Workshop on Design Guidelines for Informed Consent in Account Aggregators (AAs)

09 Oct 2023

In a rapidly evolving digital landscape, where data sharing has become an integral part of our lives, informed consent has emerged as a critical cornerstone of user protection and data privacy. The focal point of the recent workshop on “Design Guidelines for Informed Consent in AA” was the pressing issues surrounding data consent processes in the account aggregator domain. Let’s delve into the key takeaways and insights from this workshop that can revolutionize how we approach informed consent.

Understanding the Account Aggregator Framework

Before diving into the design guidelines, it’s essential to grasp the significance of account aggregators. The workshop began by emphasizing the meteoric rise of the account aggregator framework, with a staggering 20 million successful transactions and 1.13 billion enabled accounts. The need for efficient data sharing in various use cases has driven this growth.

The introduction of the Digital Personal Data Protection Act (DPDP Act) has further underscored the importance of robust consent mechanisms within the account aggregator domain. With multiple steps in the account aggregator journey, there are inherent challenges, including the potential for user drop-offs. Therefore, designing effective consent processes is paramount.

Identifying the Challenges

One of the primary challenges addressed in the workshop was the potential drop-off points in the data fetching and fulfillment consent process. These drop-offs can occur due to user experience issues, where individuals need help comprehending requested data or the functioning of the account aggregator framework. Additionally, problems might arise from Financial Information Providers’ (FIP) performance issues, such as system downtime or undiscoverable accounts.

The workshop suggested creating intelligent user journeys and utilizing smart APIs and tools to mitigate these challenges. A design review board, comprising 50 organizations from the community, conducted interviews with customer profiles and developed prototypes for testing. This collaborative approach helped identify user pain points and provided valuable insights.

Empowering Users and Building Trust

The workshop’s significant focus was the difficulties users encounter when engaging with multiple players during the consent process, including the Financial Information User (FIU), FIP, and the account aggregator. The complexity of learning, decision-making, and action-taking simultaneously was recognized as a stumbling block. The ambiguity surrounding consent revocation and the fine print of terms and conditions added to user confusion.

The proposed solution involves designing an account aggregator data consent flow that empowers citizens, providing them with the agency while ensuring the process remains intuitive and seamless. The guiding principles include:

    • Transparency without Cognitive Overload: Information should be presented transparently but not overwhelm users with unnecessary detail.
    • Empowerment and Meaningful Control: Users should be confident to make informed decisions about their data.
    • Trust and Digital Confidence: Establishing trust markers and credibility indicators, like bank logos and RBI authorization.
    • Progressive Education: Guiding users throughout the journey to make the process more familiar and less daunting.

Introducing Account Aggregators

The workshop stressed the importance of introducing account aggregators to users with clarity and transparency. Users need to understand why they share their account information, what information is required, and how it will be used. Trust markers, like bank logos and regulatory authorizations, can enhance the credibility of the process. Additionally, users should be given the option to seek more information, and an eligibility check before the linkage moment can reduce frustration for ineligible users.

Navigating the Consent Journey

As users progressed through the account aggregator journey, various moments of anxiety were identified. The autodiscovery moment, where users’ mobile numbers are used to find their account information, can be particularly stressful. The guidelines recommend highlighting the mobile number as the identity to alleviate these fears.

Discovering and authorizing accounts can also induce anxiety and drop-offs. The proposed remedy involves guiding users through the process, offering information on the collected data, and highlighting authorization moments. One-time passwords (OTPs) can be simplified, and a countdown timer can be introduced for added assurance.

Transparency and Error Handling

Clear progress indicators and error screens were underscored as essential components of informed consent design. Manual options should be available when auto-discovery fails, preventing users from starting the process from scratch. The language should be simple and user-friendly, ensuring users understand the terms and actions they consent to.

Users should have the flexibility to cancel sharing at any time, and transaction confirmation screens and receipts can provide a sense of accomplishment and act as tracking mechanisms.

Revoking Consent and Decline Flow

Providing a clear decline flow toward the end of the process is crucial. Users should be informed that their selected accounts are stored in the account aggregator but not shared with the FIU. Revocation of consent should be straightforward, with visual cues and clear messaging. Users need to understand where and how to revoke consent, with the role of the account aggregator in this process clearly explained.

Customizing for User Behavior

User behavior can vary depending on the urgency of their needs and perceived risks. The ability to create scorecards using account aggregator data for underwriting purposes was discussed. It’s important to note that the technology-service provider (TSP) is considered an agent of the financial information user (FIU) in these scenarios.

Educating Users and Maintaining Trust

Presenting information in a digestible way is essential to keep users manageable. Optional information display and click-to-expand features can be implemented to provide additional context for interested users. While the design guidelines discussed in the workshop are not mandatory, they are solid recommendations for creating a user-centric consent process.

Standardizing terms like linking and consent approval is possible, and educating users about their account aggregator IDs is crucial to fostering trust. Addressing errors and allowing users to resume where they left off is vital to maintaining customer trust, especially with Public Sector Undertaking (PSU) Banks, where response rates can be low.

Toward a More Transparent Future

The workshop’s insights and design guidelines shed light on the complex world of informed consent in the account aggregator ecosystem. By focusing on transparency, empowerment, trust, and progressive education throughout the user journey, we can pave the way for a more user-friendly and privacy-conscious digital future. These guidelines aren’t just steps but milestones for a more transparent, secure, and user-centric data-sharing ecosystem. With these principles in mind, we can design consent processes that empower users and protect their privacy in our ever-connected world.