ADMA’s Privacy webinar reveals the good, the bad, and the surprising on Privacy Act changes

22 May 2023

ADMA recently hosted a webinar bringing together important stakeholders in the ongoing Privacy Review to help get marketers up to speed with what is happening in this vital area. If you missed it, don’t worry we have you covered with the key takeouts below. 

And members can catch up on the whole webinar here

If there was one thing that ADMA’s latest Privacy webinar made clear, it’s that change is in the air for all marketers - and we’re only at the cusp of understanding what this truly means.

From targeting to de-identification, and all the nitty gritty issues proposed by the Privacy Act Review, ADMA’s Privacy webinar explored what a privacy-complaint future may look like, and how marketers can embark on this journey now.

Hosted by Sarla Fernando (Head of Regulatory and Advocacy at ADMA), guest speakers from the ADMA Regulatory and Advocacy Working Group; it’s Chair -  Peter Leonard (Principal & Director, Data Synergies), and Members - Lachlan Rees (Manager - Government Industry & Public Policy, Suncorp), and Kate Friedrich, (Head of Legal, Cyber Data & Privacy, Qantas Group) provided their expert opinions, with exclusive comments from ADMA’s CEO Andrea Martens.

Sarla Fernando and Peter Leonard, framed  the discussion with a presentation  that reminded the audience  of Privacy Act Review  and how the most recent report fits into that . The presentation reminded the audience that ADMA’s continues  to support the need for reform. 

“Overall, the recent report outlined 116 proposals, of which ADMA focused on the ones that were most relevant to the data-driven marketing industry, and which would impact the day-to -day operations of marketers and their interactions with customers. We are supportive of most of the proposals, some in the form proposed, some with a minor tweak and others after further consultation.”

Key Takeaways

This is the time for marketers to look inwards

The discussion that followed reminded the audience that the proposals in the Privacy Act Review Report are just that - proposals. But regardless as to whether they go ahead or not, they indicate the concerns of the government and a wider shift in privacy to improve transparency, protect the vulnerable and safeguard consumer interests. 

Before the Review progresses any further, both Lachlan Rees and Kate Friedrich urge marketers to begin scrutinising their own data through a compliance-lens. 

“The first step is to do an extensive data mapping exercise to better understand what you've got, what format it’s in, and what your business is doing with it,” said Rees. “Then look at your compliance frameworks, documentation, processes, etc. From there, you can begin to think about implementation, and what you need to change.”

Friedrich added: “All marketers should use the overhaul of the Privacy Act as a catalyst to review what you currently do, as well as what you want to do next. If you don't already know who your compliance and legal leads are, or who can help you specifically understand what the reforms could mean for current processes, find them quickly.”

The speakers pointed out that marketers should think critically about what will be impacted in their day-to-day roles if the proposals go ahead, and use this to identify any operational holes that will need to be addressed. 

Marketers are on the frontline - and it’s time to partner better with  legal 

“It is absolutely critical that marketers are at the front of the conversations we’re now having in organisations,” said Andrea Martens, CEO of ADMA. “CMOs and senior marketers are playing a really important role, and the first step is to really educate themselves and their key teams around the changes.”

Martens pointed out that leading these conversations at the board level is increasingly crucial. “CMOs and marketers have the opportunity to give fellow C-suite leaders and boards the confidence that marketers are clear on what’s going to impact the business costs, resourcing and risk, and how to navigate these issues,” she added.

Upskilling, training and communication are important parts of how marketers can feel more confident and prepared to lead these conversations. 

“My own data expertise didn’t start in the marketing space,” said Qantas’ Friedrich. “It took quite a bit of time to get up to speed with how things are done, such as moving from third party data to first party data. Help your legal and compliance teams understand exactly what you’re doing and how to better come together.”

“Often, the right legal answer is, ‘No, you can’t do this’, and we can’t expect them to offer alternative solutions if we don’t educate them on our roles,” said Suncorp’s Rees. “We need to get a collaborative discussion happening, and that requires educating the legal and information security team about what marketers want.”

Be prepared and willing to communicate concerns

Privacy regulation is a complex field. The Review outlines a number of intriguing changes, such as redefining “targeting” and the implications of de-identification. 

These amendments have any number of ways they could impact businesses - such as restricting lookalike audiences, audience segmentation, loyalty programs and opting out of advertising. For de-identification in particular, the ramifications are wide reaching and may change business-to-business.

However, the Review is still underway, and if your business is concerned about any proposals, Data Synergies’ Leonard recommends communicating these concerns  transparently, simply and through use cases to the Attorney-General’s office.

“Provide concrete practical examples of how the proposals would impact a particular business, a particular industry sector and so on,” he said. “Canberra may not be interested if you tell them a proposal may kill your business, but they may be interested if you outline how a change may not be good for consumers or citizens.”

Rees added that within his own business: “There are concerns that some restrictions may impact Suncorp’s ability to detect unauthorised or scam activity, or more generally, data for good. We’re making sure to talk to the government to ensure that reforms happening through different departments are matching up, and we’re not getting layers upon layers of conflicting regulation.”

Marketing is more than a bad headline or security breach

This is the time to stay engaged, proactive, and thoughtful. There is still a long process ahead, and while Rees predicts we may not see any changes until mid-2024, there is still plenty of work to be done.

“Something we are looking into is trying to inform the extent to which the benefits are right for the individuals but may not outweigh the regulatory and compliance required,” said Freidrich. 

Rees, spends his days navigating through the financial services industry landscape which is already a regulation-heavy environment, and he supports  striving to provide clarity for consumers: “Our concerns are really that we might not be able to use data in the way we know we need to in order to manage and operate services.” 

Leonard emphasises the importance of first party data in a privacy compliant future. “All regulatory change creates winners and losers,” he said. “We don't know what the final legislation will be, but it's pretty clear that the winners will be those organisations that can use first party data more effectively than those parties who are heavily dependent on third party data.”

ADMA’s Fernando reminded the audience that even if the changes to the Privacy Act were a while away, there was plenty that marketers can start to do now because ‘applying best practice goes above just thinking about the law, it aligns with what is good practice, what consumers expect and what the law is attempting to achieve’.

This starts with building a strong privacy-compliant foundation, upskilling your team, and eliminating inefficiencies in your operations. This will all help your business to be prepared for whatever the new Privacy Act may be.