Insight disclosure consents

This section provides examples for how to implement insight disclosure consents.

‣

On this page

Overview

The object statement in CDR rule 4.9 provides a strong foundation for giving and amending CDR consents.

‣

Object statement

Insight disclosure consents allow consumers to consent to share CDR insights outside the CDR system with specified persons for a range of prescribed purposes. This increases consumers’ ability to engage with unaccredited parties in a way that limits the data they share to only what is necessary for the prescribed purpose.

As per the CDR rules, insight disclosure consents permit accredited data recipients, or CDR representatives that hold the CDR data as service data, to disclose data to a specified person for one or more of the following purposes:

verifying the consumer’s identity;
verifying the consumer’s account balance;
verifying the details of credits to or debits from the consumer’s accounts; but
where the CDR data relates to more than one transaction - does not authorise the accredited data recipient to disclose an amount or date in relation to any individual transaction

An insight disclosure consent is not a permitted use or disclosure if the CDR insight includes or reveals sensitive information within the meaning of the Privacy Act 1988.

A high level example of the potential relationship between the initial collect and use consent between the data recipient and a data holder, and a disclosure consent for data recipient to share insights to a non-accredited person for a specified purpose.

For further guidance, see OAIC's CDR insights.

Wireframes and guidelines

Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.

Detached flow

The following wireframes show a basic example of an insight disclosure consent requested by an accredited data recipient. In this example,

the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow;
the consumer has selected the specified person during consent.

While the CDR rules referenced in the key requirements and annotations of this flow relate specifically to accredited data recipients, equivalent rules for CDR representatives requesting an insight disclosure consent can be found in the CDR rules Division 4.3A.

‣

See key requirements and guidelines

‣

See prototype

Bundled CDR Consents

The following wireframes show a basic example of a bundled Collection, Use and Insight disclosure consent request by an accredited data recipient. In this example,

the data recipient is requesting a collection consent, a use consent, and a disclosure consent in a single consent flow;
the accredited data recipient has pre-selected the specified person.

This pattern could, for example, apply when the CDR consumer has a pre-existing relationship with a non-Accredited Person and the data recipient can reasonably assume that the consumer is engaging their service to disclose their data to this specified person. Data recipients should use their discretion to determine whether a step to select the specified person is required for their service. For example, the selection step may be necessary where the data recipient offers a range persons to whom the consumer can disclose.

Equivalent rules for CDR representatives can be found in the CDR rules Division 4.3A.

‣

See key requirements and guidelines

‣

See prototype

Download open source asset

Open source design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Insights disclosure consents, including:

Detached flow
Bundled CDR Consents

Download design asset

Item	File	Date released	Version introduced
1CO4. Insights disclosure consent v1.35.0.2025.09.12	1CO4. Insights disclosure consent v1.35.0.2025.09.12.fig	September 12, 2025	1.35.0

For past versions, refer to Change log.

‣

About open source assets

About this page

References

The artefacts on this page were informed by the following sources.

Title	Author	Date published	URL	Type
Change Request 701: CX Guidelines \| Data Language Standards changes stemming from CD367	Data Standards Body (DSB)	June 6, 2025	github.com	Consultations
Change Request 700: CX Guidelines \| Redirect to App (R2A) CX Guidelines Changes	Data Standards Body (DSB)	June 5, 2025	github.com	Consultations
Change Request 691: CX Guidelines \| Expanding Amending BCDC CX Guidelines	Data Standards Body (DSB)	April 15, 2025	github.com	Consultations
Consultation Draft 367: March 2025 Rules - Draft Standards	Data Standards Body (DSB)	March 14, 2025	github.com	Consultations
Change Request 674: CX Guidelines \| Updates stemming from 2024 Consent Review changes	Data Standards Body (DSB)	October 2, 2024	github.com	Consultations
Consumer Data Right Rules: consent and operational enhancement amendments consultation	The Treasury	August 9, 2024	treasury.gov.au	Consultations
OAIC Consumer Data Right insights	Office of the Australian Information Commissioner (OAIC)	January 15, 2024	www.oaic.gov.au	Guidance
Privacy Safeguard 12	Office of the Australian Information Commissioner (OAIC)	November 20, 2023	oaic.gov.au	Guidance
Consumer Data Right insights	Office of the Australian Information Commissioner (OAIC)	November 10, 2023	oaic.gov.au	Guidance
Consumer Data Right rules – Consent Review and operational enhancements design papers	The Treasury	August 25, 2023	treasury.gov.au	Consultations
Disclosure Consent Research Report	Data Standards Body (DSB)	April 4, 2022	cx.dsb.gov.au	Research
Decision Proposal 222: CX Standards \| Insights and Trusted Adviser Disclosure Consents	Data Standards Body (DSB)	November 4, 2021	github.com	Consultations
Noting Paper 207: Draft v3 Rules Analysis \| Anticipated Data Standards	Data Standards Body (DSB)	August 4, 2021	github.com	Consultations
Draft v3 Rules consultation	The Treasury	July 1, 2021	treasury.gov.au	Consultations
Report 3: Vulnerability, Capability, Opportunity	Consumer Policy Research Centre (CPRC)	May 1, 2021	cx.dsb.gov.au	Research
Literacy and access	Australian Government Style Manual	January 1, 2021	stylemanual.gov.au	Other
Draft v2 Rules consultation (see concept 5.2 Insight disclosure)	Australian Competition and Consumer Commission (ACCC)	November 18, 2020	accc.gov.au	Consultations
Phase 3, Round 8 Research Summary [PDF]	Data Standards Body (DSB)	August 31, 2020	github.com	Research
10 Usability Heuristics for User Interface Design (Visibility of system status)	Nielsen Norman Group (NNG)	April 24, 1994	nngroup.com	Other

Last updated

This page was updated @September 12, 2025

Have your say

Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:

Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
Request new Standards or changes to existing Standards through the Standards Maintenance process
Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
Email your feedback to cx@dsb.gov.au

Quick links to CX Guidelines:

Overview

Consent

Authenticate

Authorise

Consent Management

Notifications

Accessibility statement

→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au

The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023. The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.