How marketers can collaborate with legal in the great privacy overhaul Home Resources How marketers can collaborate with legal in the great privacy overhaul Compliance How marketers can collaborate with legal in the great privacy overhaul Privacy compliance has historically been viewed as a back-office function - something for legal, IT, and data teams to manage behind the scenes. But that era is over - marketers are front and centre when it comes to managing privacy risk. The strategies they deploy, the technologies they adopt and the data they handle are now directly in the regulator’s sights, a fundamental shift for many brands. And The Office of the Australian Information Commissioner (OAIC) which is charged with actively enforcing Privacy laws, has been given a range of additional powers to strengthen its enforcement capabilities. With new enforcement tools such as infringement notices and enforceable undertakings, even minor breaches - like gaps in privacy policies or lack of consent for tracking - can carry financial and reputational consequences. Yet in many businesses, marketing teams are still playing catch-up on their privacy skills and implementation of new compliant practices. Then they are also faced with the broader challenge of demonstrating to legal teams why marketing plays a critical role in safeguarding compliance and mitigating these risks. With new penalties for serious privacy as well as the first tranche of Privacy Act reforms now having passed in Parliament, Australia’s data and privacy landscape has irrevocably shifted. The OAIC’s expanded powers mean something as small as an incomplete Privacy Policy or a failure to provide an opt-out for direct marketing could result in regulatory action. This is set against a backdrop of growing consumer expectations when it comes to their data. According to the OAIC’s 2023 Australian Community Attitudes to Privacy Survey, 47% of Australians had been caught in a data breach in the previous year and 69% expressed concerns about online tracking and profiling. Trust is eroding - and regulators are responding. Importantly, marketing is likely to be one of the most impacted business functions, particularly if the planned tranche 2 changes move ahead. The tools and tactics marketers use daily - tracking pixels, AI-driven personalisation, automated campaign decision-making - are precisely where some of the new legal scrutiny is likely to be focused. In other words, marketers aren’t just 'end users' - they’re becoming increasingly critical in implementing new privacy laws and policies for their businesses, and for finding practical solutions that ensure compliance with those laws and policies. Engaging marketing to manage organisational risk Marketers are known for innovating at speed, sometimes outpacing compliance safeguards. However recent OAIC enforcement action has demonstrated that with new technology and new innovations, comes risk. Innovation is at the heart of marketing and as an industry, we should absolutely protect that. However - balancing this innovation with privacy best practice is also critical and will be key to managing the increased privacy risks that now exist. It’s for these reasons that conversations between legal and marketing teams will become increasingly important, and will enable businesses to prevent potential missteps before they happen. Including marketing in privacy discussions will strengthen compliance efforts, and minimise the increasing business risks that arise from privacy and data management. So what should businesses be doing? We think businesses should be asking: Are we actively reviewing marketing technologies, particularly any new technologies, and ensuring our use complies with the law? Are we up-to-date with the latest OAIC determinations and any changes to our understanding of the law based on those? Are our privacy policies up-to-date with the way marketing collects and processes data? Are we being sufficiently transparent? Do we have proper consent mechanisms in place for all customer data use, including sensitive information? Is marketing involved in privacy impact assessments before launching major campaigns? If these questions aren’t being asked within your organisation, then your marketing practices might already be out of step with the law. The cost of ignoring marketing compliance Privacy laws aren’t just a legal issue anymore - regulatory action isn’t the only risk. Reputational damage is an even bigger concern. It’s a brand issue. Once a brand is publicly associated with a privacy breach, consumer trust takes a major hit. Australians are increasingly becoming aware of how their data may be used without their consent - and they’re voting with their wallets. A business caught in a compliance failure risks more than fines - it risks being seen as untrustworthy. That impact extends far beyond marketing departments. The moment an investigation begins, C-suite and board-level executives are involved. Enforceable undertakings require legal oversight, internal compliance reviews and often external monitoring - all of which consume leadership bandwidth and create ongoing operational costs. That’s why it’s important that legal and marketing teams work together, and that marketers are empowered to proactively engage legal teams early in any work on new campaigns or use of new technologies or business practices. This will help ensure that innovation can continue safely within the boundaries of privacy law. If you’re unsure where to start and wondering how the two functions can align better together, here are a few thoughts from us: Proactive education: Incorporate marketing specific practices and risks in your company’s privacy training. Marketers need to understand how tracking pixels, AI tools and automated decision-making fit within compliance frameworks as a priority; Integrated compliance reviews: Consider incorporating privacy and data compliance checks in marketing campaign approvals, alongside your advertising standards and consumer law compliance checks; Technology audits: Work jointly with legal and IT to audit tracking technologies and AI systems before they lead to compliance issues; A shared compliance mindset: Remember that compliance isn’t about restriction; it’s about building trust with customers. A privacy-first approach should be seen as a competitive advantage, not a roadblock. Engage early: Talk to your legal departments about how and when best to engage with them to ensure the best business outcome. This should be before a campaign is launched, a new AI tool is implemented, or a data-sharing agreement is signed. With stronger enforcement, higher consumer expectations, and new laws reshaping the privacy landscape, a whole-of-business approach to privacy compliance will mean better privacy and data management, better compliance, and lower legal risk. The businesses that succeed in this new regulatory environment will be those where all functions of the business work hand in hand. FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy.