Australian brands failing users on data privacy

Australian brands failing users on data privacy

A new report from Deloitte shows that Australian brands are missing the mark when it comes to data privacy, with only 16 per cent offering consumers the option to opt-in to marketing activities.

The firm's sixth annual assessment of the privacy practices of Australia's top 100 consumer brands, the Deloitte Privacy Index 2020, found that meaningful consent should now be at the front and centre of every industry and every sector, but companies continue to fail users.

The report found 83 per cent of consumers said they were concerned by internet cookies that track their activity online and how brands use this information for marketing purposes.

According to Deloitte national privacy and data protection lead partner and the autuor of the Privacy Index 2020 David Batch obtaining consent is a critical element for building consumer trust.

"As we navigate the digital realities of pandemic restrictions, of working and socialising online, as consumers we have become far more aware of the need to secure our privacy," says Batch.

"Australians have overwhelmingly told us they don't like being marketed to without opting in, or bundled consent, which couples something we do want with something we don't, especially when it is unnecessary.

"Meaningful consent is the real opportunity for brands in COVID-19 times and beyond. And it is the responsibility of every organisation in Australia that accesses and processes personal information to do its bit in increasing trust in the digital economy."


RELATED: ACCC takes Google to court over personal data use


By sector, retail is the most trusted industry in Australia in terms of consent-giving practices, demonstrating that as an industry it manages consent privacy practices better than any other.

However, Deloitte says this does not mean that the retail sector provides best practices to consumers; the overall industry analysis found that no industry scored above 30 per cent when its consent practices were tested, demonstrating industry-wide and regulatory immaturity.

"Gaining meaningful consent from consumers, within current legal and technical constraints, isn't easy," noted Batch.

"Striking the balance between optimal user experience and obtaining meaningful consent differs across platforms and use cases. Across industry we have seen a lack of maturity in the consent space, such that any updates to Australian law would require significant industry changes and uplift."

Other key findings include:

  • 93 per cent of consumers expect a service to provide them with the option, upfront, to opt-in to non-essential uses of their personal information rather than having to opt-out of these uses.
  • None of the top 100 consumer brands met consent best practices for cookie management.
  • 52 per cent of brands obtain consent for non-essential cookies through the bundled consent of accepting a privacy policy.
  • 7 per cent of the brands that do not mention marketing activities in their privacy policy were found to use marketing cookies when their website was tested.
  • Only 21 per cent of brands provided consumers with a comprehensive consent management portal or equivalent that was also fully or partially available from the associated application.
  • Only 33 per cent of consumers agree that their consent for non-essential processing is valid when it is obtained through acceptance of the terms and conditions and/or privacy policy.
  • 64 per cent obtain this consent through the bundled acceptance of their privacy policy, and of these, 65% limit the functionality of the website without obtaining this consent, meaning consumers have little choice but to consent to marketing activities.
  • 50 per cent of consumers stated that they had given consent (when they had previously refused) because they were tired of being continuously asked by the same service.
  • Only 7 per cent of consumers said they had a very good understanding of how their personal information would be used after they consented to its use.
  • Only 12 per cent of consumers think consent given for non-essential uses should be enduring.

"Although meaningful consent and permission are intrinsically personal, our research overwhelmingly demonstrates a disconnect between what consumers expect and what brands actually do," says Batch.

"No one wants to give consent through constant pop-ups. Nor does a consumer consider consent is given when driven through a catch-all, non-specific privacy notice. The key is in empowering people to choose if, when and how they participate.

"Good consent must be expressly sought and voluntarily given. We're seeing this in COVID-19 initiatives such as tracing apps, where the concept of care drives voluntary participation and builds trust between community and government."

The report also outlines five key actions brands can take to improve consent practices:

1. Have a smart consent strategy

Decide whether you want to follow the minimal legal approach to gaining consent, or whether you want to position your brand as a data ethics leader by following best practices.

2. Gain a deep understanding of your data

For most businesses, the biggest hurdles to operationalising consent management are understanding what data they are processing, where it came from and what it is being used for now. To achieve this dynamically and at scale, they need good data governance and management capabilities, and the right technology.

3. Don't bundle certain consents

Consumers have clearly indicated a strong preference to opt-in to certain activities that aren't essential for the service they seek. These include marketing, online tracking and physical location tracking. Ask for express permission to do these things at the appropriate time in a way that is as 'frictionless' as possible.

4. Create an online portal for users

Provide a digital portal for consumers to monitor and change their consents. Make it easy to access, understand and use. This will increase transparency, individual control and trust demonstrating how consent is taken seriously.  

5. Give granular choice in your cookie banners

Give more than two choices in cookie consent banners and avoid the all-or-nothing approach. Allow consumers to opt-in to tracking and marketing cookies and don't have this turned on by default or bundle the consent with other functional, less invasive cookies.

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Get our daily business news

Sign up to our free email news updates.

 
Whitefox Recruitment founder Luke Hemmings making strides as a careers leader
Partner Content
After relocating his Canberra-founded company Whitefox Recruitment to the Gold Coast la...
Whitefox Recruitment
Advertisement

Related Stories

ASIC secures its first court win for greenwashing against US giant Vanguard

ASIC secures its first court win for greenwashing against US giant Vanguard

The Australian corporate watchdog has caught out one of the world&r...

Medicinal cannabis group Althea shaves $1.5m from its cost base through staff cutbacks

Medicinal cannabis group Althea shaves $1.5m from its cost base through staff cutbacks

Australian-founded medicinal cannabis company Althea Group (ASX: AG...

Charter Hall snares 15pc stake in Hotel Property Investments for $97m from 360 Capital

Charter Hall snares 15pc stake in Hotel Property Investments for $97m from 360 Capital

Listed funds manager 360 Capital Group (ASX: TGP) has offloaded its...

Lendlease gains approval for $1.7b transformation of Queen Victoria Market precinct

Lendlease gains approval for $1.7b transformation of Queen Victoria Market precinct

Australian development giant Lendlease Group (ASX: LLC) has been gr...