In another illustration that the Australian Competition & Consumer Commission (ACCC) intends to be involved front and centre in relation to the protection of data held by companies in respect of their consumers, it has announced this week that it has commenced a Federal Court proceeding alleging that Google engaged in misleading or deceptive conduct by asking consumers to click an “I agree” button without consumers being explicitly informed about certain data collection changes to which they were purportedly agreeing.
In this regard, the ACCC alleges that Google did not obtain its users’ explicit informed consent to the expanded collection of data about them when updating a policy regarding customer data collection. The effect of the policy change was to collect personally identifiable data about consumers’ Internet activity even when not using Google services, where previously that had not been the case.
At face value, privacy issues are regulated by the Office of the Australian Information Commissioner (OAIC). However, this is not strictly a case about infringement of privacy, but rather using allegedly misleading or deceptive conduct to obtain consumer consent. This raises interesting issues around “click-wrap” agreements generally that will go beyond only privacy policy updates and data collection. Although general opinion is that click-wrap agreements will be valid if consumers have been afforded proper opportunity to read the terms and actively agree, there haven’t been any cases specifically looking at them.
“The ACCC considers that consumers effectively pay for Google’s services with their data, so this change introduced by Google increased the ‘price’ of Google’s services, without consumers’ knowledge,” ACCC Chair Rod Sims alleged in the media release.
This statement about the price/value of data underpins our ongoing observations around the ACCC’s current strong interest in the protection and regulation of the collection and (mis-)management of consumers’ data.
Takeaways:
- When designing a privacy policy, it must not only substantively comply with the Privacy Act, but also be implemented transparently so that its imposition does not constitute misleading or deceptive conduct.
- There are presently few, if any, cases in Australia specifically about the validity and enforcement of “click-wrap” agreements. This will be interesting to watch.
