Australia's Revised Privacy Laws

4 minutes to read by Liz van Zyl

*This article is contributed by Matt Werth, Creative Technologist at StudioSpace agency Five by Five Global - a truly integrated innovation agency with expertise across a wide range of marketing disciplines. Priding themselves in being creative problem solvers, the Five by Five Global team have deep expertise in a number of categories including retail, video gaming, financial services, charity & not-for-profit and increasingly with environmental and sustainability focused brand partners.

Since the Privacy Act was introduced in 1988 there have been monumental advances in data collection technology. However, privacy laws have been slow to advance in comparison. Now, 36 years later, we’re seeing major updates that will change the way companies must handle data. As marketers, the implications are… mild.

The new laws
The review of the Privacy Act mainly came about as a reaction to massive data breaches. This is reflected in the coming laws which aim to:

  • Remove small business exemption.
  • Empower the OAIC.
  • Restrict personal information sharing across borders to only prescribed countries.
  • Heighten requirements around data security and notification of breaches.
  • Restrict trading of personal data.
  • Restrict direct marketing / targeted advertisement.

Before you panic, we should note that there are definitions to be made around “personal” or “sensitive” data; what is “fair and reasonable”; and the difference between “targeted content” and “targeted advertising”.

It is also important to note that the Government Response doesn’t have any hard agreements to many of the points around advertising and data collection. They merely “agree in-principle”.

The old laws
Europe, UK, and California have lapped us in their privacy laws. Even web browsers themselves are blocking cookies as a matter of ethicality and keeping up with user concerns. Although our Privacy Act has seen a few amendments over the years, Australia’s privacy laws are still largely stuck in 1988, unable to keep up with technology.

Australia Privacy Act Changes Table Summary

Although the law can’t keep up, companies can.
This is where we see the emergence of a cookie-less internet. Big players such as Google, Apple, and Microsoft are spearheading efforts to minimise the use of cookies, not policy makers.

With the current landscape, the majority of companies are taking action to be more sensitive to the privacy needs of consumers by ethically collecting and processing data in plain sight.

By being open and honest (about what data they’re collecting, what they intend on doing with it, and how they will keep it safe) companies become the solution, not the problem.
An action plan for your company

Give users control over the data you collect.
Be upfront with what you are collecting and what you intend to do with the data. Keeping users informed will ensure there aren’t any surprises later on. Most importantly, users must be able to opt out of data collection at any time.
By being trustworthy, you’ll give users reason to stay opted in and feel comfortable with giving you their data.

Use first-party data to target your marketing.
With first-party data you’ll be able to collect more meaningful information in a more humane and engaging way. Leverage touch points in the user journey to ask for information in a way that improves the user experience and empowers the user. Remember: it’s a two-way street. Don’t expect something for nothing.

Adopt new methods of identification.
Often users are confronted with handing over their most sensitive data in order to identify themselves. Sometimes this handover is a massive trust-hurdle that must be overcome for users to engage with your product or service.
Fortunately, there are emerging technologies and services that can overcome this hurdle with ease.
ConnectID aims to improve this experience by acting as an identity exchange using an organisation your users already trust e.g. their bank. ConnectID is currently in the process of rolling out to businesses and consumers.

Web 3 technologies are on the horizon and boast a single point of identification that users can use across the web. Rather than request user’s information, a website connects with their digital wallet which verifies their identity. It’ll be quite a long time before we see widespread adoption of web 3, but it is champing at the bit to change the landscape of privacy once again.

Be wary of international laws.
Australia may be relaxed about cookies, but Europe certainly isn’t. If your website has an international audience, make sure you avoid a lawsuit by complying with the GDPR.

Share this article