Greenleaf, Graham; Waters, Nigel --- "Direct marketing Code of Practice hits ACCC snag" [1998] PrivLawPRpr 61; (1998) 5(4) Privacy Law & Policy Reporter 61

Direct marketing Code of Practice hits ACCC snag


ACCC proceedings

The ADMA Code

Criticisms of the Code and the draft determination

Future for voluntary privacy codes

Direct marketing Code of Practice hits ACCC snag

Graham Greenleaf and Nigel Waters

The Australian Direct Marketing Association (ADMA) is facing coordinated opposition from consumer and privacy organisations in relation to its attempt to obtain from the Australian Competition and Consumer Commission (ACCC) an authorisation for its proposed Direct Marketing Code of Practice. ADMA will have to justify that its Code is in the public interest in hearings before the ACCC.

These proceedings have a broader significance than direct marketing. One of the main elements of the ADMA Code is a version of the Australian Privacy Commissioner’s ‘National Principles for the Fair Handling of Personal Information’ (see (1998) 4 PLPR 165). Consumer and privacy organisations are arguing that the direct marketing aspects of these Principles, at least in their current form, are not in the public interest (see (1998) 5 PLPR 41). They are also arguing that the ADMA Code is against the public interest because it does not include effective enforcement mechanisms.

The Privacy Commissioner has not yet completed discussions on enforcement of voluntary privacy codes, so there is as yet no formal guidance from the Commissioner on what constitutes adequate implementation of her ‘National Principles’. The ACCC proceedings will bring this question into the foreground, and could potentially set a standard of enforcement which must be met before any industry voluntary self-regulation in relation to privacy can be regarded as in the public interest.

The results of the ACCC proceedings will affect other industries. For example, the Insurance Council of Australia released in August 1998 the General Insurance Information Privacy Principles, and the banking industry is among others considering a privacy code. For all these reasons, ADMA’s application to the ACCC may prove to be the first significant test of the Federal government’s policy of relying on voluntary industry self-regulation to protect privacy.

ACCC proceedings

ADMA applied to the ACCC under s 88(1) of the Trade Practices Act 1974 (Cth) for an authorisation for its Code on the basis that the Code might have the effect of substantially lessening competition within the meaning of s 45. The ACCC can only give such an authorisation if the conduct it authorises ‘is likely to result, in a benefit to the public and that benefit ... would outweigh the detriment to the public constituted by any lessening of competition that ... is likely to result’ from giving effect to the Code of Conduct (s 90 Trade Practices Act 1974). The Commission can approve an application subject to conditions, and can also refuse an application while indicating amendments which would assist a revised application to succeed.

ADMA’s application therefore makes the case for the Code of Practice being anti-competitive, but then argues why, in its view, this detriment is outweighed by the public benefits of the Code.

The ACCC made a draft determination (see accompanying extracts) which states its opinion that ‘the extent to which these core provisions [of ADMA’s Code] will in practice benefit the public will depend upon the level of compliance with the provisions’, and that ‘the core provisions will not be subject to effective enforcement, and therefore increased compliance’, unless seven specified amendments are made to the Code of Practice. If these seven changes are made, the ACCC says it ‘is satisfied that implementation of [the Code] will give rise to public benefits which would outweigh any anti-competitive detriment that may arise’. The Commission therefore proposes to grant the authorisation, for four years, on the condition that the seven amendments are included in the Code of Practice.

Numerous consumer and privacy organisations made submissions opposing the draft determination by the deadline of 21 October 1998, and the ACCC is now required to hold a conference on the application within 30 days (s 90A Trade Practices Act 1974). The ACCC had scheduled such a conference (if one was needed) for 29 October, but after receiving submissions postponed the conference until 26 November. ADMA had planned to launch its Code in mid November.

Determinations by the ACCC can be reviewed by the Australian Competition Tribunal.

The ADMA Code

ADMA’s Direct Marketing Code of Practice (see accompanying extracts on p65) is a very lengthy document of over 100 clauses. A substantial part of it (Part B) deals with fair conduct relating to matters broader than privacy (misleading conduct, delivery of goods etc), and will not be discussed here. The rest relates directly to privacy issues: Part C to telemarketing, Part D to ‘electronic commerce’ (essentially, direct marketing using the internet), and Part E is a version of the Privacy Commissioner’s ‘National Principles’. Part F provides enforcement procedures relating to all parts. Clauses of the Code which are of particular significance to privacy are in the following extracts.

