Our research also shows that Australians want more transparency and control in relation to how industry collects, uses and shares their data, and they expect government to regulate industry conduct in this area. For example, 73% of survey respondents agreed that the government should give consumers options to opt out of what data they can provide, how it can be used, and if it can be shared with others. Only 10% of people considered it is the individual’s responsibility to check how companies are using their data.
CPRC therefore supports the Code of Practice provisions requiring industry members to:
- ensure that personal data is protected in accordance with data protection laws, and that consumers are provided with clear and transparent information about the data that is being used, how, by whom and for what purposes, for each device and service, including any third parties
- give consumers the opportunity to withdraw their consent to personal data use
- make it easy for consumers to delete personal data in any circumstance, including on
transfer of ownership or disposal of the device. The right to delete personal data at any time is an important protection for family violence victim-survivors and other people whose personal safety is at risk
- securely store credentials and security-sensitive data such as usernames and passwords.