# De-identification Consent
source: https://developer.mastercard.com/open-finance-au/documentation/consent/deidentification/index.md

A de-identification consent under the CDR allows an Accredited Data Recipient (ADR) to de-identify CDR data. The CDR regulations impose specific requirements in relation to de-identification consents and Mastercard offers a de-identification consent capability as part of the Connect flow which meets these requirements.

## Consent requirements {#consent-requirements}

* De-identification consents must be express.
* In most cases, they must be presented as opt-in (users must not be forced to provide consent to connect their bank accounts). However, if de-identification is reasonably necessary for a specific use case, users may be required to provide consent to proceed.
* De-identification consent lasts for the duration of the connection to the financial institution.

## De-identification process {#de-identification-process}

The CDR imposes specific requirements in relation to the subsequent processes for de-identification of consumer data. Refer to the [OAIC Privacy Safeguard 12 Guidelines](https://www.oaic.gov.au/consumer-data-right/consumer-data-right-guidance-for-business/consumer-data-right-privacy-safeguard-guidelines/chapter-12-privacy-safeguard-12-security-of-cdr-data-and-destruction-or-de-identification-of-redundant-cdr-data) for more details.
Note: Mastercard does not currently provide a mechanism for de-identifying CDR data, and this will need to be implemented by the Partner. Any data which has not been de-identified at the end of a consent must be deleted except where the CDR otherwise permits retention, for example, where a law or court order requires it to be retained.

De-identification consent is configured through the [Connect Experience](https://developer.mastercard.com/open-finance-au/documentation/connect/configure-connect-experience/index.md) by Mastercard. For more information, contact your sales representative.

## Notifications {#notifications}

The Mastercard platform sends [Consent Notifications](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications/index.md) to partners when a financial institution connection includes a de-identification consent. Notifications are sent via webhook events. The `INSTITUTIONS_ADDED` notification includes details of any obtained de-identification consent.

API Reference: `GET /notifications/webhooks/consents`

## API Endpoints {#api-endpoints}

Information about de-identification consent is also available via our [Consent APIs](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-apis/index.md).

API Reference: `GET /data-sharing-consents/{consent_receipt_id}`


API Reference: `DELETE /data-sharing-consents/{consent_receipt_id}/institutionLogins/{institution_login_id}`