insight be generated?
Finding
Participants raised questions about how insights would be generated, specifically:
- what method would be used;
- what sources would be used; and
- who would generate them
Finding
In Round 1, most participants had concerns and questions about how insights would be generated. Some suggested that the process may involve looking for "key words" within their transaction data. While others thought that "people from CDR" would be involved. To respond to these concerns and questions, in Round 2 we tested the phrase 'computer generated insights.' Knowing that insights were generated using "software" or "artificial intelligence" increased comfort with the process.
Throughout both rounds, participants believed that the process involved data matching or verification.
Evidence
“Is this a computer making a report or the person?”—R1P1
“I would expect that this will be automatically generated, some programming codings or whatever. And it’s only when the data cannot be matched directly, for example, different last name, middle name, or there's some discrepancy in the data where manual intervention would be needed.”—R1P2
“Artificial intelligence will generate insights. Any IT company overseen by government.”—R2P4
Finding
Throughout both rounds, participants generally understood that they needed to provide access to their data before any insights could be generated. However some misunderstood and believed that insight selection and data cluster selection steps were the same or repeated.
Participants referenced a feeling of control when presented with the option to select insights and see the explicit data required. However there were concerns that the generated insights would not accurately reflect the reality of all situations.
Participants questioned why access to all data permissions were needed, specifically in the the 'Account balance and details' and 'Transaction details' data clusters. Most participants expressed discomfort and preferred not to allow access to 'Transaction details' as they believed that this was "too personal."
Evidence
“After going through this process it’s quite seamless, so I’d consider using it, but I’m hesitant because it’s transaction level details.”—R1P3
“Things like number of bank balance, it might a little bit too much as well. And some unnecessary information because at the end of the day, all that matters is how much I have in my bank rather than how many bank accounts I have. And I didn't pay any extra fees. So whatever discounts I'm getting that has no bearing on whether I'm able to pay my rent.”—R1P2
Finding
Throughout both rounds, participants were unsure who would generate insights. Most believed that CDR would be generating the insights. Few understood that the ADR would generate the insight. One suggested more comfort if the DH were to generate the insight.
Some conflated CDR and insight generation with exisiting initiatives like digital identity in MyGov. In this situation, they believed that the ADR or non-accredited person would access and use data held by the government.
Evidence
“[ADR] is in partnership with […] CDR.”—R2P2
“CDR creating all these [insights] and they will have a special software to do that.“—R2P3
“I think it’s kind of like maybe it’s an online database that has your basic identification or information online.“—R1P6
An explanation should be included regarding how the insight will be generated. Where possible, the method used (e.g. AI), who will generate the insight (e.g. actor), and sources used to generate the insight (e.g. datasets, ledger) should be specified.
ADRs should provide upfront and contextual information about how insights are generated. This may include:
- what method would be used;
- what sources would be used;
- who would generate the insights;
- why data clusters and permissions are needed for insight generation.
ADRs should provide assurance that actual or permission-level data will only be accessed by them to generate insights and won't be disclosed to the non-accredited person or any other parties.
Hypothesis 2 - Disclosure notifications
What regulations and protections do or do not apply to disclosed data?
Finding
Overall information about data protections, handling, deletion and management was understood and valued.
Evidence
“It seems good. It seems it's very informative. It seems straightforward. They tell you how they deleted it. Why they retain some data.”—R2P5
"It's a lot of things to look at from different angles and stuff. So I think it's good. You can click on it if you need to read or you can disregard it, not applicable to you. So it's always good to have more information there for people to ask, because if it is online, there is no person to have a discussion with. At least you can read the bit more.“—R2P3
Finding
It was generally understood that ADRs and non-accredited persons are bound to different regulations, and for some, non-accredited persons falling outside of CDR regulations was disliked and raised concerns. There was some comfort however in insights not being seen to contain sensitive information, especially in comparison to the current manual methods. However most preferred for all parties involved to adhere to the same standards.
Evidence
"I guess for the [ADR] section, I feel more comfortable because I feel like throughout the process, I've read more about what [the ADR] is and how my details are being used. Having said that I feel less comfortable about [the non-accredited person] just because it is a private company and I haven't received any assurance, so details from them, as to how they are going to use my details responsibly.“—R2P1
"Not too concerned really, because they [non-accredited person] don't have all the information they would normally have because of the insights."—R2P5
"[The non-accredited person is] not under the CDR policy, although it's just the insights, but no matter how summarised the information, I would still rather them not having my [data], because they're not regulated so they can be still selling my information to someone else."—R1P2
"I'll be happy with CDR, the government body forcing some restrictions on [...] that kind of [non-accredited person] as to what they can and can't do with the data rather than me reading the privacy statement and agreeing or disagree."—R2P4
Finding
Many appreciated the non-accredited person's privacy policy, with some wanting to interact and read in further detail. There was also a request for additional mapping of the differences between ADR and non-accredited person regulations.
Evidence
"They have their own privacy policy, that should be fine."—R1P6
"I mean, you've already got the link here, but if it was available, I would definitely click on that. So I could understand whether I felt comfortable with proceeding, with giving them my details. And I understand that that would be different for each realtor or each company.“—R2P1
"Now I feel I have to do more reading. I would have to go away and read [non-accredited person's] privacy policy. It makes me uncomfortable I now have to think a bit more.”—R2P8
"I’d love to see I guess like a comparison or summary table as to what the [non-accredited person's] privacy policy does include. So I could sort of compare it with what I was expecting already from the CDR stuff."—R2P8
Finding
Requests were made for upfront clarification on how data is being stored and who would have access to that, both on the ADR and non-accredited person side.
Evidence
"I really needed a bit more information around their protections, how it's being stored, who can access it. Just more knowledge and more information."—R2P6
Finding
The ability to delete the data or stop access later provided a sense of "power," and a few noted they'd set reminders to do so prior to the end of the access period.
Most participants were interested and interacted with the option to review further details about data deletion. The need to keep data beyond the access period made many uncomfortable. While acknowledging that their data might need to be kept for legal reasons, questions were raised about why that was significantly longer than the access period.
Evidence
"It makes me feel better seeing the .gov.au links here.”—R2P8
"And they’ve got a certification from the government to be able to data share. OK.”—R2P7
"It’s nice there are links outside the [ADR] website that [ADR] hasn’t just written a bunch of junk.”—R2P8
Finding
Throughout the Consent Flow, participants explained that the inclusion of external links to Government websites provided them with some comfort and credibility. Some participants believed that the ADR might present biased information.
Evidence
"It makes me feel better seeing the .gov.au links here.”—R2P8
"And they’ve got a certification from the government to be able to data share. OK.”—R2P7
"It’s nice there are links outside the [ADR] website that [ADR] hasn’t just written a bunch of junk.”—R2P8
Information on the Consumer Data Right should be included. Also, the fact that data disclosed to non-accredited persons will not be regulated as part of the Consumer Data Right should be provided, with advice that the consumer review how their data will be handled when available. This could include privacy policy links and information about the Privacy Act.
ADRs should surface information about CDR protections. This may include:
- how data is being stored;
- who would have access to it
ADRs could also provide a summary of the differences between the ADR and non-accredited person protections.
ADRs should surface information about the data deletion process:
- when data will be deleted;
- why data may need to be retained (e.g. business or legal reasons);
- how the data will be deleted, this may include timeframes
Where applicable, ADRs should surface external links to '.gov.au' websites to allow consumers to do further reading about the CDR.
Where can insights be reviewed and accessed?
Finding
The option to review insights was well received.
Generally participants expressed a preference in previewing their actual insights before submitting them to the non-accredited person. They suggested that it would provide them with greater comprehension, transparency, comfort, and trust in the overall process.
There was an expectation that individual insights and data clusters could be amended when reviewing. This was so adjustments could be made if the insight did not accurately represent the situation, or if the insights negatively impact the consumer.
