Online privacy is a hot topic

You might have heard a lot about online privacy in the last few months. I certainly have. In April-May, I completed ADMA’s ‘Cookies Masterclass’. Our browsers and devices are getting smarter at blocking all types of tracking, and this masterclass delved into the implications for online marketing.

In Australia, the Privacy Act is being reviewed ‘to better empower consumers, protect their data and support the digital economy’. Questions around online privacy have been driven in part by personalised advertising and marketing.

The Australian Attorney General’s Department released a discussion document in October. It covers questions and submissions being considered in the review. This gives some insights into what might be coming.

Why do we need change?

According to the Deloitte Australian Privacy Index 2021, 65% of respondents were unhappy about receiving targeted advertising based on their online activity. So, while advertisers find that targeted advertising works, people on the receiving end don’t love it.

The unease around targeted advertising has prompted these kinds of questions in the review:
Should we extend the definition of personal information to include data such as our device IDs and geo-location, since these can be used to single us out and target us with advertising?
When is it okay for organisations to infer our preferences from our web browsing and store that information (known as ‘profiling’)?

Does it affect me?

If you are a small business owner, you’d be partly right to think that this doesn’t really concern you. This is because businesses with less than $3 million annual turnover are exempt from the Privacy Act in Australia. There are exceptions to that exemption – healthcare businesses, for example, are not exempt.

You also have privacy-related obligations when you use services such as Google and Facebook for advertising and tracking. Generally this involves publishing a privacy policy on your website and stating how you use cookies associated with your use of these services. See ‘Is your Privacy Policy up to Speed?‘.

I believe that any business that conducts online marketing should try to keep on the right side of what their customers would reasonably expect from them.

What can we expect to change in online privacy law?

The current law places a lot of responsibility on the individual to protect their own privacy. We have to read privacy notices and give consent when needed. We all know that this doesn’t really work. The notices are nearly impossible to understand and, usually, the only options are to accept the terms or not use the service.

In the future, there may be more onus on organisations handling personal information to:

  • state clearly the how the data will be used (not just the primary purpose)
  • disclose the types of third-party organisations with whom the data may be shared (not just ‘our partners’, which could mean anything).
  • ensure that privacy notices are ‘clear, current and understandable’. Standardised formats and icons may be required.

Heading in the right direction

App tracking notice on iPhone

At the same time, the big tech companies are making ‘privacy first’ changes to their platforms. The most noticeable has been from Apple. They now require app developers to ask for user consent for tracking. iPhone users will be familiar with this notice (left). It is much clearer than most privacy notices and offers you the option to say no.

All in all, I think that we are heading in the right direction with setting a higher bar for online privacy. A move towards plain language will make a big difference for consumers. It will also be easier for smaller businesses to understand advertising systems and do the right thing by their customers.