The Wesfarmers group's updated privacy policy states that use of those services signifies consent to sharing of data with
other companies in the Wesfarmers group, including Kmart, Bunnings and Officeworks. But the retail giant also revealed that the personal information it collects on its customers might be sent to nations such as China, Pakistan, the Philippines, Mexico, the United Arab Emirates, the US and Britain. Under the Coles policy, personal information, defined as data that identifies someone or allows a person's identity to be ascertained, can be used in conducting risk assessments for credit and insurance. This can include name, contact and household details, transaction history and buying habits.
Coles' detailed policy description was released just before the new Australian Privacy Principles come into force this week making businesses list likely overseas recipients of personal data and conform with stricter rules. Businesses must also take reasonable steps to ensure foreign recipients do not breach the Australian principles or are operating under similar privacy laws in those countries.
A spokeswoman said Coles' global commercial partners had the highest standards of data security and that Coles followed all regulatory requirements and best-practice disclosure.To adopt the comment attributed to Mandy Rice-Davies, they would say that, wouldn't they! (Few organisations will volunteer that their protocols are inadequate, that their partners are untrustworthy and that Australian "best-practice" regarding matters such as consent is problematical.)
From one perspective the disclosure should not be news - privacy-savvy consumers (or merely people who bothered to think about the Flybuys terms & conditions) should have realised that information is being collected and shared.
The Wesfarmers businesses have been collecting and analysing data over several years. So have their competitors.
We do not know who the data has been shared with and thus cannot make an assessment about the credibility of claims that all will be well. That is a matter of trust.
The article states that
In line with the new legislation, Coles' policy enables customers to access or correct personal information it has collected about them. It does state requests may be rejected, although reasons must be provided if this happens.
Coles says it takes steps to ensure third parties protect the privacy and security of personal information and use the data only for agreed purposes and that it destroys or de-identifies personal information no longer needed. Whenever Coles' online services are used, the company logs where it was used as well as dates, times, file metadata and the links customers click on.There is of course no binding statement regarding when the data is "no longer needed" and we await definitive advice from the Office of the Australian Information Commission that goes beyond the rather vague guidelines that I discussed in the latest edition of the LexisNexis Privacy, Confidentiality & Data Protection service.
In 'A Republican Account of the Value of Privacy' (University of Melbourne Legal Studies Research Paper No. 673) Andrew J Roberts offers
an account of the value of privacy in securing the republican aims of self-government and conditions of non-domination. It describes how loss of privacy might lead to subjugation to dominating power. The republican concept of domination provides the foundation of a broad and coherent account of the value of privacy. One that encompasses circumstances in which the subject (i) suffers interference as a result of the loss, (ii) is aware that he has suffered a loss of privacy, but suffers no subsequent interference, and (iii) is unaware that he has suffered any loss of privacy, and suffers no subsequent interference. Liberal accounts explain the value of privacy in the first two circumstances by pointing to the possible effect of the loss on the autonomy of the subject, but because they focus on autonomy are unable to explain why privacy is valuable where an agent is unaware of the loss. The republican account provided here explains why loss is harmful in all three circumstances. The final part of the article argues that because privacy is a pre-requisite for effective participation in political life, and republicans consider such participation to be the essence of self-government and the means through which a polity can secure conditions of freedom, in a republican democracy individual privacy will be seen as a collective good.