Report "Australians for Sale: Targeted Advertising, Data Brokering and Consumer Manipulation"
This report documents the nature of some of the more troubling consumer manipulation practices currently occurring in Australia. It explores how targeted advertising affects people who gamble, consume alcohol, are experiencing financial stress, and how it affects children and young people. Each case study describes potential consumer harm and rights violations and goes on to include evidence from the ‘Xandr File’ about the nature of data that is routinely traded for targeted advertising about each of these groups.
The Xandr File is a data set made briefly public in 2021 by Microsoft that lists the ‘audience segments’ (or characteristics) that data brokers hold about Australians. These characteristics are largely gathered from online behaviour, although some are gathered from ‘geolocation’ tracking of where your mobile phone goes and are tied to digital identifiers that data brokers use to identify individuals. Xandr contains segments provided by multiple data brokers, which sometimes resell data from other data brokers. It represents just a glimpse of all the data that is secretly generated and held about Australians.
A brave, bold and strong response to this issue is necessary, and long overdue.
A wide range of measures could be implemented to curb this practice, including but not limited to:
- For the Office of the Australian Information Commissioner to enforce Privacy Principle 3.6 with regard to this practice.
- Ensuring the definition of personal information in the Privacy Act includes data related to an individual.
- Including the practice of ‘using data to exploit consumer vulnerabilities and impair consumer choice’ in the blacklist for an unfair trading prohibition under consideration by Treasury.
- Adopting a fair and reasonable test for data practices under the Privacy Act, and make it clear that it is not fair nor reasonable for online services to collect data about users to inform targeted advertising, including the use of third-party trackers and SDKs.
- Requiring opt-in consent to targeted advertising and inclusion in data brokerage services and secondary data markets. In the interim, clear and easy ways to opt-out could be considered.
- Prohibiting the disclosure of or trading in personal information where consumers have not offered expressed, informed consent.
- Introducing a best-interests or duty of care obligation that is placed on all entities involved in the collection, sharing and use of consumer data.
(Foreword co-signed by Reset Tech, CHOICE, and CPRC).