The Consent Flow

The Consent Flow is divided into three stages: Consent; Authenticate; and Authorise.

‣

On this page

Example prototype

About the Consent Flow

The Consent Flow refers to Consent, Authenticate and Authorise.

While the CX Guidelines are focused on The Consent Model (Consent, Authenticate and Authorise, Consent Management, and Notifications), the CX research highlighted the importance of the pre-consent and post-consent stages.

Pre-Consent

Data recipient space

At this stage, the consumer engages with an ADR’s value proposition and learns about the Consumer Data Right (CDR). The pre-consent stage may occur, for example, after the consumer has commenced CDR onboarding but before their consent is sought. This phase is conducive to the building of consumer trust and confidence while clearly communicating the benefits of data sharing.

See 'Pre-consent' optional guidance and example wireframes

Consent

Data recipient space

Consumer decides whether or not to consent to the collection and use of their data after reviewing the terms of the consent, such as:

who is requesting their data;
what data is being requested;
when the data will be shared;
where data is shared to and from;
why their data is being requested; and
how they can manage and control the sharing and use of their data.

See 'Consent' CX Guidelines and example wireframes

Authenticate

Data holder space

Consumer verifies who they are to their data holder.

See 'Authenticate' CX Guidelines and example wireframes

Authorise

Data holder space

Consumer:

selects the accounts they would like to share data from;
reviews a summary of the data that will be shared; and
authorises the sharing of that data from the data holder to the data recipient.

See 'Authorise' CX Guidelines and example wireframes

Post-Consent

Data recipient space Data holder space

Consumer is presented with the outcomes of data sharing. Post-consent is the stage immediately following a authorisation, where the ADR provides the outcome of data sharing and is able to close feedback loops.

See 'Consent Management' CX Guidelines and example wireframes

Last updated

This page was updated @Sep 29, 2025

Quick links to CX Guidelines:

Overview

Consent

Authenticate

Authorise

Consent Management

Notifications

Accessibility statement

→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au

The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023. The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.