Evidence
"I like that I can get a record of what’s actually shared, and be able to refer back to this is data you have access to, cool.”—R2P8
"I'm the one applying, so at least I should be able to know what's on my application. […] I would probably be more inclined to use [CDR] because I guess it's greater transparency.“—R2P1
"It’s really important that I see what insight is being generated or shared. If any negative insight is generated, I should know and be able to discuss with [ADR]."—R2P4
"I would assume that means I could change the insights I've already checked boxes for that's that's the sort of thing I would expect to be able to maybe uncheck my identity box for example, in this portal."—R2P8
Finding
In-flow messages regarding where insights and data could be reviewed were mostly recalled, but some requested a single, centralised location for all CDR related reviews.
Evidence
“I would absolutely lose track of this email address”—R2P8
Instructions for how the consumer can access records pertaining to insights via their consumer dashboard should be provided. The information contained in the disclosure notification should also be contained in the consumer’s CDR Receipt.
Whenever possible, ADRs should provide the consumer with the ability to review the actual insights within the Consent Flow, before they are disclosed to the non-accredited person. ADRs should also provide the consumer with the option to amend insights and/or data clusters.
Where can someone go for help if there’s a problem?
Finding
While there was limited interaction with the 'make a complaint' links that were available within the Round 2 prototype, there was general recollection the complaint portal was available if necessary. Participants commented that having this available increased their comfort level in the process overall, and one requested it be made available at the very start to provide reassurance the process was being overseen.
It was suggested that information about where to make a complaint should also be included in the CDR receipt.
Evidence
"I think it made me trust the process more"—R2P1
“With this, that you can make a complaint to the commissioners [...] It makes me feel comfortable [...] It just gives you that thing. That actually, this is not a fraud account“—R2P3
"It just tells me it exists. It gives me confidence going forward."—R2P8
"I think if it was in the receipt, like the receipt of me consenting or confirming that I was going to giving my details, I guess I would feel comfortable with that because then at least I know I can search it in my own emails and then I have it somewhere.”—R2P1
Finding
Some participants expected the CDR would be able to be contacted with complaints, if they couldn't remember specifically where to turn. Regardless, one stated they were comfortable they'd be able to figure it out.
Evidence
“I would hope that there'd be some way to contact CDR and that there'd be a mechanism there that I could make that complaint.”—R2P6
Information on making a complaint and dispute resolution should be provided, and should include a link to the ADR’s CDR policy related to complaints.
ADRs should provide information around how complaints can be made. This may be presented once or multiple times throughout the Consent Model:
- during Pre-consent, where consumers might have the option to select the CDR process;
- during Consent, contextually alongside data protection and/or data deletion information;
- within the Consent Flow, prior to disclosure to the non-accredited person;
- within the CDR receipt.
Informed Consent and Comprehension
Directly after completing the simulated scenario with the prototype, participants were surveyed to recall their consent terms. Their answers, coupled with open ended responses, were used to assess how informed participants were about the consent they had just given.
Participants were asked to recall:
- Who they were sharing data FROM and TO (DH and ADR),
- Why they were sharing their data (purpose),
- What kind of data they elected to share (datasets),
- How long they were sharing data for (sharing period),
- What happens if they don’t share data (voluntary consent),
- How they might stop sharing their data (stop sharing),
- What will happen when their data’s no longer needed (redundant data)
Participants responded to these questions by:
- Marking their response using the Likert scale with a score from 1 to 5. ‘1’ being a negative indicator, ‘3’ being a neutral indicator, and ‘5’ being a positive indicator.
- Providing open-ended responses for more qualitative questions.
Comprehension of participants in this use case
Based on this assessment, MOST participants were well informed when they provided consent, based on their ability to recall the consent terms. Participant recollection was lowest when it came to who they had shared their data from, as some mistakenly thought the data was being shared from the CDR.
Criteria | Comprehension across 2 rounds |
FROM data holder | SOME |
TO data recipient | ALL |
Purpose | ALL |
Datasets | ALL |
Sharing period | MOST |
Voluntary consent | MOST |
Stop sharing methods | MOST |
Redundant data | ALL |
Comprehension definitions
- ALL - 100% of participants
- MOST - >66% of participants
- SOME - >33% of participants
- ONE - a single participant
- NONE - zero participants
Behavioural Archetypes
User archetypes are useful tools to segment and succinctly describe the different drivers, behaviours and needs observed throughout research. CDR behavioural archetypes are representations of actions and general attitudes toward data sharing.
Participants were given questions to assess their attitude towards the CDR process and proposed use case.
Participants were asked:
- How trustworthy they deem the CDR and its actors to be?
- How much benefit they see in using the CDR for this use case?
- How much risk they feel exists sharing their data through the CDR?
- How willing they would be to use the CDR for this use case?
- How important is the privacy of their data when using a digital app or service?
- How likely they are to adopt new services such as the CDR?
Participants responded to these questions by:
- Marking a Likert scale with a score from 1 to 5. ‘1’ being a negative indicator, ‘3’ being a neutral indicator, and ‘5’ being a positive indicator.
- Providing open-ended responses for more qualitative questions.
Participant responses are used to assign them to one of the 4 CDR behavioural archetypes:
- ⬛️ Sceptic
Low propensity to share
- 🟧 Assurance seeker
Medium Low propensity to share
- 🟨 Sensemaker
Medium High propensity to share
- 🟪 Enthusiast
High propensity to share
Sceptics are less trusting of organisations and/or technology. They generally value control, and are adverse to data sharing based on experience with current practices.
Assurance seekers want to read additional information. They generally value familiarity and external reference/support, and are apprehensive to new experiences.
Sensemakers need to understand how the process works. They generally value details, and can trust the process if given enough valuable information.
Enthusiasts are excited to get the benefits of CDR. They generally value simple experiences once trust is established.
For more detail, see
Participant ratings of the CDR in this use case
While, on average, participants found the CDR rental application value proposition to be moderately risky, it was also considered to be moderately beneficial. In general, participants were willing to provide their consent for this use case, and found the proposition and process to be very trustworthy.
Criteria | Most common rating across 2 rounds |
Trustworthiness | 4 - Very trustworthy |
Benefit | 3 - Moderately beneficial |
Risk | 3 - Moderately risky |
Willingness | 3 - Moderately willing |
Their answers, coupled with observed behaviours during the research session, were used to assign them to one of the 4 CDR behavioural archetypes.
Archetypes
Design rationale
The following illustrates an analysis and mapping that proposes certain design patterns tend to the needs and expectations of the behavioural archetypes. For each item, the main (or primary) archetype targeted by the design pattern has been called out. However the additional archetypes that would benefit from these patterns are also listed.
Design rationale details
Annotation reference | Archetype | Statement |
01 | Assurance seeker
Also: Sceptic, Sensemaker, Enthusiast | Content is linearised and sequenced to facilitate comprehension, even in the absence of styling and formatting.
WCAG 2.1, success criteria 1.3.2 |
02 | Enthusiast | Section headings are used, where appropriate, to structure content and facilitate comprehension. It allow users to scan and move through content more easily.
WCAG 2.1, success criteria 2.4.10 |
03 | Assurance seeker
Also: Sceptic, Sensemaker, Enthusiast | Plain language is used to help all users read and understand text.
WCAG 2.1, success criteria 3.1.5 |
04 | Assurance seeker
Also: Sensemaker | Consistent, or repeated, elements ensures users know where to look for controls and actions.
WCAG 2.1, success criteria 3.2.3 |
05 | Sensemaker
Also: Sceptic, Assurance seeker, Enthusiast | Upfront and contextual information about purpose aids informed consent and builds confidence in the CDR process and its actors. |
06 | Assurance seeker
Also: Sceptic, Sensemaker | Upfront and contextual information about data handling aids informed consent and builds confidence in the CDR process.
Users valued assurances that their data would be handled and stored responsibly and in accordance with regulations. |
07 | Sceptic | Additional information is provided to explain data sharing options. This allows users to more easily compare suitability and preference. |
08 | Enthusiast | Information about time provides the user with an indication of the effort needed. |
09 | Assurance seeker
Also: Sceptic, Sensemaker, Enthusiast | Upfront explanation of unfamiliar terms, such as CDR, provided context and facilitated understanding and comprehension.
WCAG 2.1, success criteria 3.1.3 |
10 | Sceptic | Upfront and contextual information about CDR educates users about this method of data sharing.
