If the public doesn’t feel it can say no, all the privacy policies and terms and conditions can’t solve society’s data governance woes.
The Australian government has allocated $44.6 million over four years in this year’s budget to establish the new Consumer Data Right (CDR). This investment is slated to support the ACCC, OAIC and CSIRO to establish appropriate rules and standards and to ensure the impacts of the CDR are consistent with the Privacy Act.
This is a welcome step, because our latest research uncovers the yawning gap between public expectation and current practices when it comes to data collection, sharing and use.
In a survey of 1004 Australians conducted for the Consumer Policy Research Centre by Roy Morgan Research from March to April this year, 94% of those surveyed did not read the privacy policies or terms and conditions for all the products they signed up to in the past 12 months.
It’s the presumed consent to these policies which often allows consumer data to be captured, transferred, on-sold or transformed for other purposes well beyond what any consumer could have reasonably expected. The policies can also change, making it difficult to know what we consented to in the first place.
Some 70% of survey respondents were not comfortable with their basic data, such as their purchase histories and location data, being shared; while more than 85% were opposed to companies sharing more personal information, like their phone contacts and text message logs.
Yet all of this information is regularly captured and used for personalising ads, offers and sponsored content on digital platforms and mobile apps, and, despite their concerns, most consumers reported continuing to use these digital products and services.
Much innovation, efficiency and consumer benefits arise from data analysis, collection and sharing. We need to ensure this is being done responsibly. This means putting consumers, not companies, in the driver’s seat when it comes to their data.
This also means striking the balance right between encouraging innovation, protecting privacy and enabling consumer choice.
Currently, Australia lags other nations in addressing these critical issues. The new General Data Protection Regulations in the EU deliver consumers greater transparency and optionality over how their data is collected and used. As Dr Katharine Kemp from UNSW highlighted earlier this week, EU consumers will gain access to a range of improvements, where consent must be:
- Explicit, requiring action to be taken to release data – privacy is the default;
- Unbundled, so that consumers can choose what kinds of data they are enabling to be collected and shared;
- Revocable, where consent can be withdrawn at any point.
Australian consumers desperately want genuine choice and control over how their data is collected and used. Right now, it’s a case of: ‘Take it or leave it. Agree to our terms or you get nothing.’
Of those surveyed, 95% of Australians wanted companies to provide opt-out options for data collection, and 91% wanted an option for data to be collected only for the purpose of delivering the product or service.
There’s also a big expectation that data will be used fairly. 88% thought it would be unacceptable to be charged a different price for the same product compared to another Australian based on browsing history or payment behaviour. Similarly, 87% were not comfortable with their data being used without their knowledge to assess eligibility for a product or service such as loan or insurance.
Consumers also expect Government to develop protections. 73% support Government intervention to ensure companies give them options of how their data is collected, used and shared. A further 67% wanted protections to ensure that consumers were not excluded from essential products and services based on their profile.
These budget commitments are welcome, but the CDR is only slated to apply to banking, energy and telecommunications sectors. The CDR for example, doesn’t cover the vast array of current data collection and use practices currently underway – from loyalty programs, to downloading apps, to browsing websites & social media – consumer data is currently flowing freely to companies, with little transparency or choice in the hands of consumers.
We also need further research to design effective notification systems to consumers, processes to deliver optionality over what data is collected, how it is shared, and the right to be forgotten.
- ALAN FINKEL: Overcoming our mistrust of robots in our homes and workplaces
- NICHOLAS DAVIS & ALEKSANDAR SUBIC: Why all of us must contribute to stronger governance
- PETER HARRIS: Rules forcing data destruction ‘akin to burning books’
How we respond to changes in technology, data collection and amalgamation practices will materially impact our experience as consumers over the coming years. Policymakers and businesses ignore community and consumer expectations at their peril. These issues go to the heart of building trust in evolving technologies and delivering new, inclusive markets.
To kick-start a much-needed national conversation around consumer data issues, CPRC will bring together leading researchers, policymakers, regulators, and members of the business and community sectors for the query:data national data conference in Melbourne on 16 July 2018.
Lauren Solomon is Chief Executive Officer of Consumer Policy Research Centre. An economist who focuses on the people-side of markets, she has worked in senior policy advisory roles across the government, industry and NGO sector for more than a decade.