References | Notion

Updated December 7, 2022

On this page

CX Research

<aside> <img src="/icons/info-alternate_gray.svg" alt="/icons/info-alternate_gray.svg" width="40px" /> The research findings in this section are references used to support the development of the standards and guidelines. The references in this table should not be interpreted as requirements. All of the Data Standard Body's reports relating to consumer research and community engagement can be found on CX reports and the main website.

</aside>

Ref	Theme	Findings	Source	Version
1	Communicate motives for data requests	Participants needed clarity around the value proposition of sharing their data as well as data recipient motivations for wanting access to that data. Participants were suspicious of data recipient motives, and wanted assurance that their purpose for gaining access to that data was not just to advertise their services or sell their data to advertisers.	Phase 2, Stream 1 Research report, page 63	1.4.0 or earlier
2	Clearly explain the purposes of data requests	Data recipients should clearly explain why data is being requested. They should be relevant to the features/product that consumers are using.

Most participants commented that having this detailed information throughout the consent flow was helpful. Details of how their data was going to be used, and why this was needed in the data cluster components was particularly helpful and reassuring. | Phase 2, Stream 3 Research report, page 38

Phase 2, Stream 1 Research report, page 36 | 1.4.0 or earlier | | 3 | Data minimisation principle; consumer control | Follow the data minimisation principle to only ask for what is required. Research has shown that participants did not want to share personal data (e.g contact details or mailing address) that was perceived to have no relevance to receiving the product/service they are sharing their data for. | Phase 2, Stream 3 Research report, page 38 | 1.4.0 or earlier | | 4 | Consent duration | Having the ability to choose the duration of consent is ideal. However participants were comfortable with the 12 months period, knowing that they can withdraw consent at anytime. | Phase 2, Stream 3 Research report, page 39 | 1.4.0 or earlier | | 5 | Data sharing duration | Participants preferred to share enough data to enable them to find useful insights, but not their full transaction history. This generally aligned with the duration of billing cycles, or duration of seasonal changes in behaviour. | Phase 2, Stream 1 Research report, page 64 | 1.4.0 or earlier | | 6 | Provide a clear purpose of accessing the data history | Participants needed to understand the purpose of sharing their data history. Adding this purpose can help clarify the difference between the request for historical data vs consent durations, as this was a point of confusion to participants in Phase 2 research. | Phase 2, Stream 3 Research report, page 40 | 1.4.0 or earlier | | 7 | Consent withdrawal | Add withdrawal information and clearly explain the consequences of what happens to their data when they stop sharing. Many participants in research were not able to confidently articulate the consequences of withdrawal when this information was not present. | Phase 2, Stream 3 Research report, page 41 | 1.4.0 or earlier | | 8 | Accordion menus | Accordion menus reduce cognitive overload while also allowing more information to be revealed if desired. | Phase 1, Research report, page 55 | 1.4.0 or earlier | | 9 | Account selection | Account(s) selection is appreciated. Many participants showed strong appreciation for this step as there were certain accounts that they did not want to share data from. | Phase 1, Research report, page 69 | 1.4.0 or earlier | | 10 | One Time Password language | Clearly explain the use of verification code as a One Time Password. Some participants during research expected to enter their banking password following the Customer ID. Emphasising the difference can aid in a smoother authentication process. | Phase 2, Stream 3 Research report, page 53 | 1.4.0 or earlier | | 11 | One Time Password security measure | Apply a time limit to the code for additional security measure. | Phase 2, Stream 3 Research report, page 53 | 1.4.0 or earlier | | 12 | One Time Password delivery | The code should also be delivered by other methods such as email as alternative to SMS via mobile number. | Phase 2, Stream 3 Research report, page 53 | 1.4.0 or earlier | | 13 | A CDR logo should be strengthened by linking it to accreditation information | A CDR logo and accreditation should be easily verifiable by linking it to the data recipient’s specific accreditation data on a government website. | Phase 2, Stream 1 Research report, page 4 | 1.4.0 or earlier | | 14 | Data recipients should provide information about measures taken in case of security breaches | Data recipients should clearly state, in an accessible and highly visible section of the app, the security measures that are being taken in order to secure any data being shared with them. They should also outline what will occur in the event of a data breach, including any notification protocols for consumers and steps taken to re-secure their data. These consequences should take into account the sensitivity of the data being stored, and the scope and consequences of the breach. | Phase 2, Stream 1 Research report, page 4 | 1.4.0 or earlier | | 15 | CDR Help | CDR helpline or contact information should be available in multiple languages. | Phase 2, Stream 1 Research report, page 4 | 1.4.0 or earlier | | 16 | Accessibility of CDR information | CDR information site should have full translation functionality and be fully screen-reader accessible. | Phase 2, Stream 1 Research report, page 4 | 1.4.0 or earlier | | 17 | The use of a One Time Password was perceived as secure | Authentication with One Time Password was seen as a smooth and more seamless process. The use of a verification code in this authentication method provided a sense of security for participants as they were used to receiving verification codes from their bank as an extra layer of security measure (i.e. 2-Factor authentication).

