This page covers accredited person disclosure consents as per the requirements in rule 4.7A and 4.7B (and 4.3B and Division 4.3A for CDR representatives) and the associated consumer experience data standards.
Overview
The object statement in CDR rule 4.9 provides a strong foundation for giving and amending CDR consents.
An accredited person (AP) disclosure consent allows consumers to consent to an accredited data recipient disclosing their CDR data to another accredited person.
In accordance with CDR rule 4.7A and 4.7B, an AP disclosure consent can occur after or before the other data recipient* has obtained a collection and use consent from the consumer. These rules outline conditions for when an AP disclosure consent can occur.
Under CDR Rule 4.3B, CDR representatives who hold the consumer’s CDR data as service data are able to request an AP disclosure consent from a consumer. They are also able to be the recipient of data disclosed under an AP disclosure consent, provided they have sought a relevant collection and use consent from the consumer.
This section caters to an array of scenarios that may extend to a chain of disclosure consents between data recipients, referred to as data recipient 1 (ADR1), data recipient 2 (ADR2), and data recipient 3 (ADR3).
Note: For simplicity, the use of the terms 'data recipient' and 'Accredited data recipient (ADR)' in these guidelines refer to an ‘accredited person’ as defined by the rules, or a CDR representative, under CDR Rule 4.3B.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
Detached flow
The following basic examples show an AP disclosure consent requested by an accredited data recipient. In these examples,
- the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow;
- the consumer has selected their preferred accredited person during consent.
Disclosing unmodified data
The following wireframes show an example of a consent to disclose unmodified data. Other variations of disclosure consent can be found in the below sections.
Disclosing modified data
The following wireframes show examples of disclosing modified data where data recipient 1 (ADR1) is aware of the consumer's original data holder(s); and where data recipient 3 (ADR3) is unaware of the consumer's original data holder(s) and can only refer to the data recipient (ADR1) that they collected the associated data from.
Bundled CDR Consents
The following wireframes show a basic example of AP disclosure consent requested by an accredited data recipient. In this example,
- the data recipient is then requesting a collection consent, a use consent, and a disclosure consent in a single consent flow;
- the consumer has selected their preferred accredited person during pre-consent.
This pattern could, for example, apply when the CDR consumer has a pre-existing relationship with an accredited person and the data recipient can reasonably assume that the consumer is engaging their service to disclose their data to this specified person. Data recipients should use their discretion to determine whether a step to select the specified person is required for their service. For example, the selection step may be necessary where the data recipient offers a range persons to whom the consumer can disclose.
Download open source asset
Open source design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for AP disclosure consent, including:
- Detached flow
- Disclosing unmodified data
- Disclosing modified data
- Bundled CDR Consents
Item | File | Date released | Version introduced |
|---|---|---|---|
1CO1. AP disclosure consent v1.35.0.2025.09.15 | 1CO1. AP disclosure consent v1.35.0.2025.09.15.fig | September 15, 2025 | 1.35.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Date published | URL | Type |
|---|---|---|---|---|
Change Request 701: CX Guidelines | Data Language Standards changes stemming from CD367 | Data Standards Body (DSB) | June 6, 2025 | github.com | Consultations |
Change Request 700: CX Guidelines | Redirect to App (R2A) CX Guidelines Changes | Data Standards Body (DSB) | June 5, 2025 | github.com | Consultations |
Change Request 691: CX Guidelines | Expanding Amending BCDC CX Guidelines | Data Standards Body (DSB) | April 15, 2025 | github.com | Consultations |
Consultation Draft 367: March 2025 Rules - Draft Standards | Data Standards Body (DSB) | March 14, 2025 | github.com | Consultations |
Consumer Data Right Rules: consent and operational enhancement amendments consultation | The Treasury | August 9, 2024 | treasury.gov.au | Consultations |
Consumer Data Right rules – Consent Review and operational enhancements design papers | The Treasury | August 25, 2023 | treasury.gov.au | Consultations |
Disclosure Consent Research Report | Data Standards Body (DSB) | April 4, 2022 | cx.dsb.gov.au | Research |
Decision Proposal 187: CX Standards | Disclosure Consents | Data Standards Body (DSB) | May 21, 2021 | github.com | Consultations |
WCAG Success Criterion 3.1.5 Reading Level (Level AAA) | W3C Web Accessibility Initiative | January 1, 2021 | www.w3.org | Other |
Literacy and access | Australian Government Style Manual | January 1, 2021 | stylemanual.gov.au | Other |
Draft v2 Rules consultation (see concept 4.2 Disclosure) | Australian Competition and Consumer Commission (ACCC) | November 18, 2020 | accc.gov.au | Consultations |
Phase 3, Round 8 Research Summary [PDF] | Data Standards Body (DSB) | August 31, 2020 | github.com | Research |
Phase 2, Stream 1 Research Report | GippsTech | July 31, 2019 | cx.dsb.gov.au | Research |
Phase 2, Stream 2 Research Report | Greater than X | July 31, 2019 | cx.dsb.gov.au | Research |
Phase 2, Stream 3 Research Report | Tobias | July 31, 2019 | cx.dsb.gov.au | Research |
Phase 1, Research Report | Tobias | February 28, 2019 | cx.dsb.gov.au | Research |
Last updated
This page was updated @September 15, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines:
Overview
Consent
Authenticate
Authorise
Consent Management
Notifications
Accessibility statement
→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au