Australian brands failing users on data privacy

Australian brands failing users on data privacy

A new report from Deloitte shows that Australian brands are missing the mark when it comes to data privacy, with only 16 per cent offering consumers the option to opt-in to marketing activities.

The firm's sixth annual assessment of the privacy practices of Australia's top 100 consumer brands, the Deloitte Privacy Index 2020, found that meaningful consent should now be at the front and centre of every industry and every sector, but companies continue to fail users.

The report found 83 per cent of consumers said they were concerned by internet cookies that track their activity online and how brands use this information for marketing purposes.

According to Deloitte national privacy and data protection lead partner and the autuor of the Privacy Index 2020 David Batch obtaining consent is a critical element for building consumer trust.

"As we navigate the digital realities of pandemic restrictions, of working and socialising online, as consumers we have become far more aware of the need to secure our privacy," says Batch.

"Australians have overwhelmingly told us they don't like being marketed to without opting in, or bundled consent, which couples something we do want with something we don't, especially when it is unnecessary.

"Meaningful consent is the real opportunity for brands in COVID-19 times and beyond. And it is the responsibility of every organisation in Australia that accesses and processes personal information to do its bit in increasing trust in the digital economy."

RELATED: ACCC takes Google to court over personal data use

By sector, retail is the most trusted industry in Australia in terms of consent-giving practices, demonstrating that as an industry it manages consent privacy practices better than any other.

However, Deloitte says this does not mean that the retail sector provides best practices to consumers; the overall industry analysis found that no industry scored above 30 per cent when its consent practices were tested, demonstrating industry-wide and regulatory immaturity.

"Gaining meaningful consent from consumers, within current legal and technical constraints, isn't easy," noted Batch.

"Striking the balance between optimal user experience and obtaining meaningful consent differs across platforms and use cases. Across industry we have seen a lack of maturity in the consent space, such that any updates to Australian law would require significant industry changes and uplift."

Other key findings include:

  • 93 per cent of consumers expect a service to provide them with the option, upfront, to opt-in to non-essential uses of their personal information rather than having to opt-out of these uses.
  • None of the top 100 consumer brands met consent best practices for cookie management.
  • 52 per cent of brands obtain consent for non-essential cookies through the bundled consent of accepting a privacy policy.
  • 7 per cent of the brands that do not mention marketing activities in their privacy policy were found to use marketing cookies when their website was tested.
  • Only 21 per cent of brands provided consumers with a comprehensive consent management portal or equivalent that was also fully or partially available from the associated application.
  • Only 33 per cent of consumers agree that their consent for non-essential processing is valid when it is obtained through acceptance of the terms and conditions and/or privacy policy.
  • 64 per cent obtain this consent through the bundled acceptance of their privacy policy, and of these, 65% limit the functionality of the website without obtaining this consent, meaning consumers have little choice but to consent to marketing activities.
  • 50 per cent of consumers stated that they had given consent (when they had previously refused) because they were tired of being continuously asked by the same service.
  • Only 7 per cent of consumers said they had a very good understanding of how their personal information would be used after they consented to its use.
  • Only 12 per cent of consumers think consent given for non-essential uses should be enduring.

"Although meaningful consent and permission are intrinsically personal, our research overwhelmingly demonstrates a disconnect between what consumers expect and what brands actually do," says Batch.

"No one wants to give consent through constant pop-ups. Nor does a consumer consider consent is given when driven through a catch-all, non-specific privacy notice. The key is in empowering people to choose if, when and how they participate.

"Good consent must be expressly sought and voluntarily given. We're seeing this in COVID-19 initiatives such as tracing apps, where the concept of care drives voluntary participation and builds trust between community and government."

The report also outlines five key actions brands can take to improve consent practices:

1. Have a smart consent strategy

Decide whether you want to follow the minimal legal approach to gaining consent, or whether you want to position your brand as a data ethics leader by following best practices.

2. Gain a deep understanding of your data

For most businesses, the biggest hurdles to operationalising consent management are understanding what data they are processing, where it came from and what it is being used for now. To achieve this dynamically and at scale, they need good data governance and management capabilities, and the right technology.

3. Don't bundle certain consents

Consumers have clearly indicated a strong preference to opt-in to certain activities that aren't essential for the service they seek. These include marketing, online tracking and physical location tracking. Ask for express permission to do these things at the appropriate time in a way that is as 'frictionless' as possible.

4. Create an online portal for users

Provide a digital portal for consumers to monitor and change their consents. Make it easy to access, understand and use. This will increase transparency, individual control and trust demonstrating how consent is taken seriously.  

5. Give granular choice in your cookie banners

Give more than two choices in cookie consent banners and avoid the all-or-nothing approach. Allow consumers to opt-in to tracking and marketing cookies and don't have this turned on by default or bundle the consent with other functional, less invasive cookies.

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

How to conduct an effective board assessment: a step-by-step guide
Partner Content
Your directors should conduct a board assessment annually. Let's examine what a boa...

Related Stories

Love is in the wallet: Australians to splurge $485m on Valentine’s Day

Love is in the wallet: Australians to splurge $485m on Valentine’s Day

Vibrant bouquets and sweet treats are high on the agenda for Austra...

Creditors vote ‘overwhelmingly’ in favour of Brosa liquidation

Creditors vote ‘overwhelmingly’ in favour of Brosa liquidation

Creditors have ‘overwhelmingly’ voted to wind up c...

Collection House, Wallet Wizard owner Credit Corp shares buoyant on loan book uplift

Collection House, Wallet Wizard owner Credit Corp shares buoyant on loan book uplift

Shares in Credit Corp (ASX: CCP), the owner of Wallet Wizard, ...

Booktopia secures $12 million for Western Sydney distribution centre

Booktopia secures $12 million for Western Sydney distribution centre

Having last week revealed its plans to improve its full year earnin...