06/08/2019

The ACCC’s final report into digital platforms, released on 26 July 2019, was extremely critical of how digital platforms, and the broader business community, deal with consumer data and protect privacy. The ACCC believes that Australian privacy laws have not kept up with the growth of the information economy and let business exploit consumers, by collecting their information without appropriate consent.

The ACCC makes a number of key recommendations to give control back to consumers.  The reach of these recommendations goes well beyond digital platforms.  If implemented, the recommendations will impact all businesses that collect consumer information.  Here’s what you need to know right now.

The ACCC has recommended:

  • expanding the definition of ‘personal information’,
  • requiring businesses to notify consumers each time they collect personal information, and
  • requiring businesses to obtain consent to each collection, use and disclosure of personal information.

Overhaul of the definition of personal information

The ACCC believes that the Privacy Act’s definition of ‘personal information’ does not match consumer expectations.  Consumers expect that your date of birth, your photo, your telephone number and location information about you, should be protected by privacy law.  But under the current state of the law that is not always the case.  To address this concern, the ACCC recommends we adopt the EU’s GDPR definition to include technical data and online identifiers.

Concern about relying on deidentification and aggregation tools

The ACCC also expressed concerned about the use of deidentification and aggregation tools to avoid the Privacy Act.  They say that data analytics tools already make it possible to re-identify information and these tools will only get better as time goes on.  The ACCC has not made any recommendations on this topic yet, but we can expect this will be considered as part of the broader reform of Australian privacy law recommended by the ACCC.

Move to a mandatory real-time notification and consent model

APP 5 currently requires businesses who collect personal information to notify the consumer at the time or otherwise ensure the consumer is aware of the collection.  In practice, businesses generally avoid real-time notification and instead use a privacy policy to make consumers aware of all possible collection cases.  The ACCC does not think this is an adequate or appropriate means of obtaining consent.  In their view:

  • Privacy policies that deal with hypothetical collection, use and disclosure cases are “long, complex, vague and difficult to navigate”;
  • Consumers’ privacy preferences change over time; and
  • Consumers cannot conceive of the future value of their information or all the ways a business may use it.

The ACCC wants Australia to move to a mandatory real-time notification and consent model.  This means businesses will have to notify consumers and obtain consent each time they collect, use or disclose personal information.  The ACCC states that these notices must be “concise, transparent, intelligible and easily accessible” to promote informed consent.  It acknowledges that businesses should not be required to notify consumers and obtain consent if it has already done so for the same personal information and the same use or disclosure.  However, this still appears to require a real shift from the privacy policy model used by businesses today.

What does it mean for you?

If implemented, the ACCC’s recommendations will present a huge compliance challenge.  Businesses will need to weigh up the benefit of information collection against the compliance cost.  Immediate compliance steps will include:

  • determining what information falls within an updated definition of personal information,
  • developing notification and consent tools that are linked to information collection, and
  • moving from an opt-out to an opt-in model.

Beyond this, the ACCC thinks the reforms will increase competition on the basis of the privacy and data security offered to consumers.  Businesses that rise to the challenge can expect to reap the rewards of consumer trust.

Authors: Hannah Bragge and Michael Caplan

Expertise Area
""

A one-stop shop for the most frequently asked legal questions by in-house counsel, providing expert tips, example clauses and usage guides.