For sceptics highlighting actors and data handling builds confidence and trust in the process. |
11 | Assurance seeker | Upfront and contextual information about CDR educates users about this method of data sharing.
For assurance seekers explaining the government’s role and data handling builds confidence and trust in the process. |
12 | Sensemaker | Upfront and contextual information about CDR educates users about this method of data sharing.
For sensemakers providing a concise explainer about CDR data access, control and handling aids understanding of the process and system. |
13 | Enthusiast | Upfront and contextual information about CDR educates users about this method of data sharing.
For enthusiasts explaining the government’s role builds trust in the process. |
14 | Sensemaker
Also: Assurance seeker, Enthusiast | Progressive disclosure, such as through the use of expandable/collapsable content, makes a screen easier to scan. This allows users to reveal more detailed information only if they need it. |
15 | Sceptic
Also: Sensemaker, Enthusiast | Upfront information about the process encouraged users to explore the CDR data sharing option.
Seeing this information before entering the consent flow helped users feel that the process was less of a ‘marketing trick’ and more of a legitimate process. |
16 | Sceptic | Providing a clear option to decline the process at any time means users don’t feel trapped or locked into providing consent. |
17 | Enthusiast
Also: Assurance seeker, Sensemaker | Visual cues, such as text styling and icons, help break up content and assist in making content scannable, digestible and memorable. |
18 | Sceptic
Also: Assurance seeker, Sensemaker | Clarifying what will and will not be shared with the non-accredited person aids informed consent and builds trust with the process.
Users want assurances that:
1. raw data won’t be shared to non-accredited persons (as part of the insight disclosure consent process);
2. only data that is absolutely necessary is accessed and shared (as per Data Minimisation Principle and as part of the insight disclosure consent process). |
19 | Assurance seeker
Also: Sceptic, Sensemaker | A direct statement that the user’s most sensitive information will not be shared outside of the CDR system gives consumers peace of mind and builds trust. |
20 | Assurance seeker
Also: Sensemaker, Enthusiast | Social proof, such as government accreditation or involvement of known/trusted parties, increases trust and legitimacy in the process. It also provided instant reassurance and played an invaluable part in influencing users’ decision to continue with the process. |
21 | Sceptic
Also: Sensemaker | Providing genuine choice around what information could be shared was valuable and empowering. |
22 | Enthusiast | Interactions that slow down the process aid informed consent. |
23 | Sensemaker
Also: Assurance seeker, Enthusiast | Inclusion of example/actual insights facilitated scannable comprehension about what an insight might reveal and include. |
24 | Sensemaker
Also: Sceptic, Assurance seeker | Understanding how and why data is used to generate insights builds confidence in data handling and CDR process. |
25 | Assurance seeker
Also: Sensemaker, Enthusiast | Rather than just stating the raw arrays, access periods are expressed with easy to understand descriptions, such as “6 months,” to avoid overwhelming and intimidating users. |
26 | Sceptic
Also: Assurance seeker | Displaying data management information, specifically about how to stop data sharing, helps users understand that they are in control of their data and builds trust. |
27 | Assurance seeker
Also: Sceptic, Sensemaker | Informing the user that a record and details of their sharing arrangement can be later accessed builds confidence in the process. |
28 | Assurance seeker
Also: Sceptic, Sensemaker | Assurances that data would be handled and stored responsibly builds trust in the CDR process and its actors. |
29 | Assurance seeker
Also: Sensemaker, Sceptic | Providing links to external sources was valued by users. This allowed them to verify/confirm information. |
30 | Assurance seeker | External links to '.gov.au' websites increased comfort and trust in the CDR. |
31 | Assurance seeker
Also: Sceptic | Displaying complaint and dispute resolution information contextually throughout the process builds trust. |
32 | Enthusiast
Also: Assurance seeker | If the user missed or forgot vital information during the consent flow, having a CDR receipt sent to them allows them to return to view the details of their sharing arrangement at a later time. |
For more details, see
Fogg Behaviour Model
In the discipline of Behaviour Design, the Fogg Behaviour Model suggests that a Behaviour (B) occurs when Motivation (M), Ability (A), and a Prompt (P) converge at the same moment. This can be summarised in the formula: B=MAP.
Using a CDR value proposition as the Prompt (P), we wanted to understand how Motivated (M) and Able (A) participants were to adopt the process simulated in the prototype.
The Fogg Behaviour model defines Ability as a function of the scarcest of the following resources at a moment:
- Time
- Money
- Physical effort
- Mental effort
- Non-routine
- Sensation
- Expectation
- Belonging
Ability
- How did you find the process of granting access to your data (Physical effort)?
- How confident are you that you could stop sharing your data (Mental effort)?
- How did you find this new CDR process compared to typical manual processes (Non-routine)?
Motivation
- How did you find this way of applying for a rental compared to how you currently apply for rentals (Sensation)?
- How do you think this new CDR process will compare to current manual processes (Expectation)?
- How willing would you be to apply for rentals using the CDR process if this was the new way of doing things (Belonging)?
Note: Questions around Time and Money were not included for this round.
Participants responded to these questions by:
- Marking a Likert scale with a score from 1 to 5. ‘1’ being a negative indicator, ‘3’ being a neutral indicator, and ‘5’ being a positive indicator.
- Providing open-ended responses for more qualitative questions.
Participants rated the CDR in this use case
Prior to beginning the flow, Participants were relatively neutral about what to expect but were moderately willing to provide their consent based on the value proposition. After completing the prototype, participants found the experience had been pleasing, very easy, and noted that using the CDR was ‘much easier’ than the manual alternative, which gave them confidence overall.
Criteria | Most common rating across 2 rounds |
Physical effort | 4 - Very easy |
Mental effort | 4 - Very confident |
Routine | 5 - New CDR way is much easier |
Sensation | 5 - Pleasing |
Expectation | 3 - Neither hopeful nor fearful |
Belonging | 3 - Moderately willing |
We then calculated their individual Ability (A) using the lowest score provided for the ability criteria (the scarcest resource), and Motivation (M) using an average score based on their responses. We plotted the results below using their archetype colour to represent them.
Action line - Fogg Behaviour Model
The Fogg Behaviour Model suggests that if a participant scores below the line of action for both ability and motivation, then the combination is insufficient to change their behaviour and result in them acting on the prompt. This ‘Action line’ is indicated on the above model with the red line. If the participant score passes the action line threshold, then the conditions are considered conducive to them acting on the prompt.
Considerations
Although the participants listed below passed the Fogg Behaviour Model's Action line, analysis of their behaviour and responses suggested that they may not in fact adopt this use case.
- R2P3 preferred manual processes because they believed they would have more control over the data being shared. They were uncomfortable with the length of time data would potentially need to be held for legal purposes (up to 1 year), and indicated they would only use the CDR if it was their only choice.
- R2P1 indicated they would try the CDR and did acknowledge they were providing similar information with current manual processes. However the manual option gave them a greater sense of control, they had reservations connecting their bank details, they had concerns with the accuracy of insights as well as lack of regulation around the non-accredited party, and indicated they found the overall process very risky. This suggests that, despite passing the action line threshold, they may not be sufficiently motivated to try the CDR for this use case when prompted.
- R2P6 indicated they were moderately willing to use the CDR in this context, however they needed more guarantees surrounding the non-accredited party, and had concerns with Government IT projects in general. They don't believe using the CDR would save on time compared to manual methods, suggesting that they may be less motivated than their Fogg Behaviour Model score implies.
- Even though R1P5 indicated the CDR was easy to use and they were moderately willing to use it, they were not comfortable with the non-accredited party and found the whole process slightly risky. They also verbalised they would have cancelled out of the CDR option numerous times during the session due to discomfort, only to change their mind at the very end once complete. This suggests that they would be less likely to use the CDR than their score indicated.
Takeaways
The findings from this research strongly validated the hypotheses that underpinned the DP222 consultation. These findings were published to the community as part of the DP222 consultation and informed the development of insight and trusted adviser consent standards.
Consumer Experience Guidelines for insights and trusted adviser disclosure consents were also shaped by this research, including insights and recommendations that may not have been incorporated into the final standards but nevertheless reflect best practice and consumer expectations.
Quick links to CX Guidelines: