Definitions of terms used in the CX Guidelines.
<aside>
| Term | Explanation |
|---|---|
| Australian Competition and Consumer Commission (ACCC) | The ACCC is responsible for the accreditation process of CDR participants, including managing the Consumer Data Right Register. The ACCC ensures providers are complying with the rules and takes enforcement action where necessary. For more information, see ACCC website. |
| Accreditation | The status provided to an organisation that has met the requirements to become an accredited data recipient. |
| Accredited Data Recipient (ADR) | A legal entity that is accredited to receive a consumer’s data under the Consumer Data Right and use that data to provide the consumer with goods and services with the consumer’s consent. |
ADRs must meet strict criteria to be accredited by the ACCC. | | Affiliate | An affiliate is an entity that has been granted accreditation at the sponsored level and who has a sponsorship arrangement with an unrestricted accredited person (known as the ‘sponsor’). Related to Sponsor. | | Authenticate | The stage of the Consent Model where a consumer verifies themselves with their data holder. | | Authorise | The stage of the Consent Model where a consumer confirms to their data holder that they authorise the disclosure of their CDR data. | | Brand | Brand refers to the brand name of a data holder or accredited data recipient registered in the CDR Register. Brands help to identify the different products offered. | | Consumer Data Right (CDR) | The Consumer Data Right is the name of a legislative, regulatory, and standards framework for consumers to share their data with trusted third parties. | | CDR logo | Official Consumer Data Right branding to be provided by ACCC. Data holders and accredited persons (CDR participants) can use the CDR logo after accepting a Trade Mark Licensing Agreement with the ACCC. For more information, see CDR logo - fact sheet. | | CDR representative | A CDR representative is a person who participates in CDR through a written contract with a CDR representative principal. The CDR representative may offer goods or services on behalf of its CDR representative principal or it may offer its own goods or services. Related to CDR representative principal. | | CDR representative principal | A CDR representative principal is a person with unrestricted accreditation. Related to CDR representative. | | CDR rules | The CDR rules outline how the Consumer Data Right works and are part of the regulatory framework which governs the CDR. This framework includes the Consumer Data Standards and Part IVD of the Competition and Consumer Act (2010). The rules are available here: Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) | | Consent | The stage of the Consent Model where a consumer agrees to their CDR data being accessed for a specific purpose (e.g. collect, use and/or disclose). The Consent stage is instigated/managed by the data recipient and is distinct from the confirmation given to the data holder (i.e. ‘authorise’) in the Consent Flow.
Consent is also used as a term in consumer-facing interactions to refer to a data sharing arrangement. | | Consent Flow | The Consent Flow is divided into three discrete stages: Consent, Authenticate, and Authorise. For more information, see ‣. | | Consent Model | The Consent Model refers to the Consent Flow and Consent Management (both data holder and data recipient dashboards and associated obligations). For more information, see ‣. | | Consumer | An individual or business that uses CDR to establish a data sharing arrangement. | | Consumer Experience (CX) | The consumer experience that consumers will have as they interact with the Consent Model and the CDR ecosystem. This term is also used to refer to the team within the Data Standards Body who conduct consumer research and maintain this guidelines website. | | Data cluster | The term used to refer to a grouping of data. ‘Data cluster language’ refers to the name of each group. For examples, see the Data Language Standards. | | Data Holder (DH) | A legal entity that holds a consumer’s data – for example, a financial institution, such as a bank, that holds a consumer’s account information, or a utility company that holds a consumer's energy usage data.
Data holders are subject to data sharing obligations under the CDR Rules. | | Data recipient | An organisation that requests data (on behalf of a consumer) to provide a specific product or service. The use of the term ‘data recipients’ to refer to accredited data recipients is consistent with the data standards nomenclature. Related to Accredited Data Recipient and CDR Representative. | | Data sharing arrangement | An instance of data access between CDR participants, such as a consent given to an ADR to collect data from a DH, or to disclose data from an ADR to another entity, and the terms that apply to this instance. May also be referred to as a ‘consent’ or an ‘authorisation’ respectively by the CDR participant involved. | | Data Standards | The data standards for the CDR facilitate safe, secure, and convenient data access. They are binding requirements that CDR participants must follow. The data standards cover technical standards, including for API specifications, information security standards, consumer experience standards, and Register standards. | | Data Standards Body (DSB) | The role of the DSB is to assist the Data Standards Chair (Chair). The Chair has the power to approve, review and revoke Data Standards. | | Non-Accredited Person (non-AP) | An umbrella term to refer to a recipient under a disclosure consent who is not accredited under the CDR. This includes recipients under trusted adviser disclosure consents, insights disclosure consents and business consumer disclosure consents. | | Notification | A notice sent to a consumer relating to a data sharing arrangement. | | Office of the Australian Information Commissioner (OAIC) | The OAIC is responsible for regulating privacy and confidentiality under the CDR. The OAIC also handles complaints and notifications of eligible data breaches relating to CDR data. For more information, see OAIC website. | | One Time Password (OTP) | A single-use password that is generated by a data holder and used by a consumer to authenticate. | | Outsourced Service Provider (OSP) | An outsourced service provider (provider) is a person who enters into a CDR outsourcing arrangement with an OSP principal. The provider is engaged by the OSP principal to provide goods or services to the OSP principal in accordance with the CDR outsourcing arrangement. The provider may be an accredited person, CDR representative, or unaccredited third party. Related to OSP principals. | | OSP principals | An OSP principal is a person who has engaged a provider under a CDR outsourcing arrangement. An OSP principal may be either an accredited person, CDR representative or unaccredited third party who is an existing provider in another CDR outsourcing arrangement. Related to Outsourced Service Provider. | | Permission | The specific kinds of data in an authorisation scope, grouped by data cluster. For examples, see the Data Language Standards. | | Purpose | The reason(s) for the data request. The purpose specifies why the accredited data recipient needs the requested data to provide a product or service. | | Sponsor | A sponsor is an unrestricted accredited person who discloses CDR data they hold as an accredited data recipient to their affiliate. Related to Affiliate. | | The Treasury | The federal Treasury leads CDR policy, including development of rules and advice to government on which sectors CDR should apply to in the future. | | Trusted Adviser (TA) | A trusted adviser is a non-accredited person who is authorised by the consumer to receive their data through a disclosure consent granted to an ADR. For more information, see CDR rule 1.10C. | | Value proposition | This is the value exchange outlined by the data recipient to justify data access. This may include the benefit, value, good, or service being offered by the data recipient. | | Wireframe | An illustration of a page’s interface that specifically focuses on space allocation and prioritisation of content, functionalities available, and intended behaviours. | | Withdrawal | When a consumer revokes a permission relating to data access and use, such as a consent to collect and use, or an authorisation to disclose. |
In the wireframes, these terms may be presented in square brackets ([ ]) and represent placeholder content. CDR participants should replace these placeholders with content relevant to their service.
