July 10, 2024

The Cost of Managing Your Privacy

As the privacy reform debate continues in Australia, a familiar concern about the burden of regulation on businesses rings through various consultation processes. But a crucial question often goes unasked: what is it costing Australian consumers?

This report:

Download Full Report

Our research reveals the time and effort required to manage digital privacy has become an overwhelming burden for Australians.

There is a hidden cost to the current privacy framework, impacting on consumers’ time, understanding, and ultimately, their right to privacy online.

Key findings

Time is required

Privacy policies are often lengthy

Some of the longest privacy policies were being in excess of 300,000 words.

0

words

And difficult to understand

Hidden privacy settings

%

45% of participants struggled to locate and adjust privacy settings.

Commonly used websites and apps make it difficult to change privacy settings

Sites or apps that took the most time to find and action a change to privacy settings included:

Todoist

Google

Binge

The Iconic

Mamamia

The five longest privacy and cookie policies included:

1. Microsoft

90,119 words

2. Meta

36,759 words

3. Whatsapp

15,280 words

4. New York Times

12,962 words

5. X (formerly Twitter)

12,622 words

Recommendations

While businesses can quantify regulatory costs, the burden on consumers often goes unaccounted for. Our research consistently reveals a stark mismatch between community expectations and current data practices.

This privacy sweep demonstrates why privacy protection shouldn’t solely rest on individual shoulders. Based on our findings, CPRC recommends the Federal Government take the following measures:

Modernise what it means to be identifiable to cover information obtained from any source and by any means.

Implement genuine privacy by default measures instead of placing the onus on consumers to opt-out of settings that are not designed with their interests in mind.

Require all businesses to assess and ensure how they collect and use data leads to fair and safe outcomes that are in the interests of their customers and the community

Empower and adequately resource the regulator to swiftly ban or restrict harmful practices that cause direct and clear consumer harms.

Provide a clear pathway for redress and support when things go wrong.

Where to from here?

CPRC welcomes the opportunity to work further on this issue with government, regulators, policy makers, academia and the community sector.

If you are in one the above groups and would like a one-on-one briefing for your organisation, contact our team today.

Download report

Links

Book a Briefing

Other reports

February 27, 2024

Singled Out: consumer understanding — and misunderstanding — of data broking, data privacy, and what it means for them

In a collaboration with UNSW Sydney, we embarked on a research to explore the landscape of data privacy and consumer perceptions.

March 29, 2023

Not a Fair Trade. Consumer Views on how Businesses use their Data

This working paper explores consumer sentiment on privacy practices and protections. CPRC conducted a nationally representative survey of 1,000 Australians on their views on how personal information is collected, shared and used by businesses.

March 16, 2023

In Whose Interest?

Australia’s privacy laws rely on notification and consent as the primary means of protecting consumers. The onus is on consumers to navigate complex privacy protections in a continuously complex digital economy. It is time to consider reforms that hold businesses accountable for how they collect, share and use consumer data. It is time to give regulators the power to pause and assess data practices that are causing or likely to cause consumer harm.