The ADMA Direct Marketing Code of Practice is based partly on the Model Code of Practice for the Direct Marketing Industry released in November 1997 with the approval of the Ministerial Council on Consumer of Affairs (MCCA). Part E is, of course, new. ADMA chose not to consult broadly with privacy and consumer organisations during the development of the specifics of the new Code, with the result that the ACCC draft determination and call for submissions was the first they knew of the proposed content and compliance and enforcement mechanisms.

Criticisms of the Code and the draft determination

The ACCC in its Draft Determination has identified some significant weaknesses in the proposed mechanisms (see extracts following), assessed against the ‘Fair Trading Codes of Conduct, Why Have Them, How to Prepare Them Guide’[1] and the ‘Benchmarks for Industry-Based Customer Dispute Resolution Schemes’[2]and the Australian Standard for Complaints Handling AS 4269.[3]

Consumer and privacy organisations have criticised on many grounds both the ADMA Code, and the proposal in the Draft Determination to grant it authorisation. Some submissions may be available at the ACCC web site (http://www.accc.gov.au), but are also on the home page of privacy advocate Robin Whittle, who is hosting documents relevant to the ADMA application (http://www.firstpr.com.au/issues/tm/). A selection from these criticisms follows.

• The scope of the Code is too narrow. The definition of ‘direct marketer’ (see Appendix 1) limits it to ‘direct selling’ where there is a contract for sale of goods or services negotiated at a distance (by phone, email etc), but excluding telemarketing, mail or e-mail aimed at promoting goods or services available through retail stores or other direct contact.

• It also limits the scope to where some record is kept of the transaction for further marketing purposes. Charities and other fundraisers are excluded because no contract is involved. There is little benefit to consumers of a code with such limited and arbitrary coverage, when the privacy issues are similar in all these varieties of direct marketing.

• The ADMA Code Pt E includes a version of the Commonwealth Privacy Commissioner’s National Principles, but these principles have not received endorsement from any consumer or privacy groups, and are still under re-consideration by the Privacy Commissioner (see ‘Privacy and consumer organisations’ Position Statement’ and an introductory comment ‘Privacy and consumer organisations withhold endorsement of National Principles in 5 PLPR 41). The direct marketing ‘exception’ to the limitation on use and disclosure in the current National Principles (9.3 of Pt E in ADMA’s Code), which allows some use of personal information for direct marketing unrelated to the primary purpose of collection on an ‘opt out’ basis, has been rejected in its current form by privacy and consumer groups. The ACCC’s draft determination does not examine the substance of Part E, and should not accept that the implementation in Part E of the National Principles is in the public interest without detailed further examination.

• Related to the previous point is that the Commonwealth Privacy Commissioner has not released any recommendations about the necessary compliance and remedial measures for any industry Codes which are to implement the National Principles. Given the deficiencies in the compliance and remedial measures identified in part in the draft determination, the ACCC should obtain the views of the Privacy Commissioner on adequate enforcement mechanisms in privacy Codes before deciding on the public interest aspects of this Code.

• Part E of ADMA’s Code does not clarify how the ‘direct marketing exception’ (9.3 of Pt E in ADMA’s Code) will operate in practice, merely reproducing it verbatim from the National Principles. A specific industry code should provide more detailed guidance. For example, how does the ‘direct marketing exception’ relate to ADMA’s ‘Respecting consumer preference’ clause?

• The ‘Respecting consumer preference’ clause in ADMA’s code, which allows customers to ‘opt out’ from all direct marketing through ‘Do Not Mail/Do Not Call’ facilities, does not apply to ‘current customers’ even though these customers may have expressed a specific preference.

• ADMA’s Code Authority can recommend unspecified ‘remedial action’ (clause 14 Part F), but the only sanction provided in the Code is revocation of ADMA membership (cl 15 Pt F). The ACCC’s recommended amendment 5 requiring that ‘the remedial orders and sanctions that the Authority is empowered to recommend are specified’ is completely inadequate to protect consumer interests. It will be no use ADMA specifying the powers unless those powers are in substance sufficient to protect consumer interests. If the remedies and sanctions are in substance inadequate, the principal function of this Code becomes one of providing justification to industry for otherwise controversial marketing practices, on the basis that the ACCC has endorsed these practices as being in the public interest. As the ACCC recognises in para. 6.5 of its draft, the ‘level of compliance’ is ‘most important’ in the determination of public benefit. ADMA should demonstrate that the remedies and sanctions it proposes will be effective in providing the consumer protection that the Code purports to deliver.

