Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

DATA AVAILABILITY AND TRANSPARENCY ACT 2022 - SECT 14A

Penalties for unauthorised collection or use

Civil penalty provisions for user or intermediary

  (1)   An entity contravenes this subsection if:

  (a)   the entity collects or uses data; and

  (b)   the data is ADSP - enhanced data, or output, of a project involving sharing data with the entity under, or purportedly under, section   13; and

  (c)   the collection or use is not authorised by this Act.

Civil penalty:

  (a)   300 penalty units; or

  (b)   if subsection   (2) applies--600 penalty units.

  (2)   This subsection applies if the entity concerned is or has been an accredited entity and the contravention is serious, having regard to any of the following matters:

  (a)   the sensitivity of the data;

  (b)   the consequences of the contravention for entities, groups of entities or things to which the data involved in the contravention relates;

  (c)   the level of care taken by the contravening entity in relation to the entity's responsibilities under the data sharing scheme in relation to the collection or use.

  (3)   An individual or a body corporate contravenes this subsection if:

  (a)   the individual or body corporate uses data; and

  (b)   the data is ADSP - enhanced data, or output, of a project involving sharing data with an entity under, or purportedly under, section   13; and

  (c)   the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and

  (d)   the individual or body corporate's use of the data is not authorised by this Act.

Civil penalty:   300 penalty units.

Offences for user or intermediary

  (4)   An entity commits an offence if:

  (a)   the entity collects or uses data; and

  (b)   the data is ADSP - enhanced data, or output, of a project involving sharing data with the entity under, or purportedly under, section   13; and

  (c)   the collection or use is not authorised by this Act and the entity is reckless with respect to that circumstance.

Penalty:   Imprisonment for 5 years or 300 penalty units, or both.

  (5)   An individual or a body corporate commits an offence if:

  (a)   the individual or body corporate uses data; and

  (b)   the data is ADSP - enhanced data, or output, of a project involving sharing data with an entity under, or purportedly under, section   13; and

  (c)   the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and

  (d)   the individual or body corporate's use of the data is not authorised by this Act and the individual or body corporate is reckless with respect to that circumstance.

Penalty:   Imprisonment for 5 years or 300 penalty units, or both.

Defence

  (6)   Subsections   (1), (3), (4) and (5) do not apply if the data collected or used is a copy of output , or ADSP - enhanced data, that has exited the data sharing scheme, or is derived from such a copy.

Note:   A defendant bears an evidential burden in relation to the matter in subsection   (6) (see subsection   13.3(3) of the Criminal Code ).

Civil penalty provisions for sharer

  (7)   An entity contravenes this subsection if:

  (a)   the entity collects or uses data submitted to the entity under, or purportedly under, section   13A or 13B; and

  (b)   the collection or use is not authorised by this Act.

Civil penalty:   300 penalty units.

  (8)   An individual or a body corporate contravenes this subsection if:

  (a)   the individual or body corporate uses data; and

  (b)   the data was submitted to an entity under, or purportedly under, section   13A or 13B; and

  (c)   the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and

  (d)   the individual or body corporate's use is not authorised by this Act.

Civil penalty:   300 penalty units.

Offences for sharer

  (9)   An entity commits an offence if:

  (a)   the entity collects or uses data submitted to the entity under, or purportedly under, section   13A or 13B; and

  (b)   the collection or use is not authorised by this Act and the entity is reckless with respect to that circumstance.

Penalty:   Imprisonment for 5 years or 300 penalty units, or both.

  (10)   An individual or a body corporate commits an offence if:

  (a)   the individual or body corporate uses data; and

  (b)   the data was submitted to an entity under, or purportedly under, section   13A or 13B; and

  (c)   the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and

  (d)   the individual or body corporate's use is not authorised by this Act and the individual or body corporate is reckless with respect to that circumstance.

Penalty:   Imprisonment for 5 years or 300 penalty units, or both.

Relationship of collection and use civil penalty provisions and offences with other laws

  (11)   Subsections   (1) to (10) have effect despite any other law of the Commonwealth or a State or Territory, whether enacted before or after the commencement of this Act.

  (12)   To avoid doubt, subsections   (1) to (10) have effect regardless of whether a permitted general situation, or a permitted health situation, exists within the meaning of the Privacy Act 1988 .

 


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback