| Guideline No. | CL001 |
| Purpose | To clarify if a citizen can initiate the process of revoking a consent via an FIU or an FIP channel, instead of the AA interface |
| Description | A citizen should be able to initiate his/her intent to revoke a consent on an FIU or an FIP channel. Such a channel may be designed as per the FIU’s or FIP’s preference.
The intent, once registered, should result in the customer
It is strongly recommended that FIUs and FIPs implement point a, to enable ease for citizens. |
| Stage | Finalised |
| Guideline No. | CL002 |
| Purpose | To clarify if a citizen can fulfil the process of revoking a consent via an FIU or an FIP channel, instead of the AA interface |
| Description | A citizen should be able to fulfil his/her intent to revoke a consent via an FIU or an FIP interface. The FIU or FIP ought to use APIs to notify the citizen’s AA of the same.
If the request comes via an FIU, the AA is expected to immediately consider the consent revoked. No additional confirmation is required from the citizen directly. If the request comes via an FIP, the AA is expected to notify the citizen and design a mechanism for the citizen to explicitly confirm. The distinction is being made on the following logic: When the party seeking data seeks to restrict further access to data, the same must be honoured immediately, in the interest of data privacy. When the custodian of the citizen’s account conveys a restriction (via a revocation), the citizen’s explicit confirmation is required to ensure he/she is not inconvenienced owing to an inadvertent action on the part of the FIP. |
| Stage | Under deliberation |
| Guideline No. | CL003 |
| Purpose | To clarify if pause/resume of consents is a necessary feature for an AA to provide to a citizen |
| Description | While the RBI Master Directions mention these as abilities that an AA ought to enable for citizens, it is understood that these are left to the AA to determine. |
| Stage | Under Deliberation |
