The draft guidelines set out the OAIC’s understanding and interpretation of the privacy safeguards and the relevant Consumer Data Rules.
The CDR Regime is aimed at providing greater choice and control to consumers over how their data is used and disclosed by businesses that provide goods and/or services to them. The CDR Regime enables consumers to
The CDR Regime will firstly apply to the banking sector, followed by the energy sector, and eventually across the economy.
The draft guidelines set out 13 privacy safeguards which are aimed at protecting the privacy or confidentiality of CDR data (i.e. information within a class specified in the designation instrument for each sector including derivatives from such information) of the relevant consumers. These guidelines cover:
The Privacy Safeguard Guidelines clarify the intention of each privacy safeguard and provide guidance on how to avoid acts or practices that may breach the privacy safeguards. Although the majority of the privacy safeguards borrow similar principles from the Australian Privacy Principles (APPs) under the Privacy Act 1988, the Privacy Safeguard Guidelines expressly state that the APPs do not apply to the CDR entity in relation to CDR data. Instead, the CDR Regime will apply.
Currently, the OAIC is seeking feedback on the draft Privacy Safeguard Guidelines from the interested stakeholders and members of the community. The closing date for feedback is Wednesday 20 November 2019.
A copy of the draft Privacy Safeguard Guidelines are available for download here.
The Privacy Safeguard Guidelines should be read together with Division 5 of Part IVD of the CCA and the Consumer Data Rules, which set out the rules required to implement the CDR Regime in the relevant sectors. Currently, a proposed set of CDR rules for the banking sector are available here, together with the Explanatory Statement.
Judith Miller specialises in commercial and intellectual property law. She has more than 25 years’ experience in advising on all aspects of the management and commercialisation of IP and is the firm’s Commercial National Practice Leader. Judith has worked with a range of clients across a variety of industries (with a particular focus on the research and development sector), predominantly for IP and content owners, frequently advising those clients on the management, exploitation and protection of their rights in old and new media. She advises clients on the full range of commercial transactions. These include joint ventures, strategic alliances, collaboration and partnering arrangements, supply chain and logistics agreements, reward schemes and acquisition and supply terms. She also advises local and international businesses on the establishment of regional and national franchise systems, and provides strategic advice to established operations. Judith has also worked on a broad range of technology and sourcing matters, including procurement, development agreements, hosting and outsourcing arrangements, software maintenance and hardware supply and support agreements. Connect with Judith via email.