• The content of the remedies and sanctions in any acceptable code should at least meet international standards for privacy protection. One of ADMA’s claimed public benefits is to ‘increase access to and demand from off-shore markets’. However, Australian direct marketing organisations will face prohibition on the import of any personal information for use in direct marketing from Europe, Hong Kong and other jurisdictions with personal data export prohibitions unless they meet international privacy standards, particularly those in the European Union’s privacy directive. As the Code stands, it does not meet the EU’s requirements for appropriate enforcement mechanisms, particularly in that it does not provide for compensation to be paid, does not specify other sanctions, and (possibly) does not have a sufficiently independent system of arbitration.

• Quite apart from international standards, it is hard to see how a self-regulatory code in a consumer area such as this could provide adequate public interest protection without provision for monetary compensation in appropriate cases, as is provided for in such schemes as the Telecommunications Industry Ombudsman scheme, and as is provided for in the Commonwealth Privacy Act 1988 and similar privacy legislation.

• Part D of the proposed Code relates to the innocuously titled ‘Fair conduct relevant to electronic commerce’. Given that this is a Code concerning direct marketing, in the internet context this includes what is generally know as spam — unsolicited direct marketing by email. The ACCC is being asked to authorise, inter alia, consumer and privacy protection in relation to spam. Spam is a very contentious marketing practice, and the factors which must be taken into account in deciding public interest matters in relation to it are different from those relating to telemarketing or unsolicited snail mail. Part D clause 1 of the Code only proposes ‘the same level of protection’ in relation to spam as it does for other forms of direct marketing, and this may not be appropriate. Many individuals and organisations consider that it should simply be prohibited, on the basis that only ‘opt-in’ unsolicited commercial email is acceptable.

• The permitted hours for telemarketing calls include 8am to 9pm even on Sundays, excluding only Christmas Day, Good Friday and Easter Sunday (and even on those days if the consumer has signed some ‘ring me anytime’ form) (cll 9, 10, Pt C).

Consumer and privacy organisations are taking the approach that the lack of public benefit in the Code as it stands, and the adverse effect of the very fact of approval of such a Code by the Commission, is such that it should not be approved, despite the fact that its potential anti-competitive detriment is not very substantial. The argument is that the authorisation processes of the Trade Practices Act should not be able to be used to help legitimise practices which are seriously deficient in protecting the public interest.

Future for voluntary privacy codes

This experience of the attempted introduction of a self-regulatory information privacy or data protection Code of Practice tends to confirm the suspicions that privacy and consumer advocates have raised about the inherent weaknesses of the government’s preferred way of dealing with privacy in the private sector since it was first announced in March 1997. These weaknesses include:

• Insufficient agreement on the underlying principles on which a code is to be based.
• Little or no serious attempt at consultation with consumer representatives in drawing up an industry code.
• Minimal adoption of the ‘letter’ of privacy principles with no indication of commitment to the underlying spirit.
• Weak and potentially ineffective compliance, monitoring and enforcement mechanisms, and sanctions.
• A lack of serious remedies, or of a hierarchy of penalties and sanctions that can be applied in proportion to the seriousness of any breaches.
• A lack of independence, with control of the Code and its enforcement left with predominantly sectoral interests rather than a genuinely independent ‘umpire’.

The ACCC has almost inadvertently stepped into part of the gap left by federal and state governments’ abdication from establishing an effective regulatory scheme for the private sector. Their draft determination on the ADMA application serves notice to business in general that self-regulatory alternatives may have to have real teeth if they are to be credible enough to jump the hurdle of anti-competitive conduct.

Depending on the outcome, ADMA and other business groups considering adopting privacy principles on a voluntary basis may need to learn some lessons from a flawed attempt and come up with better designed and more effective schemes. Unless there are a significant number of voluntary privacy codes which satisfy the requirements of the Trade Practices Act, this will strengthen the argument that the only way in which adequate privacy protection is to be achieved is through legislation. The ACCC’s consideration of ADMA’s Code will be an important test case.