These guidelines provide examples for how to implement the data recipient consumer dashboards related to collection and use consents and amended consents.
Overview
This page includes scenarios where a consumer could use their dashboard to manage their collection and use consents. The consumer dashboard allows a consumer to review and manage their consents. In consumer-facing designs, ‘consents’ are sometimes referred to as sharing arrangements.
For consumer dashboard guidance about data recipients disclosing data to specified persons, see Disclosure consents.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
Collection and use consents - default example
The following wireframes show a basic example of a data recipient dashboard, including options and pathways to amend consents. Variations can be found in the below sections.
CDR outsourcing, sponsorship, and CDR representative arrangements
The following wireframes show examples for how to implement CDR outsourcing arrangements, sponsorship arrangements, and CDR representative arrangements on the data recipient dashboard.
For more information, see OAIC’s guidance on privacy obligations for these arrangements.
ADR uses outsourced service providers
Sponsorship arrangement
CDR representative arrangement
Amended consents
The following wireframes show an example of the data recipient dashboard for an amended consent.
Holding data as a data holder
Under the CDR Rules Clause 7.2 of Schedule 3 (Conditions for accredited person to be data holder), an authorised deposit‑taking institution (ADI) or non-bank lender who is an accredited data recipient can hold CDR data as a data holder, provided the conditions of the clause are met.
Collection consent management - AP holding collected data as a data holder
The following wireframes show examples for data recipient dashboards regarding collection consents where subclause 7.2(2) of Schedule 3 applies, Conditions involving notification prior to first collection.
CDR consent management - Permission to hold collected data as a data holder
The following wireframes show examples for data recipient dashboards where consumers have granted permission for the recipient to become a data holder of collected CDR data per subclause 7.2(2A) of Schedule 3.
Download open source asset
Open source design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Consent Management - Collection and use consents, including:
- Collection and use consents - default example
- CDR outsourcing, sponsorship and CDR representative arrangements
- Amended consents
- Holding data as a data holder
- Collection consent management - AP holding collected data as a data holder
- CDR consent management - Permission to hold collected data as a data holder
Item | File | Date released | Version introduced |
|---|---|---|---|
4CM1. Collection and use consent v1.35.0.2025.09.17 | 4CM1. Collection and use consent v1.35.0.2025.09.17.fig | September 17, 2025 | 1.35.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Date published | URL | Type |
|---|---|---|---|---|
Change Request 684: CX Guidelines | ADI or NBL to hold CDR data as a DH | Data Standards Body (DSB) | February 5, 2025 | github.com | Consultations |
Change Request 674: CX Guidelines | Updates stemming from 2024 Consent Review changes | Data Standards Body (DSB) | October 2, 2024 | github.com | Consultations |
Consumer Data Right Rules: consent and operational enhancement amendments consultation | The Treasury | August 9, 2024 | treasury.gov.au | Consultations |
Privacy Safeguard 12 | Office of the Australian Information Commissioner (OAIC) | November 20, 2023 | oaic.gov.au | Guidance |
Privacy Safeguard 5 | Office of the Australian Information Commissioner (OAIC) | November 20, 2023 | oaic.gov.au | Guidance |
Consent (Data minimisation principle) | Office of the Australian Information Commissioner (OAIC) | November 10, 2023 | oaic.gov.au | Guidance |
Disclosure Consent Research Report | Data Standards Body (DSB) | April 4, 2022 | cx.dsb.gov.au | Research |
Privacy obligations | Office of the Australian Information Commissioner (OAIC) | January 1, 2021 | oaic.gov.au | Guidance |
Phase 3, Round 3 Research Report | Data Standards Body (DSB) | August 31, 2020 | cx.dsb.gov.au | Research |
Phase 3, Round 4 and 5 Research Report | Data Standards Body (DSB) | August 31, 2020 | cx.dsb.gov.au | Research |
CX Workshop: Manage and withdraw | Data Standards Body (DSB) | August 1, 2019 | web.archive.org | Consultations |
Phase 2, Stream 1 Research Report | GippsTech | July 31, 2019 | cx.dsb.gov.au | Research |
Phase 2, Stream 3 Research Report | Tobias | July 31, 2019 | cx.dsb.gov.au | Research |
Phase 1, Research Report | Tobias | February 28, 2019 | cx.dsb.gov.au | Research |
10 Usability Heuristics for User Interface Design (Flexibility and efficiency of use) | Nielsen Norman Group (NNG) | April 24, 1994 | nngroup.com | Other |
Last updated
This page was updated @September 17, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines:
Overview
Consent
Authenticate
Authorise
Consent Management
Notifications
Accessibility statement
→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au