The global shift towards more stringent data protection began with the European Union’s General Data Protection Regulation (GDPR) in 2016, followed by California’s Consumer Privacy Act (CCPA) in 2020. These regulations set new standards for data privacy, limiting how businesses collect, store, and use sensitive consumer data. Now, Australia is following suit with proposed amendments to its Privacy Act 1988.

The Attorney-General’s Department has put forward 116 proposals to amend the Act, with the federal government already agreeing or agreeing in principle to all but 10 of these proposals. Legislation is expected to be introduced and passed quickly in the coming months, signalling a rapid shift in the regulatory landscape.

Key changes and their impact on retailers

At the heart of these changes is an expanded definition of Personally Identifiable Information (PII). This broader interpretation will likely include modern forms of personal data such as location information, IP addresses, and device identifiers. It may even extend to inferred information about an individual’s preferences or predicted behaviours.

For retailers, these changes signify a shift away from reliance on third-party data and towards a greater focus on first-party data. This transition will necessitate changes in targeted advertising practices. For instance, social media platforms such as Facebook and TikTok can no longer simply check which users meet specific demographic criteria and push ads to their feeds based on third-party data. Instead, they must rely on first-party data and more sophisticated targeting methods.

Learning from our privacy predecessors

While the transition may seem challenging, Australian retailers can learn valuable lessons from their counterparts in the United States and Europe, who have already adapted to similar regulations. Many businesses have successfully pivoted by utilising conversion APIs and developing robust first-party data strategies. For instance, instead of relying on cross-context behavioural data, companies are now targeting ads based on information voluntarily provided by users on specific platforms.

The state of preparedness in Australia

Recent studies indicate that many Australian retailers are underprepared for these changes. A recent survey by Arktic Fox revealed that only 29% of marketing, digital, and ecommerce leaders believe their organisations are effective at activating data to deliver impressive customer experiences. Even fewer (22%) are confident in their organization’s data management and maintenance practices.

This lack of readiness is concerning, given the potential consequences of non-compliance. The Office of the Australian Information Commissioner (OAIC) has flagged that it will impose fines on organizations that fail to meet the new standards. These fines can be significant, up to $2.2 million for each contravention.

Moreover, the Australian Community Attitudes to Privacy Survey 2023 found that data privacy is the third most important factor for consumers when choosing a product or service, after quality and price. A staggering 92% of respondents said they would like businesses to do more to protect their personal information.

The role of customer data platforms

This is where Customer Data Platforms (CDPs) come into play as a powerful solution. CDPs are designed to help  navigate the complexities of new privacy rules by consolidating data from multiple sources into a single, manageable platform. This consolidation allows for the maintenance of accurate consumer profiles while facilitating compliance with consent management and data minimisation policies.

A well-implemented CDP can streamline the application of governance policies across all data types and sources. It simplifies the tracking and management of customer consent for data collection and use, making it easier for businesses to ensure their customer data activities comply with legal requirements. Furthermore, CDPs can be configured to retain only the data that can be lawfully used and only for the period stipulated by privacy regulations.

A new frontier for building customer trust and retail success

As Australia moves towards stricter privacy laws, investing in a reliable CDP is becoming crucial for the retail sector. This investment will enable them to build comprehensive customer profiles while ensuring compliance with upcoming regulations. By taking this proactive approach, Australian retailers can avoid the potential financial and reputational damages associated with non-compliance while also meeting the growing consumer expectation for better data protection.

The shift towards stricter privacy rules presents an opportunity for businesses to build trust with their customers by demonstrating a commitment to data protection. As the privacy landscape continues to evolve, those who embrace these changes and adopt the right tools, such as CDPs, will be best positioned to thrive in this new era of data privacy.

Billy Loizou is area vice president for APAC at Amperity.