While we aren’t wearing orange jumpsuits, the concept of “Big Brother” in George Orwell’s iconic novel, “1984” may be closer than you think.

On the one hand, technological developments allow us to save time, money and use and store data efficiently. However, on the flip side, every time you use an in-store loyalty card or store data on a website or smartphone app, the owner of that store or app has an ulterior motive and is mining your data.

This article explains where some of that data goes, how it is used and the privacy implications.

Data Mining and Data Matching

Data is highly valuable to corporations and businesses. Correct analysis of customer data can provide marketing assistance to companies, allowing them to build customer profiles and target their marketing.

Ever wonder why your supermarket just knows you are gluten and dairy free and sends you specials on gluten and dairy free food? Every time you swipe your in-store loyalty cards to build up points for vouchers or frequent flyer points, the store is collecting a database of your likes and accordingly, targeting their marketing efforts. The best thing is you allow them to do it just by swiping. The $10 you occasionally receive off your grocery bill is a small price to pay for that valuable data.

The Privacy Act and Privacy Principles

While you may feel like this is an invasion of privacy, is it really?

The majority of the private sector and government agencies and organisations (Organisations) are subject to legislative regulation in the form of the Privacy Act 1988 (Cth) (Privacy Act). 

The Privacy Act contains a number of Privacy Principles (at Schedule 1 to the Act) (Principles) and regulates how Organisations must handle personal information.

Importantly, the Privacy Act and Principles require that all Organisations dealing with personal information (however collected) do so in a transparent manner and formulate a privacy policy to help them do this.

As a general guide, following the Privacy Act and Principles, organisations must provide notice of collection for both solicited and unsolicited personal information and keep that information secure.

There are a number of ways corporations get around this. For example:

  • They obtain your consent when you sign up to the in-store loyalty card or app (remember to read those long terms and conditions, you might just be surprised by what they contain!);
  • They remove your personal details such as name and date of birth to classify data (how many people over 30 like Camembert cheese?); and/or
  • They regulate access to the data and the way it is used.

Key Takeaways

It is important that all parties collecting information ensure that any data they collect by way of data matching or data mining does not infringe privacy obligations by adhering to the privacy principles. Even if the identity of the party the information relates to is not collected, issues can arise, even if used anonymously, it allows classification of individuals within a class of information.

What do you think? Tag us on Twitter @legalvision_au and let us know.

Emma Heuston

Next Steps

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.