How digital marketers can prepare for Australia’s privacy shake-up

In our rapidly growing, data-driven advertising landscape, privacy concerns are top of mind. In line with this, the federal government is putting forth major proposals to strengthen consumer privacy protections— potentially shifting how the advertising industry will deliver personalised ads. Rachel Glasser, chief privacy officer at Magnite investigates.

The silver lining is that media owners are well placed to navigate the impending changes, given their close relationship with consumers. Publisher-centric identity solutions are foundational to the future of advertising, giving the sell-side a key role to play in privacy compliance. As our industry adapts to a privacy-first digital landscape, here’s what marketers and digital media owners need to know to meet the moment.

The Australian Privacy Act at a glance

The Privacy Act 1988 is the legislative framework for the handling of personal information in Australia. The Privacy Act is set to undergo reforms based on the Attorney General’s Privacy Act Review Report presented this past February. Proposals include broadening the definition of personal information and changing obligations around targeted advertising. Additional end-user rights, like the right to be forgotten and the right to object to certain kinds of processing, are also being discussed. This raises concerns for digital marketers and publishers who rely heavily on user data for attribution and monetisation. Given these potential changes, how can our industry best brace for a privacy overhaul and future-proof our businesses?

Anticipating a privacy-forward future

This shift toward more privacy-forward regulation comes at a time when data is moving to the sell-side: publishers have a more direct relationship with consumers which empowers them to shape the dialogue around data privacy.

Here are some tips on how publishers can prepare for the imminent shift in data collection to continue to drive monetisation with data privacy in mind.

1. Run an internal data review.

Take a deep dive into your data by conducting a thorough internal audit. What kind of data are you processing? Are you using personal information? What elements of personal information? Even within first-party data, there is a spectrum of first-party data sets, from probabilistic to deterministic data, which may include log-ins, device IDs, or email addresses. Map out how data is being processed, and track how it flows across various marketing, HR, and operations departments.

Once you’ve completed the internal audit, it’s time to review the third parties you collaborate with. Categorise the types of data you gather, such as first, second, or third-party data, and from what kind of vendors. Analyse how your vendors source the data and how it is utilised. You should only work with data partners who are transparent with their data practices.

2. Assess your contracts.

Take proactive steps to review your legal contracts to ensure they are up to date or highlighted to be updated across the board to reflect new privacy regulations. This is especially important for contracts that involve significant sharing, licensing, or procurement of personal information.

Seek assistance from outside counsel where you may need it to help understand new contracting obligations and, where it makes sense, consider waiting until regulations are final prior to updating your agreements so that you do not need to change them twice.

3. Boost security controls.

For data to be safe, it needs to be secure. Assess your data controls, network security controls, and how you store data. Are you using clean rooms? If you’re storing data, how is it safeguarded from malware or from those who shouldn’t have access? How long is it retained for?

Develop a robust data security strategy if you still need to put one in place.

4. Enact best practices and procedures company-wide.

New policies are only effective if they’re communicated to your entire team. Provide training to your staff on how to properly handle and process personal information, how long it can be retained, how to secure it, and how to report issues. Have a plan in place for when something goes wrong, such as an incident response plan. What happens if/when there is a data breach? What’s the notification policy? What’s the policy on how to store and house personal information? Put together a comprehensive guide outlining what kind of personal information the organisation can process.

5. Fine-tune your first-party data strategy.

First-party data will take centre stage in a privacy-forward world. Developing a robust first-party data strategy will be critical to success. Here, consider your own capabilities. While some companies may boast well-established data science teams, others may lack even a single data engineer. Certain players will emerge as pioneers in privacy practices, while others may struggle to simply adapt to the new requirements.

It is essential to determine your own position in this landscape, identify what you can accomplish independently, and recognise areas where collaboration may be necessary to thrive.

That’s a lot! Where to start?

Begin by initiating internal discussions about the impact regulatory changes could have on your business. Engage in conversations with your clients to explain how these changes may affect them, short and long-term. Meanwhile, shore up your first-party data pools, and take inventory of what you currently have.

Overall, know that the future is more open, transparent, and data-led on the other side of these changes. Industry-wide collaboration will facilitate solutions that serve the entire ecosystem. For instance, initiatives like the IAB’s Privacy Enhancing Technologies (PETs) Working Group in the US, or their Transparency & Consent Framework (TCF) in Europe are helping industry players adapt to new privacy guidelines, and provide a roadmap for others to create similar initiatives.

The road ahead.

We as an industry should be clear-eyed that how we collect and process personal information will need to change as new regulations go into play. Take heart in knowing we’ve seen similar privacy overhauls take effect around the world, from the European Union and the General Data Protection Regulation, to recent state reforms in the United States. Currently, it’s a watch-and-learn approach, as regulations towards data privacy in Australia are under review. Ultimately, when you prepare for and accommodate greater privacy protections, consumers increase trust in your brand and platform, driving greater value and creating a stronger, healthier ecosystem.


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.