With ACCC chair Rod Sims declaring that the “[data] genie is out of the bottle,” and with CDR and Open Banking on the horizon, how will brands respond to shifting consumer preferences and data ethics? Jane Headon has the breakdown.

Ever dreamed of having your very own genie? You’ve probably been inspired by Aladdin, or a certain ’70s sitcom about an astronaut and a magical bottle. Either way, a genie gives you power, whenever you care to call on it. When Consumer Data Rights (CDR) was introduced in July 2018, ACCC chair Rod Sims acknowledged the megatrend that is big data and its value to businesses and individuals, observing that “the genie is out of the bottle, now we have to decide what to do with it”. 

What are these data rights, and is this genie good or bad? And now – one year on – what have we decided about the direction of Australian consumer data and the issues of trust, privacy and transparency that surround it?

CDR shifts the balance of power

We have just seen the CDR law passed in Australia – a bipartisan-supported reform which heralds the start of a seismic shift in power dynamics between businesses and consumers. Essentially, CDR paves the wave for consumers in selected industries to take control of their own data. The financial services industry will be the first manifestation of CDR, via a regime known as ‘Open Banking’. As an example, customers will be able to take their mortgage data and offer it to other financial services providers to compare and easily switch to better services and deals.

The broad intent of Open Banking is to unlock innovation, disrupting the concentration of data (and therefore power) within large organisations, such as our big four bank oligopoly, and to lower entry barriers for a broader set of competitors, such as smaller banks and fintechs. By allowing the opportunities to flow more broadly across a vibrant financial services ecosystem, consumers will benefit from competition, choice and convenient switching. It is anticipated that over time, other industries such as energy and telecommunications will adopt CDR, further opening up the competitive landscape in Australia. 

With CDR and Open Banking launching soon, regulators are ramping up, assembling under the ACCC as the Consumer Data Standards group (comprising ACCC, OIAC and Data61). While a significant proportion relates to the technical ‘backstage’ work required – designing and building the pipelines for robust, secure data sharing – there has also been good progress ‘front stage’ – how customers will exercise their rights to request their data and provide it securely to new service providers.

It’s refreshing (albeit expected these days) to see a strong human-centred design approach being brought to this new paradigm, with highly consultative and transparent research conducted via the Consumer Experience Workstream, one of four workstreams being conducted by the Consumer Data Standards group. The big four banks are also ramping up preparation for the freshly legislated changes, as well as doubling down on customer experience improvements, so that customers who will soon be able to switch services more easily than ever, will choose not to.

Designing for the privacy paradox

A paradox that designers need to work with is the dissonance between what we say and what we do. Consumers say that they care deeply about privacy, yet will often readily share personal information without due diligence (who reads those lengthy ‘Terms and Conditions’ anyway?).

Research reveals that many of us feel powerless when it comes to data sharing requests, and that we are coerced into giving it all away via click wrap agreements forever, to access a ‘vital’ service.   CDR designers are therefore creating a set of user interface patterns to guide businesses around how online data sharing consent should be requested. This should make the new (post-CDR era) process easier and clearer, and bridge the gap between the consent we are comfortable to offer, and the explicit action we consciously take.

Empowered with data – what could possibly go wrong? 

Empowered customers have loud voices when it comes to ownership and sharing of their data by businesses, and the misuse thereof. Recently, we’ve seen two of the big four under siege for data breaches, and an avalanche of opt-outs on the MyHealth Record scheme.  The recently released documentary, The Great Hack, provides a rich exposé of the Cambridge Analytica scandal, and the perils of ‘weaponising’ data for unintended consequences at a societal level.  Infamously, Facebook continues to be plagued with privacy concerns, having just incurred a $5B fine. The impending release of Facebook’s Libra cryptocurrency, which portends the potential power of combining vast reserves of personal data and financial info amplifies the concerns around data misuse.  Turns out, there’s a lot that could possibly go wrong as we learn how to embrace customer expectations around data sovereignty and privacy, and navigate sweeping regulatory changes like Europe’s Global Data Privacy Regulation (GDPR) which came into effect last year, and now our own CDR.

