Draft CDR Privacy Safeguard Guidelines
This consultation is closed. The deadline for submissions was 20 November 2019.
The Office of the Australian Information Commissioner (OAIC) is seeking your views on its draft Privacy Safeguard Guidelines. These draft guidelines set out the OAIC’s current understanding and interpretation of the privacy safeguards and the relevant Consumer Data Rules.
In August 2019, the Australian Parliament passed the Treasury Laws Amendment (Consumer Data Right) Act 2019 to insert a new Part IVD into the Competition and Consumer Act 2010 (Competition and Consumer Act) to enact the Consumer Data Right (CDR).
Under s 56EQ(1)(a) of this Act, the Australian Information Commissioner (Information Commissioner) has the power to make ‘guidelines for the avoidance of acts or practices that may breach the privacy safeguards’.
The Privacy Safeguard Guidelines outline how the Information Commissioner will interpret and apply the privacy safeguards when exercising functions and powers relating to the privacy safeguards.
About the Consumer Data Right and the Privacy Safeguards
The CDR aims to provide greater choice and control for Australians over how their data is used and disclosed. It will allow consumers to access particular data in a usable form and to direct a business to securely transfer that data to an accredited data recipient.
The security and integrity of the CDR regime is maintained by 13 privacy safeguards, contained in the Competition and Consumer Act and supplemented by the Consumer Data Rules. These privacy safeguards set out the privacy rights and obligations for users of the scheme, including the requirement for informed consent to collect, disclose, hold or use CDR data.
Individual consumers and small, medium and large business customers will all be able to exercise the CDR in relation to data that is covered by the CDR regime.
Read more about the CDR and our role.
Purpose of consultation
The OAIC is seeking your views on its draft Privacy Safeguard Guidelines. These draft guidelines set out the OAIC’s current understanding and interpretation of the privacy safeguards and the relevant Consumer Data Rules.
Although the guidelines are primarily aimed at entities who will be participating in the CDR regime, we welcome comments by other interested stakeholders and members of the community.
How to make comments
Submissions can be made by:
|Post||GPO Box 5218
Sydney NSW 2001
The closing date for comments is Wednesday 20 November 2019.
We intend to make all submissions publicly available. Please indicate when making your submission if it contains confidential information you don’t want made public and why it should not be published. Requests for access to confidential comments will be determined in accordance with the Freedom of Information Act 1982 (FOI Act).
Although you may lodge submissions electronically or by post, electronic lodgement is preferred. To help us meet our accessibility obligations, we would appreciate you providing your submission in a web accessible format or, alternatively, in a format that will allow us to easily convert it to HTML code — for example Rich Text Format (.rtf) or Microsoft Word (.doc or .docx) format.
To assist you in preparing comments for this consultation, the OAIC has prepared the questions below which are intended to stimulate comments and reflections on the draft guide.
They are not intended to limit the issues that may be raised. You may wish to respond to some or all questions, or to raise other issues related to the draft guide.
- Are the draft guidelines clear, relevant and practical?
- Do the draft guidelines meet the needs of entities in understanding their privacy safeguard obligations?
- Are there any topics that you believe the draft guidelines should cover that have not been covered, or should be covered in greater detail?
- Are there any practical examples you could share to help illustrate parts of the guide?
- Are there any topics that you believe would benefit from visual aids such as flow charts or diagrams?
- Are there any other ways in which the draft guide could be enhanced?
Privacy Collection statement
The OAIC will use the personal information it collects in the course of this consultation for the purpose of finalising the guidelines and our ongoing engagement with you.