Updated @January 31, 2022
Terms used in the CX Guidelines
The status provided to an organisation that has met the requirements to become an accredited data recipient.
Abbreviation for accredited data recipient. See data recipient for more information.
When a consumer verifies themselves with a data holder.
A consumer confirming to the disclosure of their CDR data from a data holder.
Consumer Data Right.
Official Consumer Data Right branding to be provided by ACCC.
Rules defined by ACCC outlining how the consumer data right works.
Consumer Data Standards, technical advisor to the Data Standards Body.
Technically used to refer to when a consumer agrees to share their CDR data with an accredited data recipient for a specific purpose (i.e. collect and use); technically distinguished from the final affirmative action (i.e. ‘authorise’) in the Consent Flow. Consent is also used as a term in consumer-facing interactions to refer to data sharing arrangements.
An individual or business that uses CDR to establish a data sharing arrangement.
The stages a consumer moves through to establish a sharing arrangement. These include: pre-consent, consent, authenticate, authorise, post-consent, manage, and withdraw.
The consumer experience (CX) that end users will have as they interact with the Consent Model and the CDR ecosystem.
The term used to refer to a grouping of data. ‘Data cluster language’ refers to the name of each group. For examples, see the Data Language Standards.
An organisation that holds a consumer’s data.
An organisation that requests data (on behalf of a consumer) to provide a specific product or service.
The stage where a data recipient asks the consumer to consent to share their CDR data. This includes the terms of the sharing arrangement, such as the duration and purpose.
Data sharing arrangement
An instance of data sharing between an accredited data recipient and a data holder that a consumer has consented to, and the terms that apply to this instance. Also referred to as a ‘consent’ or an ‘authorisation’.
Abbreviation for data holder. See data holder for more information.
The Data Standards Body (DSB). The role of the DSB is to assist the Data Standards Chair (Chair). The Chair has the power to approve, review and revoke Data Standards.
A notice sent to a consumer related to a data sharing arrangement.
Office of the Australian Information Commissioner. The OAIC is a co-regulator of the Consumer Data Right (CDR) regime. Some of OAIC other roles in the CDR regime, include an advisory role, overview of the privacy protection elements, and consumer complaints handling once in operation.
One Time Password
A single-use password that is generated by a data holder and used by a consumer to authenticate. Acronymised as OTP.
The specific kinds of data in an authorisation scope, grouped by data cluster. For examples, see the Data Language Standards.
The reason(s) for the data request. The purpose specifies why the accredited data recipient needs the requested data to provide a product or service.
A consumer’s perception of the usefulness of a product or service offered by a data recipient.
An illustration of a page’s interface that specifically focuses on space allocation and prioritisation of content, functionalities available, and intended behaviours.
When a consumer stops a data sharing arrangement (i.e. ‘consent/authorisation’). This can occur via a data recipient or a data holder. This was previously referred to as ‘revocation’.
Quick links to CX Guidelines: