Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) An accredited data recipient of CDR data must not use or disclose it for direct marketing unless:
(a) in the case of a disclosure--the disclosure is required under the consumer data rules in response to a valid request from a CDR consumer for the CDR data; or
(b) the use or disclosure is authorised under the consumer data rules in accordance with a valid consent of a CDR consumer for the CDR data.
Note 1: This subsection is a civil penalty provision (see section 56EU).
Note 2: The valid request referred to in paragraph (a), or the valid consent referred to in paragraph (b), could be given through a designated gateway (see section 56BG).
(2) A designated gateway for CDR data must not use or disclose it for direct marketing unless:
(a) in the case of a disclosure--the disclosure is required under the consumer data rules; or
(b) the use or disclosure is authorised under the consumer data rules.
Note: This subsection is a civil penalty provision (see section 56EU).