“Log in to the bank inside the app and with verification code as well. Feels more secure” - Phase 2, Round 2, Participant 12 | Phase 2, Stream 3 Research report, page 52 | 1.4.0 or earlier | | 18 | Expectations of data once consent is expired/withdrawn | Phase 1: Most participants expected data to be deleted upon revocation, including 54% of surveyed participants.

Phase 2: All participants expected that their data will be completely deleted/destroyed once data sharing had stopped. However, when stated that their data would be de-identified, participants feel uncomfortable which led to distrust, as it was perceived that their data would still be accessible. | Phase 1 CX report, page 48

Phase 2, Stream 3 Research report, page 66 | 1.4.0 or earlier | | 19 | Presentation of data request information | Having all information available on one page but segmented for readability made participants feel the process of data sharing was more transparent and easier to understand. | Phase 2, Stream 1 Research report, page 49 | 1.4.0 or earlier | | 20 | Provide a record of consent | The participants found it helpful to have a record of the consent process they had just completed and several participants noted that the confirmation email sent to them reinforced the trustworthiness of the overall process.

“That’s good to know because I'm guessing... If I had a problem I could ring them and quote that number and then yeah. Okay. So that's reassuring.” - MH

“Cool, there's another consent receipt. I think these are really great, I love these.” - SK | Phase 2, Stream 1 Research report, page 35 | 1.4.0 or earlier | | 21 | Concerns about banking login information | Participants were not comfortable with putting sensitive information into the app such as passwords and customer IDs, particularly during redirection. Some stating that it could potentially lead to phishing scams. | Phase 2, Stream 3 Research report, page 23 | 1.4.0 or earlier | | 22 | Clearly explain the redirection steps to the data holder space | Some participants correlated ‘redirected’ to being redirected to a 3rd party as the intermediary service to securely connect the app to the bank. While this wasn’t causing any issues or concerns of drop out, it might be something to watch out for. | Phase 2, Stream 3 Research report, page 54 | 1.4.0 or earlier | | 23 | The CDR logo helps facilitate consumer trust | The majority of participants found the CDR logo to be helpful in identifying the data recipient as trustworthy. For some participants, the CDR logo drew their attention to the data holder’s Consumer Data Right Accreditation details; for others, the simple check mark symbol in itself created a positive association with trust and security. | Phase 2, Stream 1 Research report, page 33

Phase 2, Stream 3 Research report, page 37 | 1.4.0 or earlier | | 24 | Key and persistent concerns and anxieties about data sharing | Participants often imagined that the worst would happen to their data. To anticipate and assuage these concerns, data recipients should clearly state what data will not be used for. The following are key and persistent concerns and anxieties about data use.

These include:

Selling data for marketing purposes
Unauthorised access by other parties, including government - CDR data being used to discriminate
Data use is unclear
Lack of trust in CDR participants to honour terms | Phase 1 and Phase 2 research | 1.4.0 or earlier | | 25 | Clearly articulate the sharing data value proposition | Data recipients should clearly explain the value added by sharing data to increase the chances of consumer adoption. Introducing the concept of data sharing without a clear value proposition will not be conducive to adoption.

“Without not knowing much more about it I’ll probably not proceed... I’ll just close it” -Phase 1, 5.3 Participant 20 | Phase 1 Research report, page 52 | 1.4.0 or earlier | | 26 | Consent should be a genuine choice and not a precondition of service | This consent flow model should not make consumers feel that access to their data and the security risks therein is the ‘cost’ of receiving services or benefits. Participants felt in general that they have little control over how their personal information is shared currently. This continual disempowerment has led to a state of apathy and indifference about how their personal data is used.

