ACCC calls for Privacy Act changes to protect loyalty scheme customers

The Australian Competition and Consumer Commission (ACCC) has recommended for loyalty schemes run by the likes of Telstra and the big four banks to improve data practices in its final report into customer loyalty schemes.

In calling for broader changes to be made to consumer and privacy laws, the ACCC's final report [PDF] has put forward five main recommendations to address its concerns around how existing loyalty schemes do not present terms, conditions, and privacy policies in a way consumers can easily understand; and are collecting, using, and disclosing consumer data in ways that does not align with consumer preferences, including providing limited insight and control over the sharing of their data with unknown third parties.

Another major concern outlined in the report was around how loyalty schemes are automatically linking members' payment cards to their loyalty scheme profiles to track purchasing behaviours even if members do not actively scan their loyalty cards.

"Many consumers are increasingly concerned about receiving targeted advertising, in some cases from companies that they have never dealt with before," ACCC chair Rod Sims said.

"There is also an emerging risk of real consumer harm if individual consumers were to be charged inflated prices based on profiling derived from their data. For example, if a person's frequent flyer data or online search history indicates they can only travel on certain dates, or otherwise based on their income, geographic location or other information collected through the loyalty scheme they may be charged extra."

See also: 3 things businesses need to know about customer privacy expectations (TechRepublic)  

The ACCC wants to see updates be made to the Privacy Act. These include updating the definition of "personal information"; strengthening consent requirements and any settings for additional data collection be preselected to "off"; and require entities to erase a consumer's personal information "without undue delay" once they have received a requires from a consumer. 

In addition, the ACCC has recommended for loyalty schemes to improve the clarity, accessibility, navigability, and readability of privacy policies; outline clearly with which entities consumer data is being shared and for what purposes; and disclose to consumers the sources of third-party advertising.

The ACCC however, acknowledged that some loyalty schemes operators have made changes since the consumer watchdog commenced its review and released its draft report in September. Despite this, the ACCC said it is still concerned about "certain practices" and call for loyalty scheme operators to "review and consider their practices within the context of the Australian Consumer Law".

The recommendations by the ACCC in the final report reinforce similar recommendations that were made by the ACCC in its Digital Platforms Inquiry Final Report, which highlighted how Australians are still in the dark when it comes to the extent of the collection and use of their data by companies such as Facebook. 

The release of the final report is also consistent with the ACCC's decision to take legal action against companies such as HealthEngine and Google, alleging the companies have misled or misused consumer data. 

Related Coverage

• Google labels ACCC's location data privacy claims as 'out of context'
• ACCC says it's nearly ready for the Consumer Data Right February 1 deadline
• Optus to pay AU$6.4 million for misleading NBN disconnection claims
• OAIC seeks feedback on draft CDR privacy safeguard guidelines
• Australians made over 3,000 privacy complaints last year
• Data Standards Body establishes Energy Advisory Committee ahead of Consumer Data Right mandate