Our annual take on the emerging issues that customer-facing businesses are experiencing in Australia.
Latest content in our corporate governance symposium series
Click on the following tiles to access our latest content in this series
Click to read our latest articles
Click to watch our latest webinar
Click to listen to our latest podcast
The first session of our Corporate Governance Symposium, held on 11 August 2021, featured McKinsey Associate Partner Thomas Rüdiger Smith as keynote speaker.
Moderated by Kristin Stammer, Corporate Partner & Consumer Sector Global Co-Lead, Thomas was joined by:
- Technology Partner Peter Jones and
- M&A Partner Malika Chandrasegaran
The speakers delved into the current corporate landscape, exploring the risks and opportunities that exist within the business to consumer space. A summary of the session is below.
The Mega 25 race ahead
With 2020 being a year for dramatic transformation with Covid-19, ‘Mega 25’ companies including the likes of Apple, Amazon, Tesla, and Microsoft as well as Asia players like Meituan Dianping and Pinduoduo were, similar to other years, continuing to run well ahead of the pack. These companies continue to fundamentally shape global business.
B2C platforms and ecosystems are the future
Non-traditional B2C online platforms and ecosystems such as Amazon, Alibaba and Pinduoduo are starting to change the landscape, with online ecosystems players winning and changing the B2C game in Asia and South America. Playing into instant gratification and satisfaction as well as increased customer touchpoints and an entirely different scope for expandability, from an M&A perspective, getting into a position to be part of a larger ecosystem or platform opens a whole range of broader relationships around business.
Customer behaviours are changing
Covid-19 forced many people to change their behaviours and move online and we are starting to see some of these becoming permanent fixtures. Whilst certain online activities such as home schooling have presented difficulties, tasks aimed at increasing efficiency and flexibility (such as online ordering) have translated into positive experiences for consumers, and ones they will most likely maintain. Tension exists however where those behaviours are not economically attractive for the industry or if the government doesn’t encourage or incentivise the behaviour.
Sharing is caring – the rise of alliances, partnerships and joint ventures
Customer ‘stickiness’ and loyalty is a trend that transcends the past year and Covid-19 and continue to be a focus going forward. Creating as many touchpoints and products to engage your customer, together with ecosystems that will support their experience results in greater client stickiness. This can be achieved through building alliances, entering joint ventures, creating a partnership or buying out complementary assets with the goal of creating more loyalty and a greater share of customers’ wallets as well as to scale business. This also reflects the trend in the B2C space of moving towards community and away from a purely transactional relationship to create a broader sense of community and ensure consumers follow the company for the long term.
M&A activity remains but the nature is changing
Whilst traditional M&A goals such as consolidating business portfolios and improving access to China and Asia-Pacific remain, we are starting to see a shift in the nature of the activity with a greater focus on portfolio consolidation, picking up challenger brands, data and technology capabilities and consumer proximity. Businesses need to take stock of the emerging ideas in their industry and the changes that are staring to take root.
Due diligence is key
Where M&A is being driven by expanding capabilities and acquiring adjacent business, due diligence is becoming increasingly important as acquirers have less knowledge about new models of businesses and their risks and pain points. The due diligence focus is on better understanding regulatory frameworks and compliance and how the target is dealing with the issues and the risk mitigation they have in place. Big data, ESG issues and how businesses cope and adapt to change are increasingly being put under the lens.
State of flux to continue
There is a constant state of flux with regards to data regulations and technology and will continue to be the case into the future. Whilst considering the current regulatory settings and levels of compliance when looking at acquiring targets is important so too is the need to consider their compliance now but also their approach to managing change in the short, medium and long term. Change is inevitable.
This session, moderated by Aoife Xuereb, Commercial Litigation Senior Associate featured:
The speakers explored the complex, dynamic and fragmented landscape of data privacy regulation and enforcement. A summary of the session is below.
Data is the ACCC’s ‘new frontier’, and a competition and consumer protection issue
The ACCC Chair Rod Sims has referred to data as a ‘coming battleground’.
Rod Sims has described consumer data as giving market power to organisations which collect, retain, use and distribute data. The ACCC is also concerned with data use as a consumer protection issue, especially for vulnerable customers.
In assessing your business’ risk profile, think more broadly than the narrow issue of whether the customer is being misled about data collection. The ACCC will be interested in how an organisation collects data, and whether those data give an unfair advantage over competitors or are being used to lock consumers into products, services, subscriptions or apps.
These issues underpin the ACCC’s growing enforcement action in relation to data both as a consumer privacy and competition issue.
ACCC joins other regulators looking at data
The ACCC’s increasing focus on data issues comes at a time when a number of other regulators are watching this space. For example, ASIC and APRA have started taking a greater interest in information security and cyber resilience, joining more traditional data regulators like the Office of the Australian Information Commissioner (OAIC) and Australian Communications and Media Authority (ACMA), who are responsible for privacy and spam/telemarketing respectively. Some of the ACCC’s activities, such as the Digital Platforms Inquiry, are undertaken in collaboration with the OAIC. Industry bodies complement these regulators, including the Australian Banking Association through the data handling provisions of its Banking Code of Practice.
The enforcement risks posed by each of these regulators and bodies should be considered when developing data-handling processes.
