Solution guides

Consumer Data Right - Securely Innovate with Cloudentity

As Consumer Data Right (CDR) implementations are getting broader adoption, consumers get more choice over products based on the industry-specific Open Data APIs. This prompts the customers to be more trust-aware and choose providers with secure API sets that safeguard their consents,and data sets, and allow seamless experiences. Cloudentity provides a secure foundational platform to enable your Open data API platform to be CDR compliant. Cloudentity platform handles consumer consents and also provides you with a highly scalable and configurable financial grade authorization server to ensure the data is shared with only authorized parties based on consumer consent. Keeping up with the security profile requirements for data consent and authorization can be challenging and Cloudentity is here to help with that problem in the Consumer Data Right space.

Consumer Data Right

Australia’s Consumer Data Right (CDR) gives Australian consumers greater access to and control over their data. It improves consumers’ ability to compare and switch between products and services. It encourages competition between service providers leading to better prices for the customers and more innovative products and services. CDR is rolled out industry-sector-wise with the banking sector taking the lead, followed by the energy sector, telecommunications sector, and more.

To build an ecosystem out of data shared from these industries, we need a standardized ecosystem of data sharing agreements. Historically, there have been data sharing agreements with selected parties, hidden in fine prints and buried deep in terms and agreements. With CDR, it is brought forth explicitly and consumer consent is requested before such data access is provided. The momentum gaining worldwide with the “Open Banking” initiative is now being replicated across the world in other industries as well. Financial institutions and other sectors are looking to use open APIs to share customer data with accredited third parties securely. Most of these are officially legislated into APIs in Europe, the UK, Australia, etc. The legislation translated the need for the sectors to open secure application programming interfaces (APIs) for third parties to access customer data within their industry like bank account transactions, energy bills, energy payments, telecom bills, telecom payments ,etc., with the customer’s consent.

Consumer Data

Financial institutions within the industry sectors that own the consumer data are also referred to as Data Holders. The Consumer Data Right (CDR) aims to provide greater choice and control for Australians over how their data is used and disclosed. CDR requires all Australian Data Holders to:

  • Open up the consumer data they hold to accredited third parties
  • Attain consent of the consumer before sharing their data with accredited third parties
  • Apply Strong Customer Authentication (SCA)

These industries, for example, need to open secure application programming interfaces (APIs) for accredited third parties to access customer data with the customer’s consent.

Consumer Data Right workspace

Secure & Trusted Data Sharing in OpenAPI Economy

Using standardized APIs and then enabling access to those with consumer consent using established industry-standard secure protocols including OAuth 2.0 and OIDC, banks, and authorized third-parties can develop innovative products and solutions for consumers and businesses. It’s a new era for Security, Privacy, and Consent in all industries that hold customer-generated data sets.

Cloudentity as CDR enabler

Cloudentity provides the capabilities required by Data Holder organizations to meet the CDR Security profile requirements and securely authenticate end users, collect required consents, onboard accredited third parties to request data, manage the consumer consent, and verify the consumer authorization before data is shared with accredited Data Recipients. Cloudentity also facilitates Data Holders to allow its consumers to manage their data sharing consent agreements securely. In a nutshell, the Cloudentity platform facilitates and accelerates the Data Holder organization’s journey to expose their data APIs securely with consumer consent as required by Consumer Data Right.

The CDR Security profile builds upon the foundations of the Financial-grade API Read Write Profile FAPI-RW-Draft, Financial-grade API Advanced Profile FAPI-1.0-Advanced and other standards relating to Open ID Connect 1.0 OIDC. Keeping up with the evolving advanced specifications in OIDF space can be a challenge for any organization and Cloudentity takes on this challenge. It allows organizations to completely focus on the business data APIs for banking and energy that need to be exposed as per CDR specifications.

Adopting Cloudentity accelerates the entire effort to achieve CDR-compliance drastically and allows faster time to market. Cloudentity solution offers a highly performant, multi-tenant advanced FAPI compliant and certified authorization server built on open standards and compatible with advanced OAuth 2.0 & OIDC specifications. Cloudentity also provides a rich set of APIs that facilitates consent collection & management for the Data Holder to implement the CDR recommended safe and secure customer journey experiences using various digital channels.

With Cloudentity, your organization:

  • Can achieve CDR compliance faster
  • Has faster time to market for data sharing capabilities
  • Offloads the security profile requirements completely
  • Lowers the overall CDR implementation cost

CDR security profile

CDR security profile conformance and Financial Grade API (FAPI) compliance can be enabled in the Cloudentity platform with a single click security profile for meeting the CDR regulations. You get a FAPI grade authorization server configured to meet all CDR requirements for Financial Grade API (FAPI) compliance.

Consumer Data Right workspace

Choosing an industry allows you to tailor the Authorization scopes that gets added automatically to the security profile within Cloudentity. For example, energy sector data sharing permission definition (energy:electricity.usage:read) is different from that of the banking sector(bank:accounts.detail:read).

Consumer Data Right workspace

CDR security profile provides security requirements for participants in the CDR ecosystem to expose and access the APIs securely using open standards. Cloudentity automatically configures all the security profile requirements when a CDR workspace is created. Some of the highlights in the configuration include:

Cloudentity dynamic authorization platform seamlessly integrates with other components to allow consumers to have a safe and secure data sharing journey.

CDR quickstart

Cloudentity provides a quickstart with sample applications for developer and integrators to get an experience of how Cloudentity accelerates and enables CDR implementation journey. Checkout the CDR quickstart article and take it for a spin!

You can, for example, check out how consent flow works and use the project as a reference to build your consent application, consents self-service portal, or consent administrator portal.

CDR Integration guides

Feels like diving deep into all the CDR specifics and integrations? We have detailed guides to help you navigate the CDR journey with ease.

Jump start the CDR journey

Pick your style - SaaS vs non SaaS

Cloudentity has a SaaS region dedicated for Australia. If you want to host the solution yourself, we offer the same binary and tools that we use to run our SaaS infrastructure to your DevOps team. Your team can run our high scale solution on the infrastructure of your choice. Read about all the offered deployment models here

Consumer Data Right API Gateways

Register for free to get access to a Cloudentity tenant and experience the CDR journey with us!

Updated: Jul 11, 2022