Under the Consumer Data Right (CDR) consumers are in control of their data. Accredited data recipients must obtain explicit customer consent to collect and use data from a data holder in order to provide the customer with a specific product or service. Customers should be notified about the data that they will be sharing with the accredited data recipient, for what purpose and for how long. Before any data is shared with the accredited data recipient, the data holder will verify the identity of the customer granting consent via a one-time password. Once consent is granted it can be revoked by the customer at any point.
For more on consent management click here.