Press release from the Office of the Australian Information Commissioner 

Australian Privacy Commissioner, Timothy Pilgrim, released two privacy assessment reports this week on the loyalty programs of Australia’s two largest supermarket retailers, Coles and Woolworths.

Retail loyalty programs are increasing in popularity with consumers and businesses alike, with 88 percent[1] of Australians now a member of a loyalty program. These programs operate by rewarding individuals for their purchases and in return retailers collect data about individual buying habits.

The Commissioner’s assessments focused on whether the personal information collected through Australia’s two largest loyalty programs was handled transparently, and in accordance with the Privacy Act 1988.

‘We undertook the privacy assessments to check-up on Australia’s leading retail loyalty programs and to ensure customers’ personal information was being handled in accordance with the Privacy Act,’ said the Commissioner.

‘While it’s encouraging to see that Coles’ flybuys and Woolworths Rewards each had appropriate privacy notices that were consistent with their practices, it’s important that all Australians understand the bargain we strike with a retailer when we join a loyalty program.’

‘There’s no such thing as a free lunch, nor a free flight. The data that loyalty programs collect is valuable, and personal. So in this case, there is a price for the rewards from these programs.’

‘The details collected in these programs might seem insignificant on their own but when merged together they can paint a picture of who we are, what we do and how we behave. This information is worth a lot to organisations. So it’s important that we understand the terms of the programs we join — especially what privacy protections they include.’

‘So I’d ask Australians to think about how many loyalty cards they have right now, and ask themselves if they know what can happen to the personal information they have handed over to get the card. A way of knowing this is to read privacy policies before signing up so you can make an informed decision about what will happen to your personal information.’

Following the assessment of Coles and Woolworths, the OAIC will be assessing some of Australia’s other popular loyalty programs in the coming year.

About the report

The report assessed how Coles’ flybuys and Woolworths’ Rewards loyalty programs managed personal information in accordance with Australian Privacy Principle (APP) 1. The assessment also focused on whether Coles and Woolworths notified individuals of the collection of personal information in accordance with APP 5.

The assessment reports were conducted under Section 33C (1)(a) of the Privacy Act 1988. To access the reports, please visit

Loyalty program assessment: flybuys — Coles Supermarkets Australia Pty Ltd

Loyalty program assessment: Woolworths Rewards — Woolworths Limited

About the OAIC

The Office of the Australian Information Commissioner (OAIC) has a range of regulatory responsibilities and powers under the Privacy Act 1988 and other legislation including the Freedom of Information Act 1982.

The OAIC is headed by the Acting Australian Information Commissioner. The Information Commissioner is supported by the Assistant Commissioner, Regulation & Strategy and the Assistant Commissioner, Dispute Resolution, and OAIC staff.

For further information about the OAIC, please visit or follow @OAICgov.