/
Consent Management Interfaces

This space is deprecated and no longer supported. Please use the latest available version here.

Consent Management Interfaces

Owned by Chris Michael
Last updated: 18 Oct 2024 by Alexandros Dimitrakoudis
4 min read

1. Overview

One of the primary objectives of the Standard is to provide simplification and consistency across all implementations. As such, we have defined a core set of principles for Consent Management Interface (CMI) dashboards that can and should be used, subject to the brand considerations of the User-facing TPPs and LFIs.

Dashboards are a common tool used in many industries to enable Users to manage their connections with service providers. From Facebook and Google to health providers and utility companies, various industries are leveraging dashboard functionality to provide Users with more control of their data and experience. 

As the data & payment economies continues to expand, dashboards are set to become prominent features within digital landscapes, offering Users a range of capabilities from managing personal data and cookies to canceling subscriptions for services they no longer need.  

Consent Management Interface (CMI) dashboards are introduced to the UAE Open Finance Standard to ensure Users can view and manage (i.e. cancel/revoke/update if desired) TPP and LFI Consent arrangements.

2. The Role of Consent Management Interfaces (CMIs)

  • User-facing TPPs' Consent Management Interface (CMI): User-facing TPPs' facility to enable Users to view and revoke Consents given for Data Sharing or Service Initiation from their LFIs’ account(s).

  • LFI Consent Management Interface (CMI): LFI facility to enable Users to view TPPs that have been provided with Consent to access their account(s) for the provision of Data Sharing or Service Initiation and revoke a Consent, if desired. 

Consent Management Interfaces (CMIs) are of utmost importance in reassuring Users that they have complete control of their Open Finance-enabled services. Well-designed and readily accessible Consent Management Interfaces (CMIs) are essential for building confidence around Open Finance. 

An effective Consent Management Interface (CMI) provides Users with an overview of their Consent arrangements, clearly showing them what has been agreed to and providing them with the means to cancel or revoke such an agreement. 

3. Principles Behind Effective Consent Management Interfaces (CMIs)

While the exact look and feel of Consent Management Interfaces (CMIs) is left to the discretion of TPPs and LFIs, there are design considerations that we strongly encourage all member organizations to consider:  

3.1 Principle 1: Easy to Find and Locate  

  • To ensure Users can easily find the Open Finance Consents, avoid sub-menus and place it prominently in the main menu

  • Designed and tested with the direct involvement of real Users 

  • Available on all relevant channels 

  • Named appropriately

3.2 Principle 2: Intuitive to Use and Understand  

  • Include clear and simple status messages and dates 

  • Ability to easily revoke live Consents 

  • Provide relevant additional detail as an optional view beneath the summary 

3.3 Principle 3: Transparent as Possible 

  • Include a history for finished, rejected or canceled consents, with a commitment to retaining these in the history section for a minimum period of one year.

  • Include all relevant parties on the Consent Management Interfaces (CMIs) extending to Beneficiaries and other User-facing entities where relevant

The rest of this section provides details on various aspects relating to Consent Management Interfaces (CMIs): 

4. Naming of Consent Management Interfaces (CMIs) 

The following names for Consent Management Interfaces (CMIs) are currently proposed:

Open Finance Connections

Where the entity is acting solely as a TPP, or a LFI, but not as both, the preferred term to describe the Consent Management Interface (CMI) is ‘Open Finance Connections’. This is a term that avoids jargon and should improve familiarity with the concept of Open Finance and associated services. The term “Connections” is considered a useful catch-all term that is not off-putting to real Users and provides an accurate description of the link between TPPs and LFIs that can be managed through Consent Dashboards.

Open Finance Connections

Where the entity is acting solely as a TPP, or a LFI, but not as both, the preferred term to describe the Consent Management Interface (CMI) is ‘Open Finance Connections’. This is a term that avoids jargon and should improve familiarity with the concept of Open Finance and associated services. The term “Connections” is considered a useful catch-all term that is not off-putting to real Users and provides an accurate description of the link between TPPs and LFIs that can be managed through Consent Dashboards.

Open Finance Connected Accounts

Where the entity wants to clearly distinguish that it is presenting a User-facing TPP Consent Management Interface (CMI) (for example because they also act as a LFI), the preferred term is ‘Open Finance Connected Accounts’. This is the term for User-facing TPPs to label their Consent Management Interfaces (CMIs) because they are providing a tool for Users to manage the payment accounts they have given the User-facing TPPs their consent for Data Sharing or Service Initiation.

Open Finance Connected Services

Where the entity wants to clearly distinguish that it is presenting a LFI Consent Management Interfaces (CMIs) (for example because they also act as a TPP), the preferred term is ‘Open Finance Connected Services’. This is the term for LFIs to label their Consent Management Interfaces (CMIs) because they are providing a tool for Users to manage the TPP services they have given their Consent for Data Sharing or Service Initiation.

Below we illustrate how we recommend an organization SHOULD name the respective Consent Management Interfaces (CMIs), when they operate as both a TPP and a LFI. Having navigated to “Open Finance Connections” in the top menu, the User would click “Open Finance Connected Accounts” to see their TPP Consent Management Interface (CMI), and “Open Finance Connected Services” to see their LFI Consent Management Interfaces (CMI):

image-20240308-121810.png

We recognize that many providers in the market will fulfill multiple functions and this will have implications for their Consent Management Interfaces (CMIs). For example, there may be several providers who plan to operate as both LFIs and TPPs who will need to provide both Consent Management Interfaces (CMIs).

This figure shows guidelines for entities that are both a LFI and TPP. For the TPP Consent Management Interfaces and the LFI Consent Management Interfaces pages of this section, we have illustrated single-use Consent Management Interfaces (CMIs) only (i.e. Data Sharing on its own or Service Initiation on its own).

Providers who are acting in multiple capacities MUST ensure that their Consent Management Interfaces (CMIs) remain clear and transparent for Users, both at an individual level and when combined with other dashboards. Providers MUST consider how Users will navigate between different dashboards and ensure that this is not confusing.

 

 

 

 

© CBUAE 2024
Open License and Contribution Agreement | Attribution Notice