Privacy is a Key Factor in I-Consumer Marketing

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Panellist's Position Statement for a Session on 'Privacy - Threat or Opportunity?'

BRW Conference on 'A New Way to Market: innovative marketing strategies to generate wealth in the new economy', Sydney, 22 November 2000

Version of 6 November 2000

© Xamax Consultancy Pty Ltd, 2000

This document is at


Position Statement

A tenet of late twentieth century consumer marketing was that acquiring and analysing large volumes of data about people is essential to the efficiency of the process.

New technologies have kept appearing that promise yet more ways of gathering yet more data from yet more sources, using yet more advanced tools to analyse it in yet more sophisticated ways, and exploiting it to corporate advantage in yet more creative ways.

The Australian Direct Marketing Association (ADMA) has established a unilateral code that pretends to be privacy-sensitive, but is actually highly permissive, and has been roundly attacked by a phalanx of consumer and privacy advocacy groups.

But the advocates have been soundly defeated. ADMA's code enjoys the imprimatur of the ACCC. Moreover, negotiations with the federal Privacy Commissioner and the Attorney-General have been so successful that the federal government's private sector privacy regime provides virtual carte blanche to marketers.

The European Union, which imposes privacy controls on the private sector, threatened a personal data trade war with North America. But the U.S. Administration has forced the E.U. to accept that a self-regulatory 'safe harbor' is good enough for American consumers. That makes it more likely that the very modest provisions of the current Australian Bill might be enough to prevent the less scary idea of Europe declaring Australia to have inadequate privacy protections.

Things look like they're going pretty well, don't they?

If you think so, then you're kidding yourself.

Most marketers are seriously out-of-touch with their surroundings. They continue to apply the longstanding approaches that worked in the mass-media / broadcast era, despite the fact that the world has changed.

Since commercial application of the Internet commenced in October 1994, there's been a succession of misguided fads that fizzled. The result has been that, of all growth metrics on the Internet, about the worst of the lot has been the uptake of consumer e-commerce.

Moreover, consumers are increasingly aware of the extent to which marketers have been playing it fast and loose with their personal data. Computer users with their hands on keyboard and mouse aren't in the same comatose state as the couch potatoes in front of their TV sets. As a result, the net-consumer is less submissive than the placid shopper of the past. There's an upwelling of consumer resistance against the Neanderthal, 'consumer as quarry', conquest model of marketing, with its visual and aural assaults on the human senses.

If you're sceptical about that argument, watch developments in the coming months. I argued a couple of years ago that generic privacy legislation had already become inevitable in the U.S., because of the predacious behaviour of Internet marketers. During the last six months, a succession of corporate and industry association executives have swung around to that view (and, predictably, are hard at work trying to ensure that the legislation is as weak as possible).

There's an alternative approach to consumer marketing.

Some clues as to how consumer marketing could be consensual and non-invasive are buried deep down in some of the recently and currently fashionable ideas like one-to-one, mass micro-, interactive, viral and permission-based marketing. But unfortunately those insights are masked by the longstanding habit of using military imagery (consumer as 'target', customer 'capture', marketing initiative as 'campaign', 'exploitation' of the customer base), and the differently aggressive notion of infecting your customers with viruses.

There's a body of principles and procedures for establishing a corporate privacy strategy.

When applied to consumer marketing, the following principles emerge:

Note that the words 'consent' and 'permission' don't refer to the presumption of consent - which is what's central to the 'opt-in' notion so beloved of marketing predators. 'Consent' and 'permission' mean, quite unequivocally, 'opt-in' that is informed, express, freely-given, specific and bounded in scope, variable and revocable.

Regrettably, I fear that many marketers, with stars in their eyes, will exploit new technologies to mount yet more assaults on consumers. That will further worsen the plummeting confidence that people have in the corporations that they have to deal with.

On the positive side, that means that there's a real opportunity for those marketers who are aware of consumer sensitivities to steal market-share away from the Neanderthals.

The remainder of this document provides access to many documents produced as a result of many years of research into the topic of privacy and consumer e-marketing.

Key Sources

'Direct Marketing and Privacy', Proc. AIC Conf. on the Direct Distribution of Financial Services, Sydney, 24 February 1998, at

'The Willingness of Net-Consumers to Pay: A Lack-of-Progress Report', Proc. 12th International Bled EC Conf., Slovenia, June 1999, at

'E-Consent: A Key Issue in the New E-Context' KPMG Conference, Barossa Valley, May 2000, PowerPoint slides

'The Packer / PBL / Acxiom InfoBase', November 1999, at

'Issues in Technology-Based Consumer Transactions', Proc. Conf. Society of Consumer Affairs Professionals (SOCAP), Albert Park, Melbourne, 26 September 1996, at

'Privacy, Dataveillance, Organisational Strategy' (the original version was a Keynote Address for the I.S. Audit & Control Association Conf. (EDPAC'96), Perth, 28 May 1996). At

Privacy Amendment (Private Sector) Bill 2000

'Submission to the Inquiry into the Privacy Amendment (Private Sector) Bill 2000' by the Senate Legal and Constitutional Legislation Committee, September 2000, at

'Submission to the Inquiry into the Privacy Amendment (Private Sector) Bill 2000' by the House of Representatives Legal and Constitutional Committee, May 2000, at

'Privacy Bill needs much more work', the Australian Computer Society column of The Australian, 15 February 2000, at

'Submission to the Commonwealth Attorney-General, re: 'A privacy scheme for the private sector: Release of Key Provisions' of 14 December 1999', January 2000, at

'Requirements of a Co-Regulatory Privacy Protection Regime', Communications of the ACM, 42, 2 (February 1999) 60-67, at

'Supplementary Submission to the Senate Legal and Constitutional References Committee's Inquiry Into Privacy and the Private Sector' 5 August 1998 , at

'Submission to the Senate Legal and Constitutional References Committee's Inquiry Into Privacy and the Private Sector' 7 July 1998, at

'Serious Flaws in the National Privacy Principles', Privacy Law & Policy Reporter 4, 9 (March 1998), at

ADMA's Code

'Second Submission to ACCC re ADMA's Request for Approval of a Unilaterally-Prepared Code of Practice', for the Australian Competition and Consumer Commission, December 1998, at

'Submission to ACCC re ADMA's Request for Approval of a Unilaterally-Prepared Code of Practice', for the Australian Competition and Consumer Commission, October 1998, at

Other Sources

'Technologies of Mass Observation', 'Mass Observation Movement' Forum, Treasury Theatre, Melbourne, 26 October 2000, at

'While You Were Sleeping ... Surveillance Technologies Arrived', Forthcoming in Australian Quarterly 72, 4 (September-October 2000), at

'Beyond the OECD Guidelines: Privacy Protection for the 21st Century', January 2000, at

'Ethics and the Internet: The Cyberspace Behaviour of People, Communities and Organisations', Proc. 6th Annual Conf. Aust. Association for Professional and Applied Ethics, Canberra, October 1999; Revised version forthcoming in J. Prof'l and Applied Ethics, at

'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Proc. 21st International Conf. Privacy and Personal Data Protection, Hong Kong, September 1999, at

'Current Developments in Internet Privacy', Proc. IIR Conf. Data Protection and Information Privacy, August 1999, Sydney, at

'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999, at

'Internet Privacy Concerns Confirm the Case for Intervention', Communications of the ACM, 42, 2 (February 1999) 60-67, at

'Information Privacy On the Internet: Cyberspace Invades Personal Space' Telecommunication Journal of Australia 48, 2 (May/June1998), at

'Platform for Privacy Preferences: A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48, at

'Platform for Privacy Preferences: An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at

'Privacy Impact Assessments', Notes of 10 February 1998, at

'Privacy Advocates and the Privacy Commissioner's Discussion Paper of August 1997 Regarding (Self-)Regulation of the Private Sector', October 1997, at

'Introduction and Definitions' (August 1997), at

'Promises and Threats in Electronic Commerce' (August 1997), at

'Public Interests on the Electronic Frontier', Invited Address to IT Security '97, 14 & 15 August 1997, Rydges Canberra (August 1997),

'Privacy and Public Registers', Proc. IIR Conference on Data Protection and Privacy, Boulevard Hotel, Sydney, 12-13 May 1997, at

'Customer Profiling and Privacy: Implications for the Finance Industry', AIC Conference on Customer Profiling for Financial Services, Sydney (May 1997),

Privacy and E-Lists (May 1997), at

Protecting Your Privacy On the Internet, Seminar on 'Consumer Protection on the Internet', The Policy Network, Mitchell Library, Sydney (April 1997),

Privacy Implications of Digital Signatures, IBC Conference on Digital Signatures, Sydney (with Graham Greenleaf, March 1997), at

Exemptions from General Principles Versus Balanced Implementation of Universal Principles, at (February 1997)

'Cookies' February 1977, at

'Spam' February 1977, at

'What Do People Really Think? MasterCard's Survey of the Australian Public's Attitudes to Privacy' Privacy Law & Policy Report 3,9 (January 1997) , at

'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue', Conference on 'Smart Cards: The Issues', Sydney, 18 October 1996, at

'When Do They Need to Know 'Whodunnit?': The Justification for Transaction Identification; The Scope for Transaction Anonymity and Pseudonymity' Proc. Conf. Computers, Freedom & Privacy, San Francisco, 31 March 1995. At Revised version published as 'Transaction Anonymity and Pseudonymity' Privacy Law & Policy Reporter 2, 5 (June/July 1995) 88-90

'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At

'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994). At

'The Eras of Dataveillance' (March 1994). At

'A 'Future Trace' on Dataveillance: Trends in the Anti-Utopia / Science Fiction Genre' (March 1993) At

Panellist Profile

Roger Clarke is a consultant of long standing, with particular expertise in electronic commerce, information infrastructure, and privacy and dataveillance. His work encompasses corporate strategy, government policy and public advocacy.

He holds degrees in Information Systems from U.N.S.W., and a doctorate from the A.N.U. He has been a Fellow of the Australian Computer Society since 1985. In the mid-to-late 1990s, he was twice named by 'Information Age' magazine as one of the 50 most influential people in IT&T in Australia.

He has been an active participant in Internet communities throughout the 1990s, through seminars, conference papers, e-lists and a substantial set of community-service web-pages, including the world's most authoritative pages on 'Waltzing Matilda'.


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 6 November 2000

Last Amended: 6 November 2000

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916