Spotlight on data protection and e-commerce law for hotels in Australia

All the questions

Data and hotel technology

i Privacy regulations in Australia

Given the growing acceptance of data privacy as a right, it is imperative that hotel operators collecting data comply with the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) which accompany it when collecting, using and disclosing personal information. , as well as when disclosing such data to foreign counterparts. Below we highlight aspects of the Privacy Act that are relevant to hoteliers.

Privacy Act and Applications

APPs regulate the use of personal information, which includes any information about an identified or reasonably identifiable individual. Stricter rules apply when it comes to sensitive information, which includes personal information about a person’s health, criminal record, membership in a professional or trade association, political opinions, religious beliefs, etc. . collection and notices, marketing use, disclosures and storage comply with the Privacy Act and APPs.

Hoteliers must also comply with data breach notifications when required under privacy law, involving data breach assessments within 30 days and (if required) reporting details of the breach to those affected and to the Australian Information Commissioner.

Cross-Border Data Disclosure

Global hotel chains operating in multiple jurisdictions (or even outsourcing operations overseas) raise concerns about how data is handled. After disclosing the information to an overseas related entity, under Section 16C of the Privacy Act, the Australian entity will be liable for any act or practice of the overseas recipient that violates the APPs. It is often preferable to implement a data processing agreement.

The APP8 requires hoteliers to take reasonable steps to ensure that the foreign recipient does not breach the APPs, unless the recipient’s jurisdiction applies at least as sensitive and stringent practices as its Australian member.

ii The Australian Consumer Law (ACL)

ACL will provide many consumer protections that could affect how hotel operators handle data, including the following.

Misleading or deceptive conduct

The ACL prohibits engaging in misleading or deceptive conduct, such as:

  1. inaccurate room photos or descriptions on the hotel website;
  2. deceptive techniques used by third-party platforms engaged by the hotel to sell reservations; and
  3. manipulation of online reviews in a way that creates a misrepresentation.

The Australian Competition and Consumer Commission (ACCC) has been particularly active and recently won a case against hotel price comparison website Trivago for making misleading claims about hotel room prices by significantly weighting search results on vendors paying Trivago the highest cost per click (AU$45 million fine).

Unfair contract terms

Unfair contractual terms are unenforceable against consumers. Examples include those that allow hotel operators to unilaterally change prices, alter the terms of a consumer’s reservation, or impose unreasonable limits on a hotel’s liability.

The ACL applies to hotels even with respect to third party goods and services that they have resold to consumers (e.g. premium TV channels or Wi-Fi) where the breached consumer warranty relates to quality acceptable, fitness for purpose or description the goods were supplied with. However, the ACL may not apply to third parties providing the aforementioned services to the hotel, so hotels should seek appropriate contractual protections where the ACL could make the hotel operator liable without recourse to the supplier.

iii Spam and Advertising

The Spam Act 2003 (Cth) (Spam Act) regulates the distribution of commercial electronic messages (e-mail, SMS, MMS or instant messages), under which commercial electronic messages may only be sent to consumers if (1) consent is obtained from the recipient, (2) recipients have access to a compliant unsubscribe feature, and (3) whether the sender is identified.12

iv Australian Competition and Consumer Commission (ACCC) Reviews

In early 2020, the ACCC launched the Digital Platform Services Survey, which, among other issues, examines the provision of digital advertising services. While the review is still ongoing, hoteliers should be aware of developments in this area, particularly those related to advertising technology and data portability.

About Sandra A. Powell

Check Also

The impact of Apple’s email privacy protection, a year later

On September 20, 2021, Apple changed the email marketing landscape forever with the launch of …