Commonwealth Consolidated Acts Commonwealth Consolidated ActsRelationship with the consumer data rules
(1) If there is an inconsistency between the privacy safeguards and the consumer data rules, those safeguards prevail over those rules to the extent of the inconsistency.
(2) However, the consumer data rules are taken to be consistent with the privacy safeguards to the extent that they are capable of operating concurrently.
Note: This means that the privacy safeguards do not cover the field that they deal with.
Relationship with the Privacy Act 1988
(3) This Division does not limit Part IIIA (about credit reporting) of the Privacy Act 1988 . However, the regulations may declare that in specified circumstances that Part applies in relation to CDR data as if specified provisions of that Part were omitted, modified or varied as specified in the declaration.
(4) Despite the Privacy Act 1988 :
(a) the Australian Privacy Principles do not apply to an accredited data recipient of CDR data in relation to the CDR data; and
(aa) if section 56ED or 56EE applies to an accredited person in relation to CDR data--the corresponding Australian Privacy Principle does not apply to the accredited person in relation to the CDR data; and
(ab) if section 56EF or 56EG applies to a person:
(i) who is an accredited person; or
(ii) as a CDR action participant;
in relation to CDR data--the corresponding Australian Privacy Principle does not apply to the person in relation to the CDR data; and
(b) if section 56EN applies to a disclosure of CDR data by a person:
(i) who is a data holder of the CDR data; or
(ii) as an action service provider for a type of CDR action;
then Australian Privacy Principle 10 does not apply to the person in relation to that disclosure of the CDR data; and
(c) if subsection 56EP(1) applies to CDR data and a person:
(i) who is a data holder of the CDR data; or
(ii) as an action service provider for a type of CDR action;
then Australian Privacy Principle 13 does not apply to the person in relation to the CDR data; and
(d) Australian Privacy Principles 6, 7 and 11 do not apply to a designated gateway for CDR data in relation to the CDR data; and
(e) if a small business operator (within the meaning of the Privacy Act 1988 ) is an action service provider for a type of CDR action, the Privacy Act 1988 applies:
(i) subject to paragraphs (ab) to (c) of this subsection; and
(ii) in relation to personal information disclosed to the provider under the consumer data rules;
as if the provider were an organisation (within the meaning of the Privacy Act 1988 ).
Note 1: For the accredited data recipient, the privacy safeguards will apply instead.
Note 2: Section 56EN (or privacy safeguard 11) is about the quality of CDR data. Section 56EP (or privacy safeguard 13) is about correcting CDR data.
(5) Apart from paragraphs (4)(aa) to (d), this Division does not affect how the Australian Privacy Principles apply to:
(aa) an accredited person who does not become an accredited data recipient of the CDR data; or
(a) a data holder of CDR data in relation to the CDR data; or
(b) a designated gateway for CDR data in relation to the CDR data; or
(c) a person as an action service provider, for a type of CDR action, in relation to CDR data.
Note 1: Privacy safeguard 1 will apply to a data holder, designated gateway or action service provider in parallel to Australian Privacy Principle 1.
Note 2: The consumer data rules (which are made under Division 2) will affect how the Australian Privacy Principles apply. Requirements and authorisations under those rules will be requirements or authorisations under an Australian law for the purposes of the Australian Privacy Principles.