“I probably would like to have a little bit more to feel like you're not being spied on all the time, it would be nice. But, I guess, that's, once again, just gonna happen. You can't stop it.” - Phase 2, Stream 2

Vulnerable users have more concerns about data misuse and were particularly concerned that their data would continue to exist in the system after withdrawing consent. Thus data recipients should be required to explain how consumer data will be handled during sharing and opt-out. | Phase 2, Stream 2 Research report, page 16

Phase 2, Stream 1 Research report, page 4 | 1.4.0 or earlier | | 27 | Data recipients should use authenticators that are familiar to consumers | Participants from research noted that receiving verification codes from their bank as an extra layer of security measure is familiar to them. The verification code provides a sense of security and prevents consumers from having to change known behaviour. | Phase 2, Stream 3 Research report, pages 52, 53 | 1.4.0 or earlier | | 28 | Product value proposition | Propensity to willingly share (consent) data is largely the result of expected value. Without a clear, compelling and timely value proposition, there is no reason to consent. | Phase 2, Stream 2 Research report, page 9 | 1.4.0 or earlier | | 29 | Withdrawal language | Participants were not always clear what ‘revoke’ meant. Plain language phrase such as 'stop sharing' is recommended to replace this. | Phase 2, Stream 3 Research report, page 30 | 1.4.0 or earlier | | 30 | Critical information should be up-front and on-screen | Critical information such as consequences of not consenting and ability to withdraw consent should be highlighted on-screen and should not require additional clicks to access. Where including additional information is not feasible, it should be clearly hyperlinked and easy to find. | Phase 2, Stream 1 Research report, page 70 | 1.4.0 or earlier | | 31 | Importance of value proposition | Participants’ willingness to actively share information was tied directly to the value they expected to receive in return. | Phase 2, Stream 2 Research report, page 36 | 1.4.0 or earlier | | 32 | Comprehension of the consequences of consent withdrawal | It is imperative that consumers understand the consequence of sharing prior to withdrawal of consent. Research has shown that consumers tend to take a rushed approach to stop sharing which resulted in participants backtracking to better understand consequence. This is known as 'inattentional blindness.' | Phase 2, Stream 2 Research report, page 19 | 1.4.0 or earlier | | 33 | Retaining data for legal reasons | When retaining redundant data for legal purposes, participants had questions around what constituted as ‘legal/audit’ purposes’, with participants keen to understand what may trigger such a situation. | CX Research Phase 3, Round 3 report, page 43 | 1.11.0 | | 34 | Amending consent: benefits | As has been noted with past rounds of research, the perceived benefit of a use case plays an important role in a participant’s willingness to provide consent. When deciding whether or not to provide their consent to extend or amend an existing consent, participants expressed the critical importance of understanding what benefits the service has provided first. | CX Research Phase 3, Round 4-5 report, 33 | 1.11.0 | | 35 | Amending consent: consent expiry | Participants had a broad understanding of the renewal process based on the presented prototypes. This included the exptectation that not acting on a renewal notification would result in the expiry of their data sharing arrangement. | CX Research Phase 3, Round 4-5 report, page 31 | 1.11.0 | | 36 | Amending consent: reminders | Participants expressed both a high expectation and appetite for receiving reminders to warn them that their consent was about to expire. | CX Research Phase 3, Round 4-5 report, page 35 | 1.11.0 | | 37 | Amending consent: ability to withdraw consent | Some participants expected a clearer ‘withdraw consent’ option when reviewing the existing arrangement. | CX Research Phase 3, Round 4-5 report, page 31 | 1.11.0 | | 38 | Amending consent: consequences of expiry | Consequences of expiry was seen as equally as important as benefits for continued sharing. To make an informed decision, it was important for participants to understand what would happen if they did not provide consent, including how it would impact their existing service. | CX Research Phase 3, Round 4-5 report, page 34 | 1.11.0 |

Other sources

Nielsen Norman Group. (2019). 10 Heuristics for User Interface Design: Article by Jakob Nielsen. [online] Available at: https://www.nngroup.com/articles/ten-usability-heuristics/ [Accessed 1 Nov 2019]
Australian Government Style Manual. (2021). Literacy and access [online] Available at: https://www.stylemanual.gov.au/user-needs/understanding-needs/literacy-and-access [Accessed 16 Jun 2021]

Quick links to CX Guidelines:

Accessibility statement

→ [email protected] → cx.cds.gov.au | cds.gov.au

<aside> <img src="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/9df93e2b-3fe2-4e0c-bbdf-1f4ba9d6310b/cds-avatar-1_280x280.png" alt="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/9df93e2b-3fe2-4e0c-bbdf-1f4ba9d6310b/cds-avatar-1_280x280.png" width="40px" /> The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023.

The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.

</aside>