Preparing Marketers for Privacy Reform | ADMA Webinar

The ADMA session, led by Salah Fernando, focuses on the impending Privacy Act reforms and their impact on data-driven marketing. The discussion emphasizes the importance of marketers understanding and preparing for these changes to ensure compliance. Expert panelists Louis Martin and Kate Bower highlight the need for increased transparency, responsible data use, and consumer trust. They discuss the broadening scope of personal information, the fair and reasonable use test, and the significance of data minimization. The session underscores the urgency for businesses, including small ones, to start adapting now, leveraging available resources and training to navigate the evolving regulatory landscape effectively.

• Focus on the impact of reformed Privacy Act on data-driven marketing.
• Aim to ensure industry understands changes and compliance requirements.
• ADMA committed to providing updates and resources for Australian marketers.
• Advocacy role to strengthen marketers' voices in the digital economy.

"Our focus at ADMA and here today is on how the reformed act will impact data-driven marketing, ensuring the industry understands what is happening, is clear on what it means, and what they need to do to be compliant with the new rules."

• Emphasizes the need for clarity and compliance in the industry.

• Data is integral to business decisions across the supply chain.
• Marketing is at the forefront of data collection, use, and disclosure.
• Three key sources of data: business operations, customer data (first-party), and third-party data.

"Data that marketing collects is actually important to the entire business; it drives decision-making that goes right across the supply chain of a business."

• Highlights the critical role of data in business operations and decision-making.

• Personal data, engagement data, behavioral data, and attitudinal data.
• Data can be volunteered, observed, inferred, or acquired.

"The kind and type of data that you would collect in a business would be personal data, engagement data, behavioral and attitudinal."

• Outlines the various types of data businesses collect and their sources.

• Mature digital economies lead to increased regulatory scrutiny.
• Importance of applying legal definitions and compliance in marketing activities.

"Regulators, once the digital economy becomes a little bit mature, start to look and focus on how that economy is using things like data."

• Explains the regulatory focus on data usage as digital economies mature.

• Data security focuses on protecting personal data and mitigating risks.
• Privacy involves the use and governance of collected personal data.

"It's really important to ensure that you are investing money into upskilling, training, and understanding how to apply your privacy responsibilities."

• Stresses the importance of both cybersecurity and privacy in data management.

• The Privacy Act of 1988 was suited to the data landscape of its time.
• Current data practices necessitate a reformed Privacy Act.
• The reform process involves extensive consultation and a cost-benefit analysis.

"The process of this Privacy Act review has been a long and considered one, with much consultation throughout the entire process."

• Describes the thorough and consultative process behind the Privacy Act review.

• Broader scope and definitions, including personal information and data collection.
• New definitions and fluidity in terms like de-identified information and sensitive information.
• Introduction of terms like direct marketing, trading, targeting, and targeted advertising.

"The scope of the ACT is going to broaden; it's going to apply to more types of data. The definition of personal information will broaden."

• Details the expected broadening of the Act's scope and definitions.

• Introduction of a fair and reasonable test for data collection, use, and disclosure.
• Increased transparency in operations and automated decision-making.
• Higher accountability with the new direct right of action and increased penalties.

"You have to make sure that your collection's use and disclosure of personal information is required to be fair and reasonable in the circumstances."

• Explains the new overarching test and its implications for data practices.

• Businesses will have a transitional period to comply with the new Act.
• Significant work required during this period, including stakeholder assessments.

"If you haven't begun starting to look inside your business and starting to prepare for what needs to come, then you are going to not be able to meet your compliance requirements."

• Urges businesses to start preparations early to meet compliance deadlines.

• Emphasis on the need for marketers to understand and prepare for privacy reforms.
• Importance of ongoing education and resource provision by industry bodies like ADMA.

"We're here to champion the interests of our industry on all fronts, pushing for balanced regulations that provide consumer protection in a way that the marketing sector can operationalize."

• Reiterates ADMA's commitment to supporting the marketing industry through regulatory changes.

