Hello, privacy pros.
In keeping with the current buzz surrounding the future of adtech in a cookie-free world, the Office of the Australian Information Commissioner recently published its comments on the Australian Competition and Consumer Commission's Digital Advertising Services Inquiry Interim Report, which probes into the adtech ecosystem and includes a handful of draft proposals for increasing competition and empowering consumers in the context of digital platforms. One of the ACCC's proposals is to mandate some form of data portability and interoperability to give consumers sufficient control over their data.
The premise of the ACCC's data portability push is that if consumers can more easily transfer their data out of a platform's ecosystem, more companies will have an opportunity to challenge incumbents and their ecosystems. Both the ACCC and the OAIC seem to agree that data portability must be consumer-led and based on a consumer's informed consent. Where they lose me, however, is with the idea that consumers are actively thinking about how to transfer their adtech profiling data from one digital platform to another. People want the ability to easily port their pictures, documents, contact lists, etcetera, from one digital service to the next. But I find it difficult to believe consumers will make a proactive choice to share their browser history, location history, inferred demographics and all of their other profiling data with a new digital platform if what they are promised in return is merely better-targeted advertising.
The ACCC's data interoperability proposal crosses over into its discussion of a common user or transaction ID, which would make it easier for ad networks and publishers to track individuals and transactions across sites and devices without the need for cookies. The OAIC recommended that any such common ID scheme should be evaluated through a privacy impact assessment to identify and address privacy risks and ensure the use of the identifiers is reasonable, necessary and proportionate.
Elsewhere in the region, Hong Kong's Office of the Privacy Commissioner for Personal Data recently issued guidance to help people to protect their privacy in social media and instant messaging apps. One of the best aspects of this guidance is the straightforward way it describes how these apps make money: "Even though most social media platforms do not charge any fee, the services are not entirely 'free' in that users' data are generally collected and shared. Users' participation in the platforms (such as viewing and liking posts) and use of the services (such as sending and receiving messages) are often profiled. Such user activities generate a massive amount of data which is then harvested — sometimes without the users' knowledge — and monetized via advertising or further sharing." The guidance also includes a helpful reference on how to change privacy settings on popular mobile operating systems and social media apps.
This year's Privacy Awareness Week will be 3–9 May in Australia and 10-14 May in New Zealand. New Zealand's Office of the Privacy Commissioner will host a half-day, in-person (!) Privacy Forum in Wellington 14 May. It's a great opportunity to come together and see your privacy colleagues face-to-face again, and I am hoping to use it as the perfect excuse for me to use the new travel bubble between Australia and New Zealand.
On the topic of in-person events, planning for this year's 2021 IAPP ANZ Summit is well underway. The event will be live, in-person and hosted in Sydney 9–10 Nov. Our call for speaking proposals is open until 13 June. Submit your proposal now for an opportunity to share your experience and perspective with the hundreds of attendees we expect at this marquee regional event.
Until next time!