Definitions of terms used in the CX Guidelines.
‣
Terms used onin the CX Guidelines website
Brand | Brand refers to the brand name of a data holder or accredited data recipient registered in the CDR Register. Brands help to identify the different products offered. For |
The Treasury | The federal Treasury leads CDR policy, including development of rules and advice to government on which sectors CDR should apply to in the future. |
Accredited Data Recipient (ADR) | A legal entity that is accredited to receive a consumer’s data under the Consumer Data Right and use that data to provide the consumer with goods and services with the consumer’s consent.
ADRs must meet strict criteria to be accredited by the ACCC. |
Data Standards Body (DSB) | The Data Standards Body (DSB). The role of the DSB is to assist the Data Standards Chair (Chair). The Chair has the power to approve, review and revoke Data Standards. |
Consent Flow | The Consent Flow is divided into three discrete stages: Consent, Authenticate, and Authorise. For more information, see The Consent Flow. |
Consent Model | The Consent Model refers to the Consent Flow and Consent Management (both data holder and data recipient dashboards and associated obligations). For more information, see The Consent Model. |
Non-Accredited Person (non-AP) | An umbrella term to refer to a recipient under a disclosure consent who is not accredited under the CDR. This includes recipients under trusted adviser disclosure consents, insights disclosure consents and business consumer disclosure consents. |
Data recipient | An organisation that requests data (on behalf of a consumer) to provide a specific product or service. The use of the term ‘data recipients’ to refer to accredited data recipients is consistent with the data standards nomenclature. Related to Accredited Data Recipient and [CDR Representative]. |
CDR logo | Official Consumer Data Right branding to be provided by ACCC. Data holders and accredited persons (CDR participants) can use the CDR logo after accepting a Trade Mark Licencing Agreement with the ACCC. For more information, see CDR logo - fact sheet. |
Australian Competition and Consumer Commission (ACCC) | The ACCC is responsible for the accreditation process of CDR participants, including managing the Consumer Data Right Register. The ACCC ensures providers are complying with the Rules and takes enforcement action where necessary. For more information, see ACCC website. |
Consumer Data Standard (CDS) | The Consumer Data Standards are developed to facilitate the Consumer Data Right by acting as a specific baseline for implementation. They are developed and maintained by the Data Standards Body. |
Consumer | An individual or business that uses CDR to establish a data sharing arrangement. |
Consumer journey | The stages a consumer moves through to establish a sharing arrangement. These include: pre-consent, consent, authenticate, authorise, post-consent, manage, and withdraw. |
Consumer Experience (CX) | The consumer experience that end users will have as they interact with the Consent Model and the CDR ecosystem. Also used to refer to the team within the Data Standards Body who conduct consumer research and maintain this guidelines website. |
Data request | The stage where a data recipient asks the consumer to consent to share their CDR data. This includes the terms of the sharing arrangement, such as the duration and purpose. |
Data Holder (DH) | A legal entity that holds a consumer’s data – for example, a financial institution, such as a bank, that holds a consumer’s account information, or a utility company that holds a consumer's energy usage data.
Data holders are subject to data sharing obligations under the CDR Rules. |
Office of the Australian Information Commissioner (OAIC) | The OAIC is responsible for regulating privacy and confidentiality under the CDR. The OAIC also handles complaints and notifications of eligible data breaches relating to CDR data. For more information, see OAIC website. |
One Time Password (OTP) | A single-use password that is generated by a data holder and used by a consumer to authenticate. |
Trusted Adviser (TA) | A trusted adviser is a non-accredited person who is authorised by the consumer to receive their data through a disclosure consent granted to an ADR. For more information, see CDR Rule 1.10C. |
Withdrawal | When a consumer stops a data sharing arrangement (i.e. ‘consent/authorisation’). This can occur via a data recipient or a data holder. This was previously referred to as ‘revocation’. |
Authenticate | The stage of the Consent Model where a consumer verifies themselves with their data holder. |
Authorise | The stage of the Consent Model where a consumer confirms to their data holder that they authorise the disclosure of their CDR data. |
Consent | The stage of the Consent Model where a consumer agrees to share their CDR data with a data recipient for a specific purpose (e.g. collect, use and/or disclose). The Consent stage is distinct from the confirmation given to the data holder (i.e. ‘authorise’) in the Consent Flow.
Consent is also used as a term in consumer-facing interactions to refer to a data sharing arrangement. |
Notification | A notice sent to a consumer relating to a data sharing arrangement. |
Data sharing arrangement | An instance of data sharing between an accredited data recipient and a data holder that a consumer has consented to, and the terms that apply to this instance. May also be referred to as a ‘consent’ or an ‘authorisation’ respectively by the CDR participant involved. |
Affiliate | |
CDR representative | |
CDR representative principle | |
Outsourced Service Provider (OSP) | |
OSP principals | |
Sponsor | |
CDR rules | The CDR rules outline how the Consumer Data Right works and are part of the regulatory framework which governs the CDR. This framework includes the Consumer Data Standards and Part IVD of the Competition and Consumer Act (2010). The rules are available here: Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) |
Consumer Data Right (CDR) | Consumer Data Right.The Consumer Data Right is the name of a legislative, regulatory, and standards framework for consumers to share their data with trusted third parties. |
Term | Explanation |
Accreditation | The status provided to an organisation that has met the requirements to become an accredited data recipient. |
Data cluster | The term used to refer to a grouping of data. ‘Data cluster language’ refers to the name of each group. For examples, see the Data Language Standards. |
Permission | The specific kinds of data in an authorisation scope, grouped by data cluster. For examples, see the Data Language Standards. |
Purpose | The reason(s) for the data request. The purpose specifies why the accredited data recipient needs the requested data to provide a product or service. |
Value proposition | A consumer’s perception of the usefulness of a product or service offered by a data recipient. |
Wireframe | An illustration of a page’s interface that specifically focuses on space allocation and prioritisation of content, functionalities available, and intended behaviours. |
Terms used in the CX Guidelines wireframes
In the wireframes, these terms may be presented in square brackets ([ ]) and represent placeholder content. CDR participants should replace these placeholders with content relevant to their service.
Legal Entity | A legal person (an individual, company, other incorporated body or government entity). |
Service | This relates to the provided goods or services requested by the CDR consumer. |
Data recipient | An organisation that requests data (on behalf of a consumer) to provide a specific product or service. The use of the term ‘data recipients’ to refer to accredited data recipients is consistent with the data standards nomenclature. Related to Accredited Data Recipient. |
Use | This refers to the use consent given by a consumer to an ADR to use CDR data in particular way. For more information, see CDR Rule 1.10A. |
Accredited Data Recipient (ADR) | A legal entity that is accredited to receive a consumer’s data under the Consumer Data Right and use that data to provide the consumer with goods and services with the consumer’s consent.
ADRs must meet strict criteria to be accredited by the ACCC. |
CDR representative | A CDR representative is a person who participates in CDR through a written contract with a CDR representative principal. The CDR representative may offer goods or services on behalf of its CDR representative principal or it may offer its own goods or services. Related to CDR representative principal. |
CDR representative principal | A CDR representative principal is a person with unrestricted accreditation. Related to CDR representative. |
Data holder (DH) | An organisation that holds a consumer’s data. |
Duration | This refers to the specified period of the consent or authorisation. Related to End date and Start date. |
End date | This refers to the date of expiry or withdrawal of the consent or authorisation. Related to Duration. |
Outsourced Service Provider (OSP) | An outsourced service provider (provider) is a person who enters into a CDR outsourcing arrangement with an OSP principal. The provider is engaged by the OSP principal to provide goods or services to the OSP principal in accordance with the CDR outsourcing arrangement. The provider may be an accredited person, CDR representative, or unaccredited third party. Related to OSP principals. |
Non-Accredited Person (non-AP) | An umbrella term to refer to a recipient under a disclosure consent who is not accredited under the CDR. This includes recipients under trusted adviser disclosure consents, insights disclosure consents and business consumer disclosure consents. |
OSP principal | An OSP principal is a person who has engaged a provider under a CDR outsourcing arrangement. An OSP principal may be either an accredited person, CDR representative or unaccredited third party who is an existing provider in another CDR outsourcing arrangement. Related to Outsourced Service Provider. |
Sponsor | A sponsor is an unrestricted accredited person who discloses CDR data they hold as an accredited data recipient to their affiliate. Related to Affiliate. |
Start date | This refers to the date that the consent or authorisation was granted by the consumer. Related to Duration. |
Affiliate | An affiliate is an entity that has been granted accreditation at the sponsored level and who has a sponsorship arrangement with an unrestricted accredited person (known as the ‘sponsor’). Related to Sponsor. |
Brand | Brand refers to the brand name of a data holder or accredited data recipient registered in the CDR Register. Brands help to identify the different products offered. |
Trusted Adviser (TA) | A trusted adviser is a non-accredited individual who is authorised by the consumer to receive their data through a disclosure consent granted to an ADR. For more information, see CDR Rule 1.10C. |
Term | Explanation |
Data cluster | The term used to refer to a grouping of data. ‘Data cluster language’ refers to the name of each group. For examples, see the Data Language Standards. |
Permission | The specific kinds of data in an authorisation scope, grouped by data cluster. For examples, see the Data Language Standards. |
Purpose | The reason(s) for the data request. The purpose specifies why the accredited data recipient needs the requested data to provide a product or service. |
Reason | This relates to why the specified data or duration is reasonably needed for the consent. The specified data and duration must also comply with the data minimisation principle. |
Software Product | A software product is registered by an ADR and is the means through which the ADR identifies itself to data holders to facilitate the sharing of consumer data and the management of consents. |
Additional terms can be found in the CDR Glossary and the CDR Support Portal Glossary.
Last updated
This page was updated @January 22, 2025
Quick links to CX Guidelines:
The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023.
The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.