Navigating the Future: The Privacy Act Overhaul and Its Impact on Australian Retail and E-commerce

Global e-commerce’s popularity has surged since the dramatic impact of COVID-19, forcing businesses online in an attempt to survive. However, many individuals who were laid off or had increasing amounts of time on their hands resorted to starting their e-commerce brand. A decision that changed the rest of their lives.

Whilst many have enjoyed the online transformation's success, online retail’s inner workings are being examined. It appears as if a seismic shift in the e-commerce world is here, transcending national borders as it appears on the horizon for everyone in the industry.

The transformation of the Australian Privacy Act: a regulatory disturbance not confined to the Australian nation, but impacts businesses and brands worldwide. The reverberations of this overhaul are creating ripples across the e-commerce landscape. It’s not just a question of compliance for survival: the stakes are much higher. With the 2.3 million small businesses hanging in the balance, their futures are tip-toeing on the edge of the virtual closing of doors. 

So, before heading to eTail 2024, Australia - the most interactive conference filled with like-minded e-commerce industry leaders - we’ve got a few pointers on how early adaptation can give you an edge over your competition.

Here’s some early insight into one of the sessions we’re delivering at eTail, ‘Navigating Data Privacy Regulation Changes’. See how to make immediate changes to ensure compliance and stay ahead of the curve.

• How does your organisation stay up-to-date with current regulatory changes?
• What steps can you take to ensure compliance? How do all the departments within your organisation ensure they maintain data privacy?
• What mechanisms have been implemented to ensure that the organisation has a unified approach to data privacy?
• How can you promote consumer-facing tools to empower users to have more control over their data?
• How are you contacting your customers and audience regarding data privacy? efforts and performance?

Understanding the Regulatory Landscape

As the world has moved almost entirely online, what companies do with consumer data to aid their marketing strategies or product efficiency is incredibly important. With large companies such as Facebook continually tracking data and other large media companies following suit, there have been many issues and governmental meetings regarding data privacy dynamics. With this in mind, the Australian Government has proposed an overhaul of the Privacy Act in tandem with the increasing concerns surrounding the use of individual data.

Previously, there was an exemption for small businesses whose annual turnover was less than $3 million, as it was presumed that smaller businesses would contain less risk. That presumption has now been challenged with the rise in technological advancements and increased digital interactions - the government has recognised that small, medium and large businesses equally handle substantial amounts of sensitive data.

Businesses Taking the Lead

With these proposed changes likely to take effect, many Australian companies are proactively taking the lead and setting examples by revisiting their data compliance practices ahead of the regulatory changes.

Regarding consumer trust, nothing is more important than the most prominent brands have come to understand. These big companies like Coca-Cola are investing heavily in robust data protection measures, complying with current regulations, and anticipating and preparing for potential updates.

Photo by Ylann Meyer on Unsplash

In a press release by Coca-Cola Australia, they cited the importance of marketing to the appropriate ages.

"We will respect the role of parents and caregivers by not marketing to anyone under 15. In addition, at least 75% of the predicted audience must be 15+ years of age, where this information can be obtained. Specifically, this means we will not market in any media which directly targets children under 15, including but not limited to television, print media, digital and social media, movies and SMS/email marketing."

Reckitt, a hygiene, health and nutrition brand, went further.

“We will not directly advertise to children under the age of 13. We believe, as part of our Reckitt Purpose and Fight, in improving health and wellness outcomes for families through responsible and carefully considered educational programmes.”

By proactively taking steps to change their landscape, these large businesses are setting a prime example for the rest of Australian E-Commerce and online retail brands to follow.

The Proposed Changes That Impact E-Commerce Businesses

Overall, six significant changes on the horizon have been proposed by the government and are looking to come into effect relatively soon.

1. Adaptations to marketing to children
2. The right to sue for misuse of data (including filming)
3. Targeting individuals based on sensitive information such as race or sexual orientation.
4. The $3 million exemption for small businesses is set to be removed
5. Right of erasure except for criminals
6. The right to request a search engine (like Google) remove results from a search of a person’s name

All of these look set to effect; however, individuals looking to take legal action against the misuse of their data must show that the interest in privacy outweighs any countervailing public interest, meaning that public interest journalism may be exempt.

Ensuring Compliance: Mechanisms and Measures

With the new privacy laws coming into play, businesses must take proactive measures to ensure compliance, from investing in state-of-the-art cybersecurity systems and conducting regular audits to implementing protocols that effectively manage and track customer consent.

According to an article published by Tech Republic, organisations need to prioritise mapping out their organisation's data. Understanding the data that a company collects is essential as a first step in preparing for the upcoming changes around individual consent and data retention periods.

By failing to take the proactive approach of sitting down with team leaders regarding data collection, consent gathering and storage practices, companies may fail to grasp how to maintain compliance fully.

The other big change that organisations need to consider is third-party incorporation and partnerships. Small, medium, and large businesses must conduct Privacy Impact Assessments and thoroughly examine security procedures before bringing on third parties. They must understand how that organisation is using their data to inform their practices in addition to the data that the third party collects and uses, as small businesses will be responsible for all of the data used in their procedures.

One organisation trying to lead the way in leveraging AI and reducing the risk of data breaches is BizGPT - an AI organisation. BizGPT uses global AI engines like ChatGPT to boost Australian business productivity and profitability. The aim is to reduce data security risks, ensure compliance, and promote transparency.

They are committed to helping Australian companies reduce the risks associated with the use of AI. To achieve this, they provide local businesses with the necessary tools and knowledge to navigate the complex world of AI safely and responsibly.

However, with AI, many questions remain regarding the use of data.

How do you approach acquiring and managing customer data for AI-driven applications? What steps can you take to ensure data quality and relevance?

Want to read the full article?

Download the Innovation Brief to read the full article