In response to the evolving landscape of user-consented data sharing within the Account Aggregator (AA) ecosystem, the need for a more scalable, transparent, and community-driven approach towards data collection and usage has become increasingly apparent. In view of the DPDP Act, 2023, and the increasing usage of AA across sectors, AA market participants collectively sought harmonization of industry standards and practices for participation in the AA framework for the various use cases it enables. Based on such feedback, Sahamati introduced the AA Consent Template Library as a community asset to harmonize consent attributes, setting upper-bound reference parameters for various use cases across sectors.
Establishing the Consent Template Library represents a transformative step towards promoting fair usage of AA by fostering greater trust, transparency, and efficiency within the AA ecosystem. At its core, the Consent Template Library serves as a comprehensive repository of standardized consent templates, meticulously crafted by the Use Case Councils to align with the diverse needs and use cases of Financial Information Users (FIUs) while ensuring they meet the business requirements, and enhance customer privacy and are aligned with the principles of the DPDP Act, acting as guardrails against misuse of AA framework.
What is a Consent Template?
A Consent Template refers to the outer bounds for mandatory attributes (as defined by the ReBIT specs) of consent artefact that can be employed for a specific use case. While few attributes, such as purpose code, consent type, fetch type, etc. are described in absolute terms, attributes that carry a value and unit are described as upper bounds.
Who created the Consent Template Library?
The formation of the Consent Templates Library involved a collaborative effort by active Financial Information Users (FIUs) within the Account Aggregator (AA) Ecosystem, through the individual User Councils, which was further reviewed and approved by the Fair Use Committee and Governing Council of Sahamati. These templates, designed as “Best Practice Consents Templates,” were meticulously crafted through collaborative efforts and rigorous deliberations led by leading industry practitioners. Key considerations during the design process included safeguarding end-customer interests, ensuring alignment with the principles of the Digital Personal Data Protection (DPDP) Act, adhering to RBI master guidelines for AA, and addressing the specific requirements of various use cases.
Usage of Consent Template Library
The templates were developed to serve as benchmarks for data-collection practices within the AA ecosystem, providing a standardized framework that promotes transparency, fairness, and alignment with regulatory and statutory principles. Expectations are set for Financial Information Users (FIUs) and Account Aggregators (AAs) to revise their consent templates within the parameters of those in the Consent Template Library, ensuring consistency and adherence to established parameters.
For instance, FIUs offering Spend and Investment Analytics use case will, as per the consent template library, be expected to declare the frequency of their data pulls at 45 or less than 45 data pulls, with a consent validity of one year or less.
Consent Template Library
The table below summarises the templates discussed or finalized by the Use Case Councils.
Please note that the parameters of the individual consent templates in the Consent Template Library represent upper bounds for the respective use cases, as decided in the relevant User Councils. The parameters in the consent templates should be treated by participant(s) as outer limit(s) and not be construed as legal advice in any manner. Participants are encouraged to review their use case(s) and ensure compliance with applicable laws, including the RBI Master Directions on NBFC-AA and the DPDP Act.
Sahamati will publish additional consent templates as the AA ecosystem evolves based on discussions in the relevant Use Case Councils and the Fair Use Committee. Existing consent templates may also be revised based on statutory and regulatory guidance, including the DPDP Act and the Rules issued thereunder.
