(1) A person who is:
(a) an accredited data recipient of CDR data; or
(b) an accredited person who may become an accredited data recipient of CDR data;
must give each CDR consumer for that CDR data the option of using a pseudonym, or not identifying themselves, when dealing with the person in relation to that CDR data.
Note: The CDR participant from whom the person acquired (or may acquire) the CDR data may be subject to a similar obligation under Australian Privacy Principle 2.
(2) That option may be given to a CDR consumer for the CDR data through a designated gateway for the CDR data.
(3) Subsection (1) does not apply in the circumstances specified in the consumer data rules.