Dynamic compliance and ‘choice architecture’
Gone are the days of measuring compliance of a business’ data practices by “static” review of the terms and conditions. We are seeing a move to the assessment being a “dynamic” review that considers different customers’ perspectives, and how different classes of customers will navigate and interact with the disclosure process.
The ACCC v Google* decision demonstrates this paradigm shift and shows that regulators and the courts will take into account relevant features of the customer journey when considering data and privacy compliance. This includes considering the steps a user takes and screens they would face as they navigate apps and systems concerning data collection, data use and privacy. The reliance on behavioural economics evidence also recognises that different classes of customer value data privacy differently and will search for information to differing extents (as there is a cost to seeking more information on data privacy), and that human decision-making can be irrational or based on incomplete information.
Businesses should review the effectiveness of their data disclosures taking these factors into account, and the impact of increasingly interactive, online environments. Of course, data risks are not limited to digital platforms. The principles could equally be applied to any consumer-facing business that operates online, has an app, or otherwise collects and uses customer data.
Don’t over-promise and under-deliver
Organisations may commit themselves to a higher than necessary standard if they make statements which go beyond what is required under privacy law. For example, a statement saying “we will never disclose personal information without consent” may be unnecessarily restrictive given other available exceptions under privacy law.
Organisations should review statements that have been made historically, whether in privacy policies, notices, consents or other representations, and consider updating them going forward to allow greater flexibility. It will also be important to be mindful of previous statements made as processes may be needed to ensure that data can be handled in line with those statements if new consents are not obtained. This will often be an important consideration when looking to make new use of old data.
Will your data practices withstand a court process or regulatory investigation?
An important and emerging risk area is regulatory and court scrutiny of data practices.
One event, incident or practice can give rise to thousands of breaches in respect of thousands of customers. This argument is currently being run in the OAIC’s proceedings against Facebook. With such a broad risk of exposure, liability and reputational damage can balloon to significant, headline-grabbing levels.
Privacy reforms will shape new forms of litigation
The Government’s current review of the Privacy Act 1988 is looking at a number of levers to drive improved compliance by businesses. This includes consideration of increased penalties for breaches, a direct right of action for consumers, and a possible tort for serious invasions of privacy. The Government is also considering further funding and capability uplift for the OAIC.
Rapid change poses risks and opportunities
The world of data privacy and regulation is dynamic and in contant flux, and involves balancing what can be competing policy and business objectives.
Against that backdrop:
- Companies and in-house legal teams may need to review the way that they approach assessment of these risks .
- Literacy on the risks and regulatory approaches will be core competencies for future General Counsel and In-House Legal teams.
- These issues also provide opportunities for In-House Legal to add significant value. Data is a significant business growth driver and critically valuable asset. Planning today so that the business is better able to use data flexibly in the future is a chance to add value.
This session, moderated by Jason Betts, Commercial Litigation Partner & Global Co-Head of Class Actions, featured:
The speakers explored the class action risks emerging for consumer-facing businesses including the changing class action landscape and the future of the space. A summary of the session is below.
Consumer-facing class action risk
With their broad consumer base, coupled with the significant availability of litigation funding, consumer-facing businesses have a unique exposure to class action risk. The class action procedure provides an efficient means of resolving a large number of cases with common features. Consumer-facing businesses, with their standardised sales practices and products which affect a potentially large group of customers can give rise to the potential for a large class of group members with numerous common questions of fact and law.
Regulation of litigation funders
The growth of class actions in Australia shows no signs of slowing, despite the new litigation funding regulatory regime, which apply AFSL and MIS requirements to litigation funders. Funders have adapted, and will continue to adapt, to the new regulatory regime. In addition, there has been a growth in the number of use of other funding arrangements such as ‘no win, no fee’ arrangements and the use of the new power in Victoria to order group costs orders.
Continuous disclosure and misleading conduct reforms
The temporary reforms to the Australian continuous disclosure regime made last year have now been made permanent. The reforms introduce a new fault element, namely knowledge, recklessness or negligence, into the continuous disclosure obligations under the Corporations Act and says that a failure to disclose material information will not constitute misleading or deceptive conduct under s1041H of the Corporations Act. The impact of this change on the frequency of the commencement of shareholder class actions will remain to be seen.
Group Costs Orders in Victoria
The power to make a “Group Costs Order” was introduced into Victorian legislation last year. This power permits the Supreme Court of Victoria to make an order early in a class action proceeding that the plaintiff law firm be paid for its legal services by way of a percentage of the damages awarded to the plaintiff and group members, rather than by rendering invoices for the number of hours spent providing those legal services. No decision has yet been made using this new power and we will wait to see how the threshold test for accessing such an order will be applied.
Resolution of class actions
The potential for an early settlement in a class action is difficult due to the need to obtain clarity about the quantum of the claim, as well as its merits. Ordinarily group members are not required to take a step in the class action until after the initial trial. Particulars of loss from group members are not required to be provided. In these circumstances the parties must look for alternative ways to estimate the quantum of the claim. Recent case law in New South Wales and the Federal Court has indicated that the Courts cannot make orders to close the class in advance of a mediation.
The problem of multiplicity of proceedings
The issues that arise when multiple overlapping class actions are filed and possible solutions were considered in-depth by the Federal Parliamentary Joint Committee on Corporations and discussed at length in its report last year. Those issues continue to affect all participants in the class action landscape.