Posted: 03 Jul. 2020 5 min. read

Privacy, trust, and consent: opting-in to what’s meaningful

Right now, there’s more pressure than ever for Australian governments and enterprises to use technology with data to protect us and our economy. But for all the protection this brings, it mustn’t distort our fundamental human right to privacy. And if we use this moment wisely, it doesn’t have to.

This year, our Deloitte Australian Privacy Index highlights the vast difference between consumer expectations and industry consent practices. Amid the first global pandemic of the digital age, individuals and communities are waking up to the power and deep value of their data, and also… to what it might mean for their privacy. As this unfolds, governments and private businesses can use the opportunity to do things differently – to do things better – and then, eventually, to do things that are amazing. While it may not be starkly apparent in the current chaos, the aperture for building trust in the digital economy is widening, and meaningful consent, and the trust and social licence that brings, is the gateway. It’s time to empower consumers to more easily opt-in to meaningful consent.

To that end, there’s an uphill climb. This year’s findings reveal that only 16% of brands offered consumers the option to opt-in to marketing activities, while 64% obtained this consent through the bundled acceptance of their privacy policy. Of these 64%, 65% limited the functionality of the website without obtaining this consent, meaning consumers have little choice but to consent to marketing activities.

Meanwhile, 83% of consumers said they are concerned by internet cookies that track their activity online and use this information for marketing or profiling purposes or to sell information on to third parties. And while misuse of personal information continues to hit headlines, none of the top 100 consumer brands in Australia met consent best practices for cookie management.

Half of surveyed consumers stated they had given consent (when they had previously refused) because they were tired of being asked continuously by the same service. We already know that more than 40% of our working population, that’s Millennials and Gen Z, feel this fatigue, and are losing trust in business and government when it comes to consent [1]. In fact, Deloitte research shows that globally, many in this cohort have stopped or reduced a business relationship because of the amount of personal data a company requests, or because of a company’s inability to protect their private data, or because of the way a company tracks or customizes their shopping and online behaviours. That’s a significant proportion of disenfranchised consumers, and a significant percentage of current and future leaders who can make change happen with their behaviour.

The consent gap is confronting, but it’s one that correspondingly shows where the greatest prospects are – for those willing to use them. So, what does good consent look like? And how do we do it well? In 2019, the Chief Data Officer at one of Australia’s leading banks asked us this exact question. And it’s why we chose consent as this year’s theme.

Good consent has certain qualities, it must be voluntary, and it must be singular when it’s for something that is either unnecessary for the service a person seeks, or for something that would reasonably be considered intrusive. And even in times of crisis, Australians don’t like being marketed to without opting-in, or when consent is bundled, and we haven’t meaningfully agreed to it. And yes, striking the balance between the optimal user experience and obtaining meaningful consent differs across platforms and use cases. But there are key actions that brands and corporates can take to increase operational efficiency, increase transparency, and grow consumer trust by getting their consent practices right. 

Right now, every organisation in Australia processing personal information must do better – and then continue to improve on that basis. With the increased social licence that comes from demonstrating consent best practice, we will begin to see powerful benefits across our economy and in our communities that freer use of data can bring. And then, in time, when we’ve opted-in to what’s meaningful, we can get on with making that meaning into something amazing.   

This year we have examined the behaviours of the top 100 brands in Australia where they operate using ‘consent’ as the basis for processing personal information. We have then compared this behaviour against what 1000 Australian consumers told us constitutes meaningful consent to them. Find out more about the methodology by downloading the full report.


[1] Deloitte Millennial Survey 2019

More about the author

Daniella Kafouris

Daniella Kafouris

Partner, Risk Advisory

Daniella is a Partner in the Deloitte Australia Risk Advisory Cyber team with a core focus on Data Privacy compliance and advisory. She has been with Deloitte for over 10 years working across multiple industries and focus areas within Risk Advisory. Daniella is an experienced lawyer with a focus on information communication and technology law, data privacy law, the regulatory environment and has experience in third-party risk management. She has led more than 95 compliance engagements over the last 14 years and successfully implemented multi-disciplinary projects across multiple industries. Many of Daniella’s engagements have had a cross-jurisdictional flavour where multiple regulations and standards in the data privacy context have been taken into consideration. Daniella has worked with specialists and experts across the globe in countries such as Belgium, United Kingdom, Italy, United States, Canada, Spain, China, Singapore and Australia. She is known for her global expertise on the topic of data privacy in cyber. Her cross-jurisdictional experience has provided a global approach to problem solving for her clients where she is able to connect with individuals across various countries and gain the support required to resolve complex data privacy problems. Many of these complex problems have been in the fields of Fintech (with regards to new start-ups) and cybersecurity risks that have caused reputational damage and regulatory issues from a data privacy perspective.