Consumer trust and data protection legislation

In this article:

  • The all-seeing eye
  • GDPR
  • Will Australia get a GDPR equivalent?
  • But why is trust important?
  • Additional resources

Data is a bottomless pit of value for organisations and especially marketing. It creates the ability to develop deep insights into consumer behaviour, individualise communication and experiences, and extract very granular performance measurements.

It makes us more effective!

The all-seeing eye

However, the scope of our ability to collect data represent an ability for organisations to know a significant amount or sensitive information about customers. There is the ability for some companies to objectively know more about a customer than themselves. A company can objectively look at a series of interactions and behaviours over an aggregate, where an individual may only have the perspective of now.

There is a risk of being too intelligent, a big brother figure. Or alternatively, there is the potential that this information is compromised and falls into the wrong hands.

In a world where data is so easily collected and shared consumer increasingly need to feel confidence that their private data is kept private. Left unmanaged, if the collective use of data from customer overreaches into or seeming prescience we could find that consumers will react and either

  1. Choose to longer share data, or
  2. Push to get government to intervene in business practices

To that end, legislation has been developed that maps out the extent by which data should be managed by companies.

GDPR

If you are a marketer, it’s almost certain that you would have heard about GDPR.
GDPR is a piece of legislation that affect all data for citizens in the EU sphere. There are 7 core principles (or 6 plus 1) for GDPR. They cover:

<td”>You need to prove you are compliant.

Lawfulness, fairness, and transparencyFocus on genuinely informing customers about data management and allow consumer control of data. No fine print!
Purpose limitationsPersonal data can only be used specified, explicit, and legitimate purposes. And consent must be received first.
Data minimizationDon’t collect data that you don’t need, and is not essential to the business function.
AccuracyAll necessary steps must be taken to amek sure data is kept up to date.
Storage limitationEliminate data that is no longer used or needed.
Integrity and confidentialityConsumer data must be protected, and steps taken to enable data integrity (through encryption) even if lost.
Accountability and compliance

For Australian companies, this impacts companies of any size if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU [Source].

This means if you export products to the EU (like shipping a t-shirt to a random customer in Belgium), then you are considered to need to align yourself to GDPR.

The Australian Government further recommends GDPR adoption for:

Any Australian business with an office in the EU
Any Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros[8]
Any Australian business whose website mentions customers or users in the EU
Any Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes

Will Australia get a GDPR equivalent?

The EU definitely has the most progressive legislation when it comes to consumer privacy.

The Australian legislation isn’t as simply defined, covering legislation including the Privacy Act of 1988 (Privacy Act), Privacy Regulation 2013 and finally the Privacy Amendment (Notifiable Data Breaches) Act 2017.

While slightly more disparate, the Australian legislation is moving in a similar direction to the GDPR rules.

Recently however, a great focus has been placed on data security in Australia after a raft of large data breaches. Ultimately, a measure to reinforce confidence that data will be protected with consumers.

The key question is whether the legislation advances to include elements in the GDPR legislation which are not in the Australian legislation. This includes

  • The right to be ‘forgotten’ in Australia.
  • Explicit and clear acknowledgement of data handling practice

But why is Trust important?

If consumer confidence in our private organisations ability to manage content is eroded, we will lose the freedom to be able to use data the way that helps us get the best results.

Treating customer data respectfully and with care ensures that further additional requirements and business practices are not imposed upon business. Self regulation is always preferable to imposed legislation.

 

Additional resources

Tell us what you think!
If you would like to talk to us about this article, drop us a line on [email protected].