Receipts have become a big issue, with consumers reporting they are not receiving proof of purchase for items above $75.
Under consumer law, all businesses have an obligation to provide proof of purchase to consumers for goods or services valued at $75 or more.
Where a transaction is valued less, consumers have the option of requiring a proof of purchase to be provided within seven days of the transaction.
It doesn't stop there, there have been a number of concerning consumer complaints about local businesses denying paper receipts and instead requesting personal information to issue proof of purchase electronically.
Two separate consumers have reported a popular Australian fashion retailer refused to provide paper receipts without disclosure of their personal information such as a mobile phone number or email address. After one consumer declined to provide their personal information and asked for a paper receipt, they say they were told they were not allowed back in the store again.
According to the Consumer Data Right under the Competition and Consumer Act 2010, a business may not collect, use, or disclose personal data without a consumer's consent, and a consumer can withdraw their consent at any time.
The Australian Privacy Principles state that personal information must only be used for the particular purpose for which it was collected (in this case to provide a receipt) unless certain exceptions apply.
While many organisations might say it is to reduce their carbon footprint, there could be other dubious reasons why a company might request personal information.
This could include data matching with a third party to build profiles of consumers for targeted advertising based on what they learn about the consumer from the data.
The data could also be sold for a profit to exchange information on consumers. If reasonable steps were not taken to make a consumer aware that their data could be used in these ways, then the business could be in breach of the Australian Privacy Principles.
According to the Australian Community Attitudes to Privacy Survey 2023, three in five (58%) Australians do not know what organisations do with their data. People often feel they have no choice but to hand over their personal information to access a service (50% agree or strongly agree).
As there are also no regulations on how long a business can hold a consumer's personal information, this can make consumers more vulnerable to data breaches.
Under Australia's privacy laws, there are strict rules businesses must follow around governance, minimum system controls, testing, monitoring, evaluation, and reporting.
They must also comply with the Notifiable Data Breaches scheme, notifying the consumer or the Office of the Australian Information Commissioner about any serious data breach.
Under consumer law, a supplier is obligated to provide proof of purchase in a method reasonably acceptable to the consumer, which means a consumer can elect to receive a paper receipt instead of an electronic one.
