In this opinion piece, James Wawne, managing director of DMPG, compares Aussie supermarkets’ digital privacy offerings with the UK’s to some interesting results.

Privacy and trust in Australia are what you might describe as ‘emergent’, with privacy practices often dwindling behind our overseas counterparts. Consumers know they have the right to ask a business to delete their personal information, but when they actually try to do so, they’re left confused and disempowered.

While research backs up my assertion, it often helps to look at specific examples to really get our heads around the issue. Let’s take a look at a specific example – selected at random – and compare a leading supermarket in the UK with two leading supermarkets in ANZ to better understand how different trust practices manifest for a fictional website user.

Before we get into it, a disclaimer: this is a narrowly focussed example that seeks to provoke debate. In no way does this article assert or imply anything relating to legal compliance or meeting regulatory obligations. I am not a lawyer and my opinions are my own.

So, let’s park the legalese, take off our compliance hat and instead take a look through the eyes of a layperson and a simple scenario:

A shopper arrives on a supermarket website to buy their groceries. They have heard a lot about trust and privacy in the news recently. The shopper is curious to find out more about privacy and cookies as it relates to them and their shopping experience.

Location: UK

John arrives on the Tesco website. A prominent notification is immediately visible above the top navigation bar without obstructing his view of the website. The notification references cookies and invites him to manage his preferences. John is interested in finding out more so he clicks, ‘manage cookies’.

An overlay opens and reveals a short explanation of what cookies are and presents some controls around what they are used for with functionality that immediately provides him with the option to disable use of cookies used for ‘Experience’ or ‘Advertising’ – with short explainers against each.

John decides to dig a little deeper so clicks the ‘privacy policy’ link at the top of the page and is taken to Tesco’s ‘Privacy Centre’.

Within this site section, John can see that there is a lot of information. The content has been carefully crafted and curated to help him understand various topics relating to privacy, data usage, and staying safe online.
The text is easy to read and broken up with imagery. This makes a potentially dry topic accessible and more interesting, so John clicks around. Neat visualisations explain cookies and how they work. John clicks a tab entitled ‘Your data journey’ which visualises how personal data is used across the Tesco business.

John clicks ‘cookie policy’ and there is a long scrolling page which is not very appealing, but feeling informed and empowered to switch off advertising cookies, John confidently reverts to ordering his weekly shopping. End of experience.

Location: Australia

(Please see disclaimer above)

Our fictional consumer now goes by the name John-o. Let’s see how different his experience is when visiting two leading supermarkets in Australia.

Arriving on either site homepages, John-o has to look very closely to find small text links right at the bottom of both sites, referencing privacy in font size 12.

Neither Coles nor Woolworths provide a proactive consent management notification nor consent management functionality, as was the case with Tesco. (As at the time of testing 05/05/2021).

The screenshot of Coles homepage below is zoomed out to convey how low in prominence the text link is on the web page. This is similar to Woolworths, too.

John-o clicks through on the privacy text link on either site which takes Johno to the privacy section.

Both Coles and Woolworths sites present imagery above the fold of the privacy pages which seems reasonably inviting – as per Tesco.

As John-o scrolls down on the Coles privacy page he reveals a block of dense text, with an accordion which is used to break up further dense text content.

While cookies are referenced eight times with information outlining the applications of how cookies are used, there is nothing explaining what they are.

At the bottom of the section, Coles informs John-o that he can use his browser settings to delete or reject cookies or block javascript, but swiftly follows with a warning that such actions may limit site functionality, including not being able to add items to his basket or proceed to checkout.

John-o is put off by the warnings and reverts to ordering his weekly shopping feeling disempowered. End of experience.

A similar experience awaits John-o on the Woolworths site. While Woolworths breaks content up a little more on the privacy page, it requires John-o to click through to see a similar ‘cookies statement’ with dense text broken up using accordion functionality.

Cookies are referenced 48 times (excluding navigational links) plus an explanation of what they are and their functional applications. Further links are provided to external sites where John-o can find out more about how to manage them via browser settings.

Woolworths emphasise the need to remove cookies on every device and browser he uses, and suggest that opting out of cookies may not remove advertising and could simply make ads less relevant.

John-o is put off by the warnings and reverts to ordering his weekly shopping feeling disempowered. End of experience.

In both cases, Coles and Woolworths place the burden on John-o to manage cookies via browser settings, rather than empowering him to control the boundaries of data usage via an integrated consent management solution. This contrasts quite starkly with Tesco.

Consumer trust in Australian businesses is low and this may in large part be attributable to the fact that businesses choose to take a compliance mindset that stops at the bare minimum. It is likely that the review of the 1988 Privacy Act – due any time now – will suggest that Australian businesses go further to garner consumer trust.

In the meantime, the opportunity exists for progressive organisations to voluntarily elect to go further, to be proactive, to be competitive in trust practices. Setting a high bar in trust practices is key to the long-term health of first-party data assets and ultimately building trusting, sustainable customer relationships.