As Australia prepares for a landmark review of the Privacy Act, a comprehensive survey of attitudes towards privacy reveals how Australians want their personal information to be protected now and into the future.
In September, I released the Australian Community Attitudes to Privacy Survey 2020, which features a wealth of insights into attitudes towards data practices, digital platforms, location and biometric data, artificial intelligence, children’s privacy, privacy legislation, and COVID-19.
The findings give clear signals to government, regulators and business about how to respond to changing expectations and behaviours to build consumer trust and confidence.
Amid heightened awareness of personal information in the digital environment, it should come as no surprise that privacy is a major concern for 70 per cent of Australians. Almost nine in 10 want more choice and control over their personal information.
Australians see identity theft and fraud, and data security and breaches, as the biggest privacy risks we face today.
The vast majority (84 per cent) believe the privacy of their information is important, and the same proportion believe personal information should not be used in ways that cause harm, loss or distress.
They want their data protected against harmful practices, and more than eight in 10 believe they should have the right to ask a business to delete their personal information.
Concerns regarding data privacy are driven by individual experience, and a belief that many companies routinely use personal information for purposes that make Australians uncomfortable.
More than four in five people think it is a misuse when data is collected for one purpose and used for another. Or when they are asked for personal information that doesn’t seem relevant to the purpose of the transaction.
The question is: how do we apply these insights?
The upcoming privacy review is a significant opportunity to address concerns identified in our survey, as is the Government’s commitment to increase penalties and introduce infringement notice powers and a binding privacy code for social media and online platforms.
Based on the strong levels of support for government to do more to protect personal data, we have the chance to be a world leader in ensuring the right type of regulation is in place: laws and practices that enable innovation and economic growth, reduce regulatory friction, and uphold our fundamental human right to privacy.
In making our privacy framework fit for the digital age, we need to consider the forces I believe will shape privacy regulation over the next decade.
Global interoperability is critical – put simply, making sure our laws continue to connect around the world, so our data is protected wherever it flows. We must enable privacy self-management, where it is appropriate for individuals to exercise meaningful choice and control.
But individuals cannot shoulder the weight of responsibility to navigate complex information flows.
There must be sufficient obligations built into the system to provide organisational accountability: obligations to integrate privacy into products and services upfront by design and default, to ensure fair handling of personal information, and to avoid harm.
As a regulator, the OAIC needs the right tools to encourage compliance: a comprehensive suite that allows effective deterrence, remedies and rectification.
The business community can also take action through simple steps that respond to and remedy consumer concerns.
Only collect information that is relevant and necessary, and don’t use it for unrelated purposes.
Remember that collecting more information than is required creates greater risk for your organisation, because you must take reasonable steps to secure the information you hold through its entire life cycle. This includes strong cyber and physical security protections and protocols, staff training and education, and data breach prevention and response strategies.
The community also wants information in simple terms. Despite the importance Australians place on privacy, only a third of us read privacy policies on internet sites and just one in five are confident they understand them. Length and difficulty are the main deterrents. But when we do read privacy policies, we are more likely to trust the organisation.
Bundling complex terms and conditions into a privacy policy and using it as a default consent mechanism does not pass muster. It is eroding consumer trust and confidence when it comes to sharing personal information, an essential ingredient in a thriving digital economy.
Taking the lead in these areas will differentiate a business from its competitors, while elevating privacy protections can be its own form of innovation.
Those that do so will build consumer trust and confidence that privacy and personal information is respected and protected and support our economic recovery.
Do you know more? Contact James Riley via Email.