When it comes to privacy, there’s good news and bad news for retailers. The according to Arktic Fox’s Digital & Marketing In Focus report, 41 per cent of leaders believe they have their house in order as it pertains to privacy.

These leaders believe they have a clear path they are implementing or are well on their way to evolving in the privacy space. The bad news is, more than half (59 per cent) don’t. Even more, less than one in four say that improving compliance with data privacy is a key priority in 2023.

“Only 23 per cent stated that privacy was a major data priority for them in the year ahead. That number should be 100 per cent, considering the fines involved with non-compliance and the risk to brand reputation from the fallout of a breach,” advises Teresa Sperti, Director/Founder of Arktic Fox.

“We shouldn’t be waiting for change to occur. Consumers want to see action. They expect more from brands. Yet, there is a lack of leadership around this and, I believe, there will continue to be until hands are forced.”

With the government’s recent commitment to overhauling Australia’s privacy laws, following the recommendations of a major review first initiated by the former administration, it looks like hands are now forced.

The latest on Australia’s Privacy Principles

At the core of the proposed changes, the government has agreed to an overhaul of how data is collected, used and stored. The privacy reforms will be progressed under the following focus areas:

  • Bring the Privacy Act into the Digital Age

The reforms will bring the scope and application of the Privacy Act into the digital age by recognising the public interest in protecting privacy and exploring further how best to apply the Act to a broader range of information and entities which handle this information.

  • Uplift protections

The reforms will uplift the protections afforded by the Privacy Act by requiring entities to be accountable for handling individuals’ information within community expectations, and enhancing requirements to keep information secure and destroy it when it is no longer needed.

Reforms to the Notifiable Data Breaches scheme will assist with reducing harms that may result from data breaches and introduce new organisational accountability requirements to encourage entities to incorporate privacy-by-design into their operating processes. New specific protections will also apply to high-privacy risk activities and more vulnerable groups including children.

  • Increase clarity and simplicity for entities and individuals

The reforms will provide entities with greater clarity on how to protect individuals’ privacy, and simplify the obligations that apply to entities that handle personal information on behalf of another entity. The reforms will increase the flexibility of code-making under the Act, reduce inconsistency and improve coherence across different legal frameworks with privacy protections, and simplify requirements for transferring personal information overseas, particularly to those countries with substantially similar privacy laws.

  • Improve control and transparency for individuals over their personal information

The reforms will provide Individuals with greater transparency and control over their information through improved notice and consent mechanisms. The reforms will also explore the scope and application of new rights in relation to personal information and increased avenues to seek redress for interferences with privacy, through a direct right of action permitting individuals to apply to the courts for relief for interferences with privacy under the Privacy Act and a new statutory tort for serious invasions of privacy.

  • Strengthen enforcement

The reforms will increase enforcement powers for the OAIC, expand the scope of orders the court may make in civil penalty proceedings and empower the courts to consider applications for relief made directly by individuals. A strategic review of the OAIC and further consideration of its resourcing requirements, including investigating the effectiveness of an industry funding model and establishing litigation funds, will enhance the effectiveness of Australia’s privacy regulator.

Australia’s Privacy Framework: What you need to know now

Attorney-General Mark Dreyfus recently released the “Government Response to the Privacy Act Review Report”. The response agrees to 38 proposals fully, agrees in principle to 68 proposals and notes 10 proposals for further consideration.

Here’s what you need to know at a glance:

  • Australians can now:
    • Demand that tech companies erase their data
    • Sue for privacy breaches
    • Opt out of being targeted, using sensitive personal information
  • Full transparency with AI:
    • The government intends to mandate greater transparency, regarding the utilisation of personal data by AI tools.
  • Aussie Data Privacy: Taking Cues from GDPR
    • Australia considering adopting similar data privacy regulations akin to Europe’s.
  • Personalised Advertisements:
    • No approval for rights to opt out of personalised ads or to prevent political parties from targeting based on “sensitive information or traits”.
  • Transparency Requirement:
    • Entities to be more transparent about personal data use in automated decision-making processes.

What’s next?

The government is taking a comprehensive approach to reform, with plans for further consultation and impact analysis before finalising the reform. In 2024, they intend to introduce legislation aimed at safeguarding personal information. Meanwhile, non-legislative proposals, such as new codes and guidance will be implemented sooner. There will also be further opportunities for public consultation in the next phase.

The customer data platform and the age of privacy

Putting your customer at the centre of the experience is critical for ongoing success. Mounting research suggests that retailers that adopt a customer-centric approach tend to outperform their competitors in areas like revenue generation and market share.

Unsurprisingly, research shows that while leaders are beginning to pare back investments in MarTech overall, however, investment in CDPs is accelerating. In fact, the study demonstrates that 40 per cent of brands say that CDPs are a key priority for investment – double that of last year.

“2023 is clearly the year of the CDP in Australia. Over the past three years, we have been tracking investment in MarTech and priority areas for the year ahead. With demonstrable growth in the number of platforms available and the providers serving the industry, it is fair to say organisations are still trying to make sense of the complexity of what is out there and what is the right choice for their brand,” Sperti shares.

“And while there are promises of improved efficiency, effectiveness, relevance and automation at scale – for many the returns are still too elusive as they grapple with how to integrate and embed platforms to derive value and to my earlier comments invest in training so people know how to use the systems most effectively. CDP uptake is being driven by gaps in the MarTech ecosystem, limiting teams to go after opportunities and work through key challenges.”

Billy Loizou is APAC area vice president at Amperity.

Image: Teresa Sperti (Arktic Fox) & Billy Loizou (Amperity).