Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

COMPETITION AND CONSUMER ACT 2010 - SECT 56EK

Privacy safeguard 8--overseas disclosure of CDR data by accredited data recipients

  (1)   If:

  (a)   an accredited data recipient of CDR data proposes to disclose the CDR data; and

  (b)   the recipient (the new recipient ) of the proposed disclosure:

  (i)   is not in Australia or an external Territory; and

  (ii)   is not a CDR consumer for the CDR data;

the accredited data recipient must not make the disclosure unless:

  (c)   the new recipient is an accredited person; or

  (d)   the accredited data recipient takes reasonable steps to ensure that any act or omission by (or on behalf of) the new recipient will not, after taking into account subsection   (3), contravene:

  (i)   subsection   56ED(3); or

  (ii)   another privacy safeguard penalty provision in relation to the CDR data; or

  (e)   the accredited data recipient reasonably believes:

  (i)   that the new recipient is subject to a law, or binding scheme, that provides substantially similar protection for the CDR data as the privacy safeguards provide in relation to accredited data recipients; and

  (ii)   that a CDR consumer for the CDR data will be able to enforce those protections provided by that law or binding scheme; or

  (f)   the conditions specified in the consumer data rules are met.

Note 1:   This subsection is a civil penalty provision (see section   56EU).

Note 2:   This subsection applies in addition to the disclosure restrictions in sections   56EI, 56EJ and 56EL.

Note 3:   A similar disclosure by a data holder of the CDR data that is required under the consumer data rules will be covered by Australian Privacy Principle   8 if the CDR data is personal information about an individual.

  (2)   If:

  (a)   the accredited data recipient of the CDR data makes the disclosure to the new recipient; and

  (b)   none of paragraphs   (1)(c), (e) and (f) apply in relation to the disclosure to the new recipient; and

  (c)   an act or omission by (or on behalf of) the new recipient, after taking into account subsection   (3), contravenes:

  (i)   subsection   56ED(3); or

  (ii)   another privacy safeguard penalty provision in relation to the CDR data;

then the act or omission is taken to also be an act or omission by the accredited data recipient.

  (3)   For the purposes of paragraphs   (1)(d) and (2)(c), assume that the privacy safeguards apply to the new recipient as if the new recipient were an accredited data recipient for the CDR data.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback