Chapter 7: Privacy Safeguard 7 — Use or disclosure of CDR data for direct marketing by accredited data recipients or designated gateways

15 November 2022

Download the print version (version 4.0)

Update Information

We are currently in the process of publishing the current version of the Privacy Safeguard Guidelines on the OAIC’s website in HTML format. In the meantime, if you need assistance because the document you need is not available in a format you can access, please contact us at

Key points

  • Privacy Safeguard 7 prohibits accredited data recipients of CDR data from using or disclosing the CDR data for direct marketing, unless the consumer consents and such use or disclosure is required or authorised under the consumer data rules (CDR Rules).
  • Direct marketing in the CDR context involves the use or disclosure of CDR data to promote goods and services directly to a consumer.
  • The CDR Rules permit accredited data recipients of CDR data to engage in certain direct marketing activities in relation to particular goods or services, if consent has been received to do so.
  • An accredited data recipient of CDR data must comply with the data minimisation principle when using the CDR data for direct marketing.