| Term | Explanation |
|---|---|
| Accredited Data Recipient (ADR) | A legal entity that is accredited to receive a consumer’s data under the Consumer Data Right and use that data to provide the consumer with goods and services with the consumer’s consent. |
ADRs must meet strict criteria to be accredited by the ACCC. | | Affiliate | An affiliate is an entity that has been granted accreditation at the sponsored level and who has a sponsorship arrangement with an unrestricted accredited person (known as the ‘sponsor’). Related to Sponsor. | | Brand | Brand refers to the brand name of a data holder or accredited data recipient registered in the CDR Register. | | CDR representative | A CDR representative is a person who participates in CDR through a written contract with a CDR representative principal. The CDR representative may offer goods or services on behalf of its CDR representative principal or it may offer its own goods or services. Related to CDR representative principal. | | CDR representative principal | A CDR representative principal is a person with unrestricted accreditation. Related to CDR representative. | | Data cluster | The term used to refer to a grouping of data. ‘Data cluster language’ refers to the name of each group. For examples, see the Data Language Standards. | | Data holder (DH) | An organisation designated to make certain product and consumer data available for sharing. | | Data recipient | An organisation that requests data (on behalf of a consumer) to provide a specific product or service. The use of the term ‘data recipients’ to refer to accredited data recipients and CDR representatives is consistent with the data standards nomenclature. Related to Accredited Data Recipient and CDR representative. | | Duration | This refers to the specified period of the consent or authorisation. Related to End date and Start date. | | End date | This refers to the date of expiry or withdrawal of the consent or authorisation. Related to Duration. | | Legal Entity | A legal person (an individual, company, other incorporated body or government entity). | | Non-Accredited Person (non-AP) | An umbrella term to refer to a recipient under a disclosure consent who is not accredited under the CDR. This includes recipients under trusted adviser disclosure consents, insights disclosure consents and business consumer disclosure consents. | | Outsourced Service Provider (OSP) | An outsourced service provider (provider) is a person who enters into a CDR outsourcing arrangement with an OSP principal. The provider is engaged by the OSP principal to provide goods or services to the OSP principal in accordance with the CDR outsourcing arrangement. The provider may be an accredited person, CDR representative, or unaccredited third party. Related to OSP principals. | | OSP principal | An OSP principal is a person who has engaged a provider under a CDR outsourcing arrangement. An OSP principal may be either an accredited person, CDR representative or unaccredited third party who is an existing provider in another CDR outsourcing arrangement. Related to Outsourced Service Provider. | | Permission | The specific kinds of data in an authorisation scope, grouped by data cluster. For examples, see the Data Language Standards. | | Purpose | The reason(s) for the data request. The purpose specifies why the accredited data recipient needs the requested data to provide a product or service. | | Reason | This relates to why the specified data or duration is reasonably needed for the consent. The specified data and duration must also comply with the data minimisation principle. | | Service | This relates to the provided goods or services requested by the CDR consumer. | | Software Product | A software product is registered by an ADR and is the means through which the ADR identifies itself to data holders to facilitate the collection of consumer data from a data holder and the management of consents. | | Sponsor | A sponsor is an unrestricted accredited person who discloses CDR data they hold as an accredited data recipient to their affiliate. Related to Affiliate. | | Start date | This refers to the date that the consent or authorisation was granted by the consumer. Related to Duration. | | Use | This refers to the use consent given by a consumer to an ADR to use CDR data in particular way. For more information, see CDR rule 1.10A. | | Trusted Adviser (TA) | A trusted adviser is a non-accredited individual who is authorised by the consumer to receive their data through a disclosure consent granted to an ADR. For more information, see CDR rule 1.10C. |
<aside> <img src="/icons/link_gray.svg" alt="/icons/link_gray.svg" width="40px" /> Additional terms can be found in the CDR Glossary and the CDR Support Portal Glossary.
</aside>
This page was updated April 9, 2025
Quick links to CX Guidelines: