Updated May 4, 2022

The Consent Flow is divided into three discrete stages: Consent; Authenticate; and Authorise.

On this page

About the Consent Flow

The Consent Flow refers to Consent, Authenticate and Authorise.

While the CX Guidelines are focused on The Consent Model (Consent, Authenticate and Authorise, and Consent Management), the CX research highlighted the importance of the pre-consent and post-consent stages.

Pre-Consent

Data recipient space

Consumer engages with an ADR's value proposition and learns about CDR. Pre-consent is the stage prior to the actual request for consent, which is critical for building consumer trust, confidence, and for articulating the benefits of data sharing.

Consent

Data recipient space

Consumer decides whether or not to consent to the collection and use of their data after reviewing the terms of the consent, such as:

• who is requesting their data;
• what data is being requested;
• when the data will be shared;
• where data is shared to and from;
• why their data is being requested; and
• how they can manage and control the sharing and use of their data

See 'Consent' CX Guidelines and example wireframes

Authenticate

Data holder space

Consumer verifies who they are to their data holder

See 'Authenticate' CX Guidelines and example wireframes

Authorise

Data holder space

Consumer:

• selects the accounts they would like to share data from;
• reviews a summary of the data that will be shared; and
• authorises the sharing of that data from the data holder to the data recipient

See 'Authorise' CX Guidelines and example wireframes

Post-Consent

Data recipient space Data holder space

Consumer is presented with the outcomes of data sharing. Post-consent is the stage immediately following a authorisation, where the ADR provides the outcome of data sharing and is able to close feedback loops.

See 'Consent Management' CX Guidelines and example wireframes

Example prototype