• Louie Martin: General Manager of Privacy and Customer Trust at West Farmers One Digital. Responsible for privacy, data governance, risk, compliance, and more.

  "Louie Martin is the general manager of privacy and customer trust at West Farmers One Digital. He is a foundation member of the team that established West Farmers' newest division."

  • Louie’s role involves privacy, data governance, risk, compliance, and AI.
  • Member of the national AI Center's Responsible AI Think Tank and Standards Australia IT-043 AI Standards Committee.

• Dr. Kate Bower: Consumer Data Advocate at Choice, leading advocacy on privacy reform, facial recognition technology, and AI regulation.

  "Dr. Kate Bower is the consumer data advocate at Choice, Australia's largest consumer advocacy organization."

  • Leads advocacy on privacy reform, facial recognition technology, and AI regulation.
  • Member of the national AI Center's Responsible AI Think Tank and Standards Australia IT-043 AI Standards Committee.

• Broader Coverage and Consumer Control:

  "The Privacy Act changes will bring a much broader coverage, so more types of data, they'll impact more businesses and more circumstances relevant to marketing."

  • Changes will cover more types of data and impact more businesses.
  • Will give more control to consumers and enable them to take action if their data is mishandled.

• Opportunity for Brands:

  "It's a real opportunity for those brands who engage well to become more transparent and more considered around how they're going to use data."

  • Brands can differentiate by becoming responsible custodians of customer data.
  • Need to focus on relevant and timely marketing communications.

• Preparation and Investment:

  "The changes may come in a couple of years, but it requires some investment and focus now."

  • Requires investment in understanding and managing data.
  • Businesses should start preparing by doing maturity assessments and developing incremental work plans.

• Increased Awareness and Concern:

  "Over the last couple of years, privacy has significantly changed for most consumers, partly due to large data breaches."

  • Consumers are more aware of privacy due to data breaches and the rise of social media.
  • Increased awareness of data targeting, profiling, and the scope of information sharing.

• Examples of Privacy Violations:

  "We've got things like domestic violence perpetrators using access to smart fridges to abuse their victims."

  • Examples include facial recognition in stadiums, misuse of smart devices, and data breaches involving sensitive information.
  • Consumers feel unprotected and overwhelmed by the lack of control over their data.

• Need for Reform:

  "Consumers feel like they have no control over their privacy and they really feel unprotected."

  • Support for privacy reform is driven by the need for consumers to feel their privacy is protected and promoted.
  • Businesses need to act now to prepare for changes and build consumer trust.

• Fair and Reasonable Use:

  "Sitting above all of that transparency is the concept of fair and reasonable."

  • Businesses must satisfy the fair and reasonable use test before considering transparency.
  • Transparency involves making data use understandable and contextual for consumers.

• Contextual Transparency:

  "Some brands are now asking, would you or would you not like to hear from us during Mother's Day?"

  • Transparency should be contextual and relevant, not relying on lengthy privacy policies.
  • Example: Asking customers about their preferences in specific contexts (e.g., Mother's Day communications).

• Control and Trust:

  "Think about what your preference center looks like. Is it channel, frequency, category, or event-driven?"

  • Businesses should provide sophisticated control options for customers.
  • Progressive profiling can build trust and encourage data sharing.

• Start Preparing Now:

  "You don't need to wait for law reform to happen. There are many things that people can do ahead of the reform."

  • Businesses should start preparing by understanding their data and considering future scope changes.
  • Shift from a notice and consent model to a fair and responsible data use model.

• Simplifying Consumer Experience:

  "The need for reform has come into play because a lot of customers have lost trust in the digital practices of businesses."

  • Simplify the consumer experience by ensuring data protection and transparency.
  • Understand the intricacies of the new reforms to operationalize them effectively.

• Invest in Transparency and Trust:

  "Transparency is a necessary part of the process. We need to build trust in the relationship between marketers and customers."

  • Invest in transparency measures that build consumer trust.
  • Use contextual and human-focused approaches to data transparency and control.

These notes summarize the key ideas and topics discussed in the transcript, providing a comprehensive overview suitable for study and exam preparation.

• Meta's Change in Terms and Conditions
  • Meta updated its terms to use platform data for training large language models.
  • EU users have an opt-out under GDPR; Australian users do not.
  • Users signed up years ago could not have anticipated this use of their data.
  • This change likely fails the "fair and reasonable use" test.

"Meta changed their terms and conditions to use platform data for training large language models. EU users can opt out, but Australian users cannot."

• Meta's new data use policy and its implications for different regions.

"There’s really no way that people could have anticipated that 15 years down the line, that information would be used by that business in a technology that hadn’t even been invented yet."

• Users originally shared data without foreseeing its future use in AI training.

• Consumer Expectations and Digital Marketing

  • Users understand digital marketing but expect transparency and control over their data.
  • Sharing data with third parties or using it for purposes like AI training crosses the "creepy line."

"People have a good understanding of digital marketing but would find data sharing with third parties or using it for AI training to be creepy."

• Users are generally savvy about digital marketing but expect ethical data usage.

• Regulatory and Market Changes
  • Regulatory changes will force marketers to rethink data usage practices.
  • Transparency about data usage will become crucial.
  • Marketers will need to consider the human element behind data.

"Regulatory reform is going to change how marketers think, making them consider transparency and the human element behind data."

• Regulatory changes will prompt marketers to be more transparent and human-centric.

"Businesses will need to think about whether they need to use data in certain ways and if they absolutely have to."

• Marketers will have to justify their data usage practices more rigorously.

• Privacy Act Reform and Accountability

  • Increased penalties and accountability will drive compliance.
  • The "fair and reasonable" test will be challenging to define but crucial.
  • Businesses will need to adapt to new privacy standards and practices.

"The accountability is going up, the fines are going up, and the focus on businesses is increasing."

• Higher penalties and accountability will push businesses to comply with new standards.

"Fair and reasonable is tough to define, but it’s going to be crucial for businesses to adapt to new privacy standards."

• The "fair and reasonable" test will be a key focus for businesses adapting to new privacy laws.

• Practical Guidance from Regulators
  • Regulators will provide practical guidance to help businesses comply.
  • Guidance will focus on data minimization and privacy by design.
  • Smaller compliance actions and warnings will help businesses adjust.

"Regulators will provide practical guidance, focusing on data minimization and privacy by design."

• Practical guidance will help businesses implement privacy-focused practices.

"Smaller compliance actions and warnings will help businesses adjust before major penalties."

• Incremental compliance measures will aid businesses in meeting new standards.

• Data Minimization and Privacy by Design

  • Data minimization will reduce risks for businesses and increase privacy for consumers.
  • Businesses should only collect necessary data and delete it when no longer needed.
  • Privacy by design will become a standard practice.

"The safest data that you have is the data that you don’t hold."

• Collecting minimal data reduces risks and enhances privacy.

"Businesses should implement privacy by design and data minimization to protect consumers and themselves."

• Privacy by design and data minimization will protect both consumers and businesses.

• Consumer Trust and Data Use
  • Consumers trust brands with their data and expect it to be used ethically.
  • Individual privacy harms are significant and should be addressed.
  • Businesses should consider the consumer perspective in data management.

"Consumers trust you with their data and expect it to be used ethically."

• Ethical data usage is crucial for maintaining consumer trust.

"Individual privacy harms are significant and should be addressed by businesses."

• Addressing individual privacy harms is important for consumer protection.

• Third-Party Data Sharing

  • Businesses must manage third-party relationships carefully.
  • The controller-processor distinction may be introduced in Australia.
  • Brands will need to ensure third parties comply with privacy standards.

"Businesses must manage third-party relationships carefully and ensure compliance with privacy standards."

• Careful management of third-party data sharing is essential for compliance.

"The controller-processor distinction may be introduced, making the brand responsible for data shared with third parties."

• The potential introduction of the controller-processor distinction will impact how brands manage third-party data sharing.

• Responsibility for data safety remains with the primary organization even when data is outsourced to subcontractors.
• Data breaches often occur through weak links in the supply chain.
• Organizations need to have processes and contractual protections in place to ensure data safety and compliance.

"Just because you've handed over data to someone as a subcontractor to either execute on a marketing campaign or to hold your data for you in a data platform warehouse doesn't mean that you have absolved yourself of the responsibility to make sure that you keep that data safe and you use it appropriately."

• Emphasizes the ongoing responsibility for data safety even when outsourced.

"The baddies often come in through the back door; they come in through the weakest link which might be someone in your supply chain."

• Highlights the vulnerability of supply chains in data breaches.

• Data clean rooms and de-identification practices need more clarity in regulatory wording.
• There will be more restrictions and scrutiny on data brokers and data firms.
• The scope of what is considered personal information is likely to expand.

"In terms of data clean rooms and the like, I think given the couple of things the element of fair reasonable some of the marketing controls that a customer will have and also more granularity that'll be around there around de-identification."

• Suggests that data clean rooms and de-identification practices will need to be re-evaluated under new regulations.

"Certainly in the a c's report on data broking there is more focus on some of those practices of what they're calling data firms not necessarily just data brokers."

• Indicates increased regulatory focus on data firms and brokers.

• Privacy reforms aim to harmonize various regulatory regimes and provide a consistent view of personal information.
• Open banking schemes set consumer expectations for data usage across different sectors.
• Marketers need to prepare for these changes by understanding their responsibilities.

"These privacy reforms are going to move more in line with trying to keep a consistent view as to what personal information actually is."

• Emphasizes the goal of regulatory alignment in defining personal information.

"Any customer who's operating in an open banking scheme is going to have that same expectation as to how their data should be used when they go over to a retailer."

• Highlights the transferability of consumer expectations across different sectors.

• The removal of small business exemptions from privacy laws is supported to ensure consistent data protection.
• Small businesses vary widely in the amount and type of data they collect.
• Providing resources and guidance to small businesses is crucial for compliance.

"Consumers don't care the size of the business; they just want their data to be protected."

• Stresses that consumers expect data protection regardless of business size.

"Two-thirds of real estate agents are considered small businesses under the Privacy Act, but I think anyone who's had to undergo a rental application process realizes the huge amount of information that is collected during that process."

• Illustrates the extensive data collection by some small businesses.

• Businesses should aim for best practices in data protection, beyond just meeting legal requirements.
• Consumer expectations for data protection are evolving and often exceed legal standards.
• Businesses are now seen as custodians of data rather than owners.

"The law is going to set the floor; the law is going to tell us what we absolutely must do in order to not get a slap on the wrist."

• Encourages businesses to aim higher than just legal compliance.

"Businesses today can't say that they own data anymore; they are having to understand that they are custodians of this data."

• Reflects the shift in perception from data ownership to custodianship.

• Marketers need to be trained to understand their responsibilities in data protection.
• Compliance teams should be consulted to navigate the complexities of new regulations.
• There is an opportunity to reset data practices and build digital trust.

"We don't expect marketers to be lawyers; what we do ask the marketers to know is when what their responsibilities are at the frontline."

• Underlines the importance of frontline awareness in data protection.

"We have an opportunity to reset our data practices to kind of take a look at our businesses to ask our businesses to invest in this area so that we can clean it up."

• Highlights the chance to improve data practices proactively.

• Businesses need to start preparing for privacy reforms now.
• Training and resources are available to help businesses adapt to these changes.
• Building digital trust is crucial in a fast-evolving digital economy.

"Has your marketing team been actively preparing for the changes that are coming for privacy?"

• Questions the readiness of marketing teams for upcoming privacy reforms.

"The results are showing that teams are not prepared or they're just slightly prepared."

• Indicates a general lack of preparedness among marketing teams for privacy reforms.

By focusing on these key themes and understanding the detailed discussions within each, businesses can better prepare for the evolving landscape of data privacy and protection.