Common practices by Australia’s customer loyalty schemes could cause “widespread consumer detriment”, the Australian Competition & Consumer Commission (ACCC) has concluded in winding up a major review into the schemes’ consumer issues, data practices, and competition issues.

The ACCC’s final report into customer loyalty schemes comes as the organisation ramps up to support the full introduction of the Consumer Data Right (CDR), which will give consumers new access to, and control over, their personal information when it becomes mandatory in the banking sector early next year.

Loyalty schemes needed to improve their data practices, the organisation warned in noting that many were presenting their terms and conditions in unclear ways; making “unilateral changes” to T&Cs “in a way that may be unfair to consumers”; and collecting, using and disclosing consumer data “in ways that do not align with consumers’ preferences”.

Loyalty schemes maintained in their submissions that Australian consumers’ growing participation in the schemes confirmed that they were providing value – but the ACCC identified concerns such as unilateral reductions to the rate at which points are earned, expiration of points, and “restrictive” opportunities to redeem points.

Australian Consumer Law (ACL) prevents the making of false or misleading statements and, the ACCC warned, loyalty scheme operators should avoid “unfair contract terms” and other practices that are “incorrect or likely to create a false impression”.

This was just one of five recommendations made in the report, which also included improving how loyalty schemes communicate with consumers; stopping the use of payment card details to automatically track consumers even when they don’t scan their loyalty cards; and strengthening consent and notification requirements, including the ability for consumers to erase their personal information “without undue delay”.

“Opaque” data privacy policies should be remedied by vetting ‘clickwrap’ agreements; improving clarity and accessibility of privacy policies; minimising “information overload”; clearly outlining which consumer data is being shared, with whom, and why; being more open about third-party data sharing; and being open about limitations to the contracts.

Being more open about data sharing

Regulators received around 2,000 complaints about customer loyalty schemes between 2013 and 2018 and their operation is “a current priority” for the ACCC, the organisation noted, flagging the importance for consumers to have “a genuine opportunity to review and understand the policy and operation” of the schemes.

“In the ACCC’s experience, the number of complaints about an issue often tends to understate the extent of potential harm, and this is particularly relevant where consumers have a limited awareness about an issue…. Consumers cannot complain about problematic data practices that they do not know about.”

Loyalty schemes were actively collecting, collating, and repurposing consumer data from a broad range of interactions including details actively provided when joining, details of specific transactions, customer surveys.

Data was also being collected passively through methods such as accessing location, contacts, call logs and other details from mobile phone apps; cookie-based personalisation and behaviour tracking down to the click level; linking household members to improve profiling; tracking of social media data; usage of voice-controlled assistants and free Wi-Fi services; and more.

Many schemes were flagged for providing inadequate transparency over the extent of their use of consumers’ data, with some seeking “broad consents” for data collection while making “vague disclosures” about how that data would be collected, used, and disclosed.

Loyalty programs also partner with data brokers aggregating personal details on billions of people, mining publicly available information and cross-matching it to predict consumer behaviour.

Schemes were giving consumers “limited insight and control” over the sharing of their data with third parties, and providing “limited ability” for consumers to opt out of third-party targeted advertising.

The scope of such third-party data sharing practices has come into sharper focus since the disastrous fallout from Facebook’s data-sharing work with consumer analytics firm Cambridge Analytica – which informed the ACCC’s rebuke of data-sharing giants in the recently-completed Digital Platforms Inquiry.

“Digital platforms reliant on anticipated revenue growth from monetising consumer attention and data cannot be satisfied with anything other than a continued increase in user engagement and expansion into new markets,” ACCC chair Rod Sims noted in a recent Melbourne Press Club speech after the DPI’s launch.

Loyalty schemes were being equally opaque about their data collection and use, the ACCC concluded in its new report – in which it put the loyalty industry “on notice” and encouraged consumers to dob in loyalty providers with dodgy practices.