Keeping pace with technology 

We are waking up to confronting new privacy challenges through technological advancements that are accelerating at a rate way faster than the implementation of ethical frameworks around their use. Our local regulatory and legal authorities find themselves wading into unchartered waters, but they have been rising to the challenge. Alongside championing CDR legislation, the ACCC also just released its seminal Digital Platforms Inquiry Report, calling for reforms to counter the adverse effects of digital giants (primarily Google and Facebook) on media, competition and the economy overall. It has been watched around the world, setting a global precedent for how we rein in the two biggest data oligopolies of all.

This is not an easy trail for regulators to blaze. We seem to tolerate double standards very well. We want (and expect) free content online, and we tolerate the barrage of personalised ads that sometimes cross the creepy line. But this personalisation is often powered by detailed profiling based on our browsing behaviour. It can be unsettling to learn just how much deeply personal information based on our browsing behaviour (sexual and mental health issues for example) is acquired and traded.

The ACCC Digital Platforms report recognises the opacity and complexity of the online ad world, as does Google itself, which claims to be responding by giving users more visibility into their data and how it’s shared. If the recommendations from the report transpire into new regulatory oversight and tough penalties on a global scale, it will become even harder for Google and Facebook to have the data monetisation and the privacy cake and eat it too. 

Related: ACCC Digital Platforms Inquiry report – media industry responds »

Keeping pace with Gen Zs

The issue of data ownership, consent and privacy will become more critical as organisations begin to grapple with a customer base that is increasingly infiltrated by Gen Zs.

Gen Z (born mid-90s through the 2000s) is set to make up 40% of all consumers by 2020, and with $44 billion spending power, they will be a commercial force to be reckoned with. The ‘always on’ Gen Zs tend to share more data than Millennials, but they are fickle when it comes to brand loyalty, and will switch brands at the nudge of their favourite social influencer.

But Gen Z’s don’t want to be monetised or gamified, they want to be liberated and empowered. Planning for a new and very different balance of trust, privacy and data ownership will be particularly critical for organisations that wants to court the powerful and fast growing Gen Z audience. 

The data genie is indeed out of the bottle 

In this seismic shift, consumers are set to retake control. As the CDR wave washes over the banking industry, on to energy, then telco, then to other industries, and access to better deals becomes easier; customers will become more motivated to shop around. With an exponential rise in data streams from increasingly intimate sources such as wearables, the potential for unintended, undesirable consequences of poor data sharing practices – both intentional and unintentional – also rises exponentially.

Industries like advertising have fallen short on self-regulation, so as regulators catch up, organisations must step up, fill the gap and design for a future where data sharing will provide a positive impact to their customers’ lives. Australia does not yet have the stringent GDPR-level rules in place with their strong punitive consequences that Europe now has. The new CDR covers only a narrow part of GDPR’s scope, and there is a lot of catch-up to do with our existing privacy frameworks (eg the right for an individual to be ‘forgotten’ via data erasure).

Related: How the data ethics discussion is impacting Australia’s largest analytics business »

The recommendations in the forward-looking Digital Platforms Report will take time to action. When organisations don’t make it clear, trustworthy and secure for consumers to re-balance the data power if they want to, customers will likely vote with their feet (and their valuable future data streams).  

So one year on, the data genie is indeed out of the bottle, and we need to carefully design for good, not intractably bad, outcomes for Australian consumers. With Australia’s CDR legislation now passed, the personal data landscape is moving fast. It’s time to shore up customer experience, data strategy and trust. Let’s dream that our customers’ wishes – and their rights – will be fulfilled.  And that they’ll stick around.

Jane Headon is director strategy and consulting at Publicis Sapient

Further Reading:

• Talking ’bout the generations, again – how to really reach Gen Z and those to come soon after »
• How a data strategist used a digital mindset to save a struggling Vietnamese restaurant »

Image credit:Louis Hansel