Australia’s privacy laws rely on notification and consent as the primary means of protecting consumers. The onus is on consumers to navigate complex privacy protections in a continuously complex digital economy. It is time to consider reforms that hold businesses accountable for how they collect, share and use consumer data. It is time to give regulators the power to pause and assess data practices that are causing or likely to cause consumer harm.
The working paper explores two concepts to address current and emerging data harms:
1. Duty of care or best interest duty: a framework to hold businesses accountable so that the interests of consumers and the community are front of mind when it comes to how they collect, share, and use consumer data.
Duty of care or best-interests duty
A framework that aligns with the interests of consumers and community has the opportunity to make numerous positive impacts in the privacy and consumer data space:
Naturally shift the onus of responsibility from consumers to businesses.
Help move away from individual level of consent and shift the focus to system set-up and embedding safety by design.
Protect people that may have the inability to consent such as children, people living with a disability or other consumers who are unable to participate in the consent model regardless of how well it may be set-up.
Align interests of organisations and consumers as taking on new data will mean taking on new responsibilities and this can help engender a culture of data minimisation (collect only what you need not what you think you might need).
Address issues of trust and confidence in both government and industry.
Regulators need the power to quickly pause and assess harmful data practices before widespread harm occurs. Product intervention powers in the finance sector and interim and permanent bans under the product safety laws are two approaches that already exist in the Australian consumer protection framework for emerging harms. They are a starting point on how data practices could be regulated.
The working paper is by no means a fait accompli.
It is designed to start the conversation on how concepts from other sectors that have existed for decades could be applied to the evolving world of privacy in a digital economy space. Here, at CPRC, we value the need for diverse conversation and thought to help take this idea further.
CPRC welcomes the opportunity to work further on this issue with government, regulators, policy makers, academia and the community sector.
For a one-on-one briefing or if you wish to collaborate book a briefing with Chandni Gupta.
Digital Policy Director
Chandni leads CPRC’s research stream on protecting consumers in a digital world. Her work to date includes exploring the consumer shift from the analogue towards the digital economy, the impact of deceptive and manipulative online design on Australian consumers and the key gaps that currently exist in Australia’s consumer protections.