Data-matching practices of loyalty schemes under fire

ACCC calls for right to delete to be incorporated into Australian privacy law

binary silhouettes / data / tracking / surveillance
BlackDovFX / Getty Images

The Australian Competition and Consumer Commission has called for operators of customer loyalty schemes to strengthen their privacy practices. The ACCC indicated it is particularly concerned by the likes of Coles, Flybuys and Woolworths tracking purchasing behaviour and other transactions of members via payment card data even when a loyalty card isn’t employed.

“Many consumers would be shocked to find that some supermarket schemes continue to collect their customers’ data at the checkout even when they do not present their loyalty cards,” ACCC chair Rod Sims said. “They do this by tracking customers’ credit or debit cards from previous transactions.”

“When a customer chooses not to present their loyalty card, we think it is reasonable that they would not expect their data to be collected for that transaction, and we are therefore calling on the relevant schemes to stop this practice,” Sims said.

The commission today released the final report from its inquiry into loyalty schemes. The ACCC has made five top-line recommendations including calling for operators to better communicate the terms and conditions of schemes to members and ensuring that any T&C changes are fair and have adequate notice. Unfair contract provisions and certain unfair trading practices should be prohibited, the report states.

The other three recommendations relate to data handling and privacy laws.

“Loyalty schemes may collect consumer data both actively, for example, information voluntarily provided by the consumer when joining the loyalty scheme, as well as passively, for example, the background collection of data through a consumer’s use of a platform, apps on a device or use of third party websites,” the report states.

“The data collected by some loyalty schemes about a consumer can be further enriched by linking it with external data sources, including from data brokers or through data-sharing platforms. These external data sources collect masses of information on consumers, which can be combined with relevant data a loyalty scheme holds about its customers.”

That kind of data-matching has been shown to concern many Australian consumers, the ACCC report states.

“Many consumers are increasingly concerned about receiving targeted advertising, in some cases from companies that they have never dealt with before,” Sims said.

“There is also an emerging risk of real consumer harm if individual consumers were to be charged inflated prices based on profiling derived from their data. For example, if a person’s frequent flyer data or online search history indicates they can only travel on certain dates, or otherwise based on their income, geographic location or other information collected through the loyalty scheme they may be charged extra.”

The ACCC says it’s also concerned about “opaque” privacy policies, calling for improved clarity as well as more “meaningful controls” over data collection, use and disclosure that are aligned with consumers’ data preferences. The latter could include “pre-selected and meaningful” opt-outs for targeted advertising.

The final recommendation is for a range of significant changes to be made to the Privacy Act, in line with the final report of the ACCC’s Digital Platforms Inquiry.

Those changes would include “strengthening notification requirements to ensure that the collection of consumers’ personal information directly or by a third party is accompanied by a notice of the collection that is concise, intelligible and easily accessible, written in clear and plain language, provided free of charge, and accompanied by appropriate measures to reduce the information burden on consumers”.

Another significant amendment to Australia’s privacy regime would be introducing a right to delete style provision. If implemented along the lines suggested by the ACCC, an individual could request their personal information to be erased “without undue delay”, except in certain circumstances.

The government has committed to introducing a ‘right to delete’ although only in relation to information covered by the Consumer Data Right regime (such as open banking).


Copyright © 2019 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon