A new report from Deloitte shows that Australian brands are missing the mark when it comes to data privacy, with only 16 per cent offering consumers the option to opt-in to marketing activities.
The firm's sixth annual assessment of the privacy practices of Australia's top 100 consumer brands, the Deloitte Privacy Index 2020, found that meaningful consent should now be at the front and centre of every industry and every sector, but companies continue to fail users.
The report found 83 per cent of consumers said they were concerned by internet cookies that track their activity online and how brands use this information for marketing purposes.
According to Deloitte national privacy and data protection lead partner and the autuor of the Privacy Index 2020 David Batch obtaining consent is a critical element for building consumer trust.
"As we navigate the digital realities of pandemic restrictions, of working and socialising online, as consumers we have become far more aware of the need to secure our privacy," says Batch.
"Australians have overwhelmingly told us they don't like being marketed to without opting in, or bundled consent, which couples something we do want with something we don't, especially when it is unnecessary.
"Meaningful consent is the real opportunity for brands in COVID-19 times and beyond. And it is the responsibility of every organisation in Australia that accesses and processes personal information to do its bit in increasing trust in the digital economy."
By sector, retail is the most trusted industry in Australia in terms of consent-giving practices, demonstrating that as an industry it manages consent privacy practices better than any other.
However, Deloitte says this does not mean that the retail sector provides best practices to consumers; the overall industry analysis found that no industry scored above 30 per cent when its consent practices were tested, demonstrating industry-wide and regulatory immaturity.
"Gaining meaningful consent from consumers, within current legal and technical constraints, isn't easy," noted Batch.
"Striking the balance between optimal user experience and obtaining meaningful consent differs across platforms and use cases. Across industry we have seen a lack of maturity in the consent space, such that any updates to Australian law would require significant industry changes and uplift."
Other key findings include:
- 93 per cent of consumers expect a service to provide them with the option, upfront, to opt-in to non-essential uses of their personal information rather than having to opt-out of these uses.
- None of the top 100 consumer brands met consent best practices for cookie management.
- Only 21 per cent of brands provided consumers with a comprehensive consent management portal or equivalent that was also fully or partially available from the associated application.
- 50 per cent of consumers stated that they had given consent (when they had previously refused) because they were tired of being continuously asked by the same service.
- Only 7 per cent of consumers said they had a very good understanding of how their personal information would be used after they consented to its use.
- Only 12 per cent of consumers think consent given for non-essential uses should be enduring.
"Although meaningful consent and permission are intrinsically personal, our research overwhelmingly demonstrates a disconnect between what consumers expect and what brands actually do," says Batch.
"No one wants to give consent through constant pop-ups. Nor does a consumer consider consent is given when driven through a catch-all, non-specific privacy notice. The key is in empowering people to choose if, when and how they participate.
"Good consent must be expressly sought and voluntarily given. We're seeing this in COVID-19 initiatives such as tracing apps, where the concept of care drives voluntary participation and builds trust between community and government."
The report also outlines five key actions brands can take to improve consent practices:
1. Have a smart consent strategy
Decide whether you want to follow the minimal legal approach to gaining consent, or whether you want to position your brand as a data ethics leader by following best practices.
2. Gain a deep understanding of your data
For most businesses, the biggest hurdles to operationalising consent management are understanding what data they are processing, where it came from and what it is being used for now. To achieve this dynamically and at scale, they need good data governance and management capabilities, and the right technology.
3. Don't bundle certain consents
Consumers have clearly indicated a strong preference to opt-in to certain activities that aren't essential for the service they seek. These include marketing, online tracking and physical location tracking. Ask for express permission to do these things at the appropriate time in a way that is as 'frictionless' as possible.
4. Create an online portal for users
Provide a digital portal for consumers to monitor and change their consents. Make it easy to access, understand and use. This will increase transparency, individual control and trust demonstrating how consent is taken seriously.
5. Give granular choice in your cookie banners
Give more than two choices in cookie consent banners and avoid the all-or-nothing approach. Allow consumers to opt-in to tracking and marketing cookies and don't have this turned on by default or bundle the consent with other functional, less invasive cookies.Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.
Business News Australia
Get our daily business news
Sign up to our free email news updates.