NAV Navbar

V1.2.0 Release Notes

Release notes for version 1.2.0 of the CDR Standards.

This version of the standards is considered to be the binding baseline for the Phase 2 implementation of the Consumer Data Right regime currently targeted for July 2020.

High Level Standards

Change Description Link
Binding Statement Modified the introduction section to include a statement of binding that is aligned to the legal framework for the CDR regime Introduction
Clarification of DateTimeString Change to the description of the DateTimeString type to clarify the baselining of time to UTC. This is a clarification only and does not materially change the standards Common Types Section

API End Points

No Change

Information Security Profile

Change Description Link
Concurrent Consent Decision Incorporated the changes articulated in Decision 85 regarding concurrent consent Consent Section
Client Registration Discovery Added the requirement that the client registration end point be included in the OIDC discovery response Security End Points Section
Security TLS Certificate The constraint that security end points requiring TLS only must use a certificate obtained from the CDR CA has been removed Security End Points Section

Consumer Experience

Change Description Link
Defect: Data cluster language for basic scope CX Standards: minor defect correction for location of ‘balances’.
'Account name and type' now changed to 'Account name, type and balance'.
'Account numbers, balances and features' now changed to 'Account numbers and features'.
CX Standards
Page 21: Data Standards Language
Single/Concurrent consent guideline CX Guidelines: example for ADRs to present withdrawal election prior to establishing a new consent. CX Guidelines
Page 64: Subsequent Consent
Rule 4.23(b) example: historical data CX Guidelines: showing how DHs may present static ‘1 Jan 2017’ reference in authorisation flow to reflect rule 4.23(b).
CX Guidelines now also suggest other locations for this information that are not required in the rules or standards.
CX Guidelines
Page 82: Authorise / Confirmation
Page 96: ADR dashboard
Page 108: DH Dashboard
Rule 7.4 and 7.9 example: compliance with Privacy Safeguards 5 and 10 CX Guidelines: example for privacy safeguard requirement on dashboards. Rules regarding disclosure of datasets, references to ADRs and DHs, and date of initial and final disclosure. CX Guidelines
Page 96: ADR dashboard
Page 108: DH dashboard
CDR Branding CX Guidelines: official CDR branding included in screens that refer to accreditation, with reference to ACCC-supplied assets. CX Guidelines
Pages 10, 37, 39, 77, 110
Accreditation check CX Guidelines: statement regarding ACCC-provided URL for consumers to use to verify accreditation CX Guidelines
Page 39, 111
Password copy CX Guidelines: clarified example of copy regarding CDR participants never asking for consumer passwords. Presented in body copy and footer. CX Guidelines
Pages 71 - 75
CDR Rule 7.12(2)(b) CX Guidelines: inclusion of rule in reference to outsourced providers. CX Guidelines
Page 58, 62
Design patterns CX Guidelines: guideline on encouraging consumers to be privacy conscious. CX Guidelines
Page 53, 95, 108
Rules references CX Guidelines: amended rules references. CX Guidelines
Pages 40, 58, 98, 99, 107
CDR Receipt: Rule 4.18 CX Guidelines: copy updated to clarify that ADRs may but are not required to provide a CDR receipt on the consumer dashboard. CX Guidelines
Page 94