ACCC warning on loyalty data

Denham Sadler
National Affairs Editor

The competition watchdog’s year-long inquiry into customer loyalty programs has reinforced recommendations from the ACCC’s earlier digital platforms inquiry for significant privacy and data security reforms.

The Australian Competition and Consumer Commission released its report into customer loyalty schemes on Tuesday, with a major focus on the data practices of these schemes.

It found that the data policies of loyalty programs are often vague and overly broad, limiting consumer control over the collection, use and disclosure of consumer data, and that customers are often unaware of the data harvesting completed as part of these schemes.

The ACCC recommended that the schemes adopt more transparent data policies, give consumers meaningful control over their data, and end the practice of automatically linking credit cards to a user’s account, which lets the company to track their spending even when not using a loyalty card.

The watchdog also said that the inquiry’s findings further reinforce the wider recommendations included in its digital platforms report for broader privacy legislation reform.

With these programs being free for anyone to use, the company’s behind them generate revenue from users’ data, much in the same way as social media platforms.

“Increasingly, some loyalty schemes generate revenue from the data they collect about the habits, interests and preferences of their customers, which can be used to profile consumers to produce insights about their purchasing behaviour,” the ACCC report said.

The linking of this data with external data sources can lead to targeted advertising and discriminatory pricing, ACCC chair Rod Sims warned.

“Many consumers are increasingly concerned about receiving targeted advertising, in some cases from companies that they have never dealt with before. There is also an emerging risk of real consumer harm if individual consumers were to be charged inflated prices based on profiling derived from their data,” Mr Sims said.

“For example, if a person’s frequent flyer data or online search history indicates they can only travel on certain dates, or otherwise based on their income, geographic location or other information collected through the loyalty scheme they may be charged extra.”

These issues are compounded by the fact that the loyalty schemes’ privacy policies are often too broad and lack transparency, effectively “preventing consumers from making informed choices that align with their privacy and data collection preferences”.

“An imbalance of bargaining power and significant information asymmetries exist between consumers and the major loyalty schemes examined in this report,” it said.

The competition watchdog also found that major loyalty programs like FlyBuys and Woolworths Reward are tracking the purchase behaviour and transaction activities of users when they shop at Coles or Woolworths even when they don’t scan their loyalty card, through the automatic linking of a payment card provided by the user.

While this practice is disclosed in the privacy policy, most consumers are unlikely to be aware of this, and are also unlikely to properly cancel their accounts and would instead just stop using the loyalty card, meaning their spending would still be tracked, Mr Sims said.

“Many consumers would be shocked to find that some supermarket schemes continue to collect their customers’ data at the checkout even when they do not present their loyalty cards. They do this by tracking customers’ credit or debit cards from previous transactions,” he said.

“When a customer chooses not to present their loyalty card, we think it is reasonable that they would not expect their data to be collected for that transaction, and we are therefore calling on the relevant schemes to stop this practice.”

The most recent inquiry has “direct parallels” with the ACCC’s digital inquiry investigation, and further backs up its recommendations on privacy law and regulations.

In the digital platforms report, the watchdog recommended updating the definition of personal information to meet current and future technology developments, strengthening notification and consent requirements, requiring the erasure of data upon request and the direct right for an individual to bring class actions before the courts for compensation.

The government has delayed its response to these recommendations which now not expected until next year.

The ACCC has already brought court action against a number of tech companies, including Google and HealthEngine, over these issues.

“The ACCC will continue to consider whether any other conduct of entities engaged in the digital economy raises concerns under the Competition and Consumer Act and whether it is appropriate for the ACCC to take enforcement action,” the report said.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories