CDR Privacy Safeguard Guidelines
The Privacy Safeguard Guidelines outline how the Information Commissioner will interpret and apply the privacy safeguards when exercising the functions and powers relating to the privacy safeguards under Part IVD of the Competition and Consumer Act 2010 (Competition and Consumer Act), which establishes the Consumer Data Right (CDR).
Under s 56EQ(1)(a) of this Act, the Australian Information Commissioner (Information Commissioner) has the power to make ‘guidelines for the avoidance of acts or practices that may breach the privacy safeguards’.
About the Consumer Data Right and the privacy safeguards
The CDR aims to provide greater choice and control for Australians over how their data is used and disclosed. It allows consumers to access particular data in a usable form and to direct a business to securely transfer that data to an accredited data recipient.
The security and integrity of the CDR regime is maintained by 13 privacy safeguards, contained in the Competition and Consumer Act and supplemented by the Consumer Data Rules. These privacy safeguards set out the privacy rights and obligations for users of the scheme, including the requirement for informed consent to collect, disclose, hold or use CDR data.
Individual consumers and small, medium and large business customers are able to exercise the CDR in relation to data that is covered by the CDR regime.