This page covers accredited person disclosure consents as per the requirements in rule 4.7A and 4.7B (and 4.3B and Division 4.3A for CDR representatives) and the associated consumer experience data standards.
Overview
The object statement in CDR rule 4.9 provides a strong foundation for giving and amending CDR consents.
An accredited person (AP) disclosure consent allows consumers to consent to an accredited data recipient disclosing their CDR data to another accredited person.
In accordance with CDR rule 4.7A and 4.7B, an AP disclosure consent can occur after or before the other data recipient* has obtained a collection and use consent from the consumer. These rules outline conditions for when an AP disclosure consent can occur.
Under CDR Rule 4.3B, CDR representatives who hold the consumer’s CDR data as service data are able to request an AP disclosure consent from a consumer. They are also able to be the recipient of data disclosed under an AP disclosure consent, provided they have sought a relevant collection and use consent from the consumer.
This section caters to an array of scenarios that may extend to a chain of disclosure consents between data recipients, referred to as data recipient 1 (ADR1), data recipient 2 (ADR2), and data recipient 3 (ADR3).
Note: For simplicity, the use of the terms 'data recipient' and 'Accredited data recipient (ADR)' in these guidelines refer to an ‘accredited person’ as defined by the rules, or a CDR representative, under CDR Rule 4.3B.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
Detached flow
The following basic examples show an AP disclosure consent requested by an accredited data recipient. In these examples,
- the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow;
- the consumer has selected their preferred accredited person during consent.
Disclosing unmodified data
The following wireframes show an example of a consent to disclose unmodified data. Other variations of disclosure consent can be found in the below sections.
Disclosing modified data
The following wireframes show examples of disclosing modified data where data recipient 1 (ADR1) is aware of the consumer's original data holder(s); and where data recipient 3 (ADR3) is unaware of the consumer's original data holder(s) and can only refer to the data recipient (ADR1) that they collected the associated data from.
Bundled CDR Consents
The following wireframes show a basic example of AP disclosure consent requested by an accredited data recipient. In this example,
- the data recipient is then requesting a collection consent, a use consent, and a disclosure consent in a single consent flow;
- the consumer has selected their preferred accredited person during pre-consent.
This pattern could, for example, apply when the CDR consumer has a pre-existing relationship with an accredited person and the data recipient can reasonably assume that the consumer is engaging their service to disclose their data to this specified person. Data recipients should use their discretion to determine whether a step to select the specified person is required for their service. For example, the selection step may be necessary where the data recipient offers a range persons to whom the consumer can disclose.
Download open source asset
Open source design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for AP disclosure consent, including:
- Detached flow
- Disclosing unmodified data
- Disclosing modified data
- Bundled CDR Consents
Item | File | Date released | Version introduced |
|---|---|---|---|
Mar 18, 2026 | 1.36.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Date published | URL | Type |
|---|---|---|---|---|
Australian Competition and Consumer Commission (ACCC) | Mar 10, 2026 | Guidance | ||
Data Standards Body (DSB) | Dec 11, 2025 | Consultations | ||
Data Standards Body (DSB) | Nov 28, 2025 | Consultations | ||
Data Standards Body (DSB) | Jun 6, 2025 | Consultations | ||
Data Standards Body (DSB) | Jun 5, 2025 | Consultations | ||
Data Standards Body (DSB) | Apr 15, 2025 | Consultations | ||
Data Standards Body (DSB) | Mar 14, 2025 | Consultations | ||
The Treasury | Aug 9, 2024 | Consultations | ||
The Treasury | Aug 25, 2023 | Consultations | ||
Data Standards Body (DSB) | Apr 4, 2022 | Research | ||
Data Standards Body (DSB) | May 21, 2021 | Consultations | ||
W3C Web Accessibility Initiative | Jan 1, 2021 | Other | ||
Australian Government Style Manual | Jan 1, 2021 | Other | ||
Australian Competition and Consumer Commission (ACCC) | Nov 18, 2020 | Consultations | ||
Data Standards Body (DSB) | Aug 31, 2020 | Research | ||
GippsTech | Jul 31, 2019 | Research | ||
Greater than X | Jul 31, 2019 | Research | ||
Tobias | Jul 31, 2019 | Research | ||
Tobias | Feb 28, 2019 | Research |
Last updated
This page was updated @Sep 15, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines: