(1) A person covered by column 1 of an item of the following table must not seek to collect CDR data under the consumer data rules from another person covered by column 2 of that item unless:
(a) a CDR consumer for the CDR data has validly requested this under the consumer data rules for the purposes described in column 3 of that item; and
(b) the person complies with all other requirements in the consumer data rules for the collection of the CDR data from that other person.
Soliciting CDR data from participants under the consumer data rules | |||
Item | Column 1 A person who: | Column 2 must not seek to collect CDR data from: | Column 3 unless a CDR consumer for the CDR data has requested this for the purposes of: |
1 | is an accredited person | a CDR participant for the CDR data | a use or disclosure under the consumer data rules |
2 | is acting as one of the kinds of CDR action participant | the other kind of CDR action participant | a valid instruction to be given: (a) by one of the CDR action participants (as an accredited action initiator for a type of CDR action) to the other; and (b) under the consumer data rules; and (c) for the performance of a CDR action of that type |
Note 1: For item 2, the kinds of CDR action participants are accredited action initiators and action service providers (see section 56AMD).
Note 2: For column 3 of item 2, the CDR consumer for the CDR data would need to have requested the collection of the CDR data as a CDR consumer for the CDR action.
Note 3: This subsection is a civil penalty provision (see section 56EU).
(2) Subsection (1) applies whether the collection is directly or indirectly from the person covered by column 2 of the table.
Note: The collection (whether direct or indirect) would need to be under the consumer data rules for subsection (1) to apply.
Example: The valid request referred to in column 3 of item 1 of the table could be given under the consumer data rules through a designated gateway (see section 56BG).