Australian brands failing users on data privacy

Australian brands failing users on data privacy

A new report from Deloitte shows that Australian brands are missing the mark when it comes to data privacy, with only 16 per cent offering consumers the option to opt-in to marketing activities.

The firm's sixth annual assessment of the privacy practices of Australia's top 100 consumer brands, the Deloitte Privacy Index 2020, found that meaningful consent should now be at the front and centre of every industry and every sector, but companies continue to fail users.

The report found 83 per cent of consumers said they were concerned by internet cookies that track their activity online and how brands use this information for marketing purposes.

According to Deloitte national privacy and data protection lead partner and the autuor of the Privacy Index 2020 David Batch obtaining consent is a critical element for building consumer trust.

"As we navigate the digital realities of pandemic restrictions, of working and socialising online, as consumers we have become far more aware of the need to secure our privacy," says Batch.

"Australians have overwhelmingly told us they don't like being marketed to without opting in, or bundled consent, which couples something we do want with something we don't, especially when it is unnecessary.

"Meaningful consent is the real opportunity for brands in COVID-19 times and beyond. And it is the responsibility of every organisation in Australia that accesses and processes personal information to do its bit in increasing trust in the digital economy."

RELATED: ACCC takes Google to court over personal data use

By sector, retail is the most trusted industry in Australia in terms of consent-giving practices, demonstrating that as an industry it manages consent privacy practices better than any other.

However, Deloitte says this does not mean that the retail sector provides best practices to consumers; the overall industry analysis found that no industry scored above 30 per cent when its consent practices were tested, demonstrating industry-wide and regulatory immaturity.

"Gaining meaningful consent from consumers, within current legal and technical constraints, isn't easy," noted Batch.

"Striking the balance between optimal user experience and obtaining meaningful consent differs across platforms and use cases. Across industry we have seen a lack of maturity in the consent space, such that any updates to Australian law would require significant industry changes and uplift."

Other key findings include:

  • 93 per cent of consumers expect a service to provide them with the option, upfront, to opt-in to non-essential uses of their personal information rather than having to opt-out of these uses.
  • None of the top 100 consumer brands met consent best practices for cookie management.
  • 52 per cent of brands obtain consent for non-essential cookies through the bundled consent of accepting a privacy policy.
  • 7 per cent of the brands that do not mention marketing activities in their privacy policy were found to use marketing cookies when their website was tested.
  • Only 21 per cent of brands provided consumers with a comprehensive consent management portal or equivalent that was also fully or partially available from the associated application.
  • Only 33 per cent of consumers agree that their consent for non-essential processing is valid when it is obtained through acceptance of the terms and conditions and/or privacy policy.
  • 64 per cent obtain this consent through the bundled acceptance of their privacy policy, and of these, 65% limit the functionality of the website without obtaining this consent, meaning consumers have little choice but to consent to marketing activities.
  • 50 per cent of consumers stated that they had given consent (when they had previously refused) because they were tired of being continuously asked by the same service.
  • Only 7 per cent of consumers said they had a very good understanding of how their personal information would be used after they consented to its use.
  • Only 12 per cent of consumers think consent given for non-essential uses should be enduring.

"Although meaningful consent and permission are intrinsically personal, our research overwhelmingly demonstrates a disconnect between what consumers expect and what brands actually do," says Batch.

"No one wants to give consent through constant pop-ups. Nor does a consumer consider consent is given when driven through a catch-all, non-specific privacy notice. The key is in empowering people to choose if, when and how they participate.

"Good consent must be expressly sought and voluntarily given. We're seeing this in COVID-19 initiatives such as tracing apps, where the concept of care drives voluntary participation and builds trust between community and government."

The report also outlines five key actions brands can take to improve consent practices:

1. Have a smart consent strategy

Decide whether you want to follow the minimal legal approach to gaining consent, or whether you want to position your brand as a data ethics leader by following best practices.

2. Gain a deep understanding of your data

For most businesses, the biggest hurdles to operationalising consent management are understanding what data they are processing, where it came from and what it is being used for now. To achieve this dynamically and at scale, they need good data governance and management capabilities, and the right technology.

3. Don't bundle certain consents

Consumers have clearly indicated a strong preference to opt-in to certain activities that aren't essential for the service they seek. These include marketing, online tracking and physical location tracking. Ask for express permission to do these things at the appropriate time in a way that is as 'frictionless' as possible.

4. Create an online portal for users

Provide a digital portal for consumers to monitor and change their consents. Make it easy to access, understand and use. This will increase transparency, individual control and trust demonstrating how consent is taken seriously.  

5. Give granular choice in your cookie banners

Give more than two choices in cookie consent banners and avoid the all-or-nothing approach. Allow consumers to opt-in to tracking and marketing cookies and don't have this turned on by default or bundle the consent with other functional, less invasive cookies.

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Get our daily business news

Sign up to our free email news updates.

Please tick to verify that you are not a robot

The MBA that helped Epic Environmental’s startup employee become GM and partner
Partner Content
Environmental engineer Romin Nejad began his career at Epic Environmental at a challeng...
Queensland University of Technology

Related Stories

RACQ Insurance fined $10m for failing customers on discount promises

RACQ Insurance fined $10m for failing customers on discount promises

The insurance arm of the member-owned Royal Automobile Club of...

Lovers, not fighters: Mr Yum and me&u consummate hospitality merger

Lovers, not fighters: Mr Yum and me&u consummate hospitality merger

Two leading Australian companies that have upended the status quo i...

Sunshine Coast icon Beefy's Pies acquired by RFG for $10 million

Sunshine Coast icon Beefy's Pies acquired by RFG for $10 million

The owners of award-winning Sunshine Coast family pie shop chain Be...

Early-stage startup backer Happenco secures $12m to fund founders

Early-stage startup backer Happenco secures $12m to fund founders

Australian venture investment and advisory firm Happenco has announ...