| Guideline No. | CDR001 |
| Purpose | To clarify if a customer can be a recipient of his/her own data via an AA |
| Description | As per the RBI Master Directions, an AA’s charter is to enable (amongst other things) presentation of a customer’s data to herself.
Given that an AA is data-blind, this implies that an AA service can deliver encrypted data to the device owned by a customer. Further, to enable presentation of data received by the device, an AA client (front-end application) that is resident on the device of the customer (such as a mobile app) may offer the feature of decrypting and presenting data. Under no circumstances is the decrypted data allowed to be stored on the servers of the AA, since that is in contravention to the principle of the AA being data-blind. |
| Stage | Finalised |
