Relationship with the consumer data rules
(1) If there is an inconsistency between the privacy safeguards and the consumer data rules, those safeguards prevail over those rules to the extent of the inconsistency.
(2) However, the consumer data rules are taken to be consistent with the privacy safeguards to the extent that they are capable of operating concurrently.
Note: This means that the privacy safeguards do not cover the field that they deal with.
Relationship with the Privacy Act 1988
(3) This Division does not limit Part IIIA (about credit reporting) of the Privacy Act 1988 . However, the regulations may declare that in specified circumstances that Part applies in relation to CDR data as if specified provisions of that Part were omitted, modified or varied as specified in the declaration.
(4) Despite the Privacy Act 1988 :
(a) the Australian Privacy Principles do not apply to an accredited data recipient of CDR data in relation to the CDR data; and
(aa) if section 56ED, 56EE, 56EF or 56EG applies to an accredited person in relation to CDR data--the corresponding Australian Privacy Principle does not apply to the accredited person in relation to the CDR data; and
(b) if subsection 56EN(1) applies to a disclosure of CDR data by a data holder of the CDR data--Australian Privacy Principle 10 does not apply to the data holder in relation to that disclosure of the CDR data; and
(c) if subsection 56EP(1) applies to CDR data and a data holder of the CDR data--Australian Privacy Principle 13 does not apply to the data holder in relation to the CDR data; and
(d) Australian Privacy Principles 6, 7 and 11 do not apply to a designated gateway for CDR data in relation to the CDR data.
Note 1: For the accredited data recipient, the privacy safeguards will apply instead.
Note 2: Section 56EN (or privacy safeguard 11) is about the quality of CDR data. Section 56EP (or privacy safeguard 13) is about correcting CDR data.
(5) Apart from paragraphs (4)(aa) to (d), this Division does not affect how the Australian Privacy Principles apply to:
(aa) an accredited person who does not become an accredited data recipient of the CDR data; or
(a) a data holder of CDR data in relation to the CDR data; or
(b) a designated gateway for CDR data in relation to the CDR data.
Note 1: Privacy safeguard 1 will apply to a data holder or designated gateway in parallel to Australian Privacy Principle 1.
Note 2: The consumer data rules (which are made under Division
2) will affect how the Australian Privacy Principles apply. Requirements and
authorisations under those rules will be requirements or authorisations under
an Australian law for the purposes of the Australian Privacy Principles.