Savings at a Glance, Privacy in the Balance: The True Cost of Cashback Apps

When it comes to cashback apps, most people are probably familiar with them. As the cost of living continues to rise, cashback applications like Shopback and Cashreward have become increasingly popular.

According to ABC, Australia’s most popular cashback apps, ShopBack and Cashrewards, have over 2 million users (Tong, 2024). This means that nearly one in every ten Australians reading this article is using a cashback app.

For those not familiar with cashback applications, take Shopback, one of Australia’s most commonly used cashback apps, as an example. If you purchase a pair of Nike sneakers through Shopback, the app earns a sales commission from Nike. Then, Shopback shares a portion of that commission with you as cashback.

The cashback you earn from buying the Nike shoes goes into your Shopback wallet. Once the balance in the wallet reaches a withdrawal threshold—usually no less than $10—you can transfer it to your bank account, turning it into real cash.

Privacy at a Price: The Hidden Cost of Savings

As we all know, there’s no such thing as a free lunch. Those cashback apps that help you save money might actually be collecting your personal information.

In an interview with ABC, Rafi Alam, a senior campaigns and policy advisor for the consumer advocacy group CHOICE, mentioned, “Cashback sites are able to collect a great deal of data about customers, from personal information – what you enter when you sign up to social media behaviour, contact information, shopping behaviour and insights into that.” (Tong, 2024)

Perhaps you often hear people say, “In a digital age, people no longer have privacy.” This statement actually reflects that the issues we face regarding privacy are becoming increasingly prevalent.

Situations like medical information leakage, using shopping data for unintended purposes, and concerns about security arising from the collection of geographical location data by apps all highlight the urgency of these privacy protection issues (Goggin et al., 2017).

Privacy is widely regarded as a fundamental human right, a consensus that holds both in Australia and globally (Humphry, 2024). In essence, privacy means two things: one is having your own personal space, free from intrusion; the other is having control over who sees your information and what they can do with it (Humphry, 2024).

In terms of privacy protection, Helen Nissenbaum, a privacy research specialist at Cornell University in the United States, introduced the concept of “contextual integrity.” This theory suggests that privacy is about the appropriate flow of information, rather than keeping information completely secret or stopping its flow altogether (Nissenbaum, 2018). Instead, it’s about ensuring that information flows in a manner consistent with social norms and personal expectations within a given context (Nissenbaum, 2018).

For example, suppose you download and use Shopback to buy a pair of Nike sneakers. Shopback not only earns a commission from your purchase but also collects information about you, your shopping habits and preferences. You would reasonably expect the app to focus on its main feature of offering cashback by tracking and using data directly related to cashback shopping activities, rather than using it for other purposes.

Imagine texting your upcoming travel plans with a friend, and the next day, Shopback pops up with a cashback ad for that travel destination. This might have conveniently helped with your travel plans but at the same time, invaded your private space, that is, your privacy.

Unraveling the Complex Web of Cashback App Privacy Policies

However, many users’ shopping information on cashback applications is “legally” used for other purposes after obtaining the users’ consent. Research indicates that when utilizing online services, many users typically do not read the privacy policies and terms of service of these platforms word for word (Obar & Oeldorf-Hirsch, 2020).

Even if users do read these terms, they tend to skim through just enough to reach the point where they can click the “agree” button (Obar & Oeldorf-Hirsch, 2020). This implies that users might not fully understand the content of the privacy policies or how their information will be used.

However, once the user presses the agree button, regardless of whether they understand how their information will be utilized, cashback applications can use the user’s information for other purposes, as stated in their privacy policy (Goggin et al., 2017). This is referred to as the model of notice and consent.

The current legal framework in Australia and the terms and conditions adopted by online platforms primarily operate on this “notice and consent” model (Goggin et al., 2017). Since these privacy policies are often complex and beyond the comprehension of normal users, individuals can easily be manipulated by these vague and complicated privacy policies, preventing their information from being used in the way they expect (Acquisti, Brandimarte, & Loewenstein, 2015).

Take Cashreward’s privacy policy as an example, “We collect, hold, use, and disclose your personal information primarily to… personalize your Cashrewards experience, including our offers, surveys, and interest-based ads.” (Cashrewards, 2023)

This kind of statement lacks a clear explanation for each purpose of data collection, possibly leading users to mistakenly believe their privacy expectations are respected, making the actual privacy practices potentially differ from the ways users expect their privacy to be protected.

That is, cashback apps might recommend product ads you are likely to purchase based on your shopping history. This could lead you to buy items you originally did not plan to purchase and might end up spending more than your budget (Tong, 2024).

Of course, when you ask users of cashback apps if they care about their privacy, most will say they do. But after weighing privacy against benefits, users still end up disclosing personal data to platforms or institutions. This behavior, known as the privacy paradox, indicates a discrepancy between people’s attitudes towards privacy and their actions (Chhabra, 2022).

Research shows that the pursuit of immediate convenience and benefits is the main reason users of cashback apps choose to disclose their privacy (Ho, 2022).That is, if consumers feel the rewards obtained from shopping through cashback apps are worthwhile, they are more willing to shop on cashback apps (Ho, 2022).

For these users, the benefits of using cashback apps outweigh the concerns over disclosing their privacy. Their idea is, “I’m not a celebrity; who would be interested in my information?” (Chhabra, 2022)

This perception underestimates the significance of seemingly trivial information shared within cashback apps, such as entering one’s name and birthday or sharing shopping preferences. These minor details, when accumulated, can construct a detailed personal profile, much like piecing together a puzzle. Unbeknownst to them, this profile could later be used for other commercial purposes and to make decisions closely related to their consumer activities (Chhabra, 2022).

For instance, an insurance company collaborating with cashback apps could use this accumulated data, such as the frequency of purchasing sports equipment or alcohol, to assess health risks and ultimately determine insurance premiums. Because Shopback’s privacy policy mentions that Shopback may “share your information with Shopback’s business partners” (Shopback, 2023). The user remains unaware that their simple online shopping habits have influenced their insurance quotes.

Especially for Australians, the legal framework is behind in addressing privacy issues. The legislation does not specifically cover how to deal with companies collecting and linking vast amounts of data to predict our behaviors or recommend content (Goggin et al., 2017).

Practices In Privacy Protection: What the Cashback apps should do

Although Australia’s laws are still relatively behind, for cashback apps, app developers have the opportunity to redesign and provide users with a safer environment for their privacy. In the increasingly competitive market, valuing privacy protection can become a significant competitive advantage for businesses. If users can feel the trust and transparency of businesses in data processing, it will help online services establish a higher level of user loyalty, sincerity, and trustworthiness (Ho, 2022).

Cashback applications should encourage users to change the default settings by utilizing a more accessible privacy dashboard (Chhabra, 2022). For instance, in the case of Shopback, if a user wishes to disable the app from tracking their shopping information, they need to navigate through a complex series of searches and clicks to achieve this.

A more user-friendly approach would be for cashback apps to include a toggle button directly within the account settings to enable or disable tracking, incorporating a double confirmation feature to prevent accidental toggling.

Furthermore, developers and operators crafting and enforcing privacy policies ought to be explicit and detailed. They should comprehensively list the types of user information collected, such as personal details, shopping behaviors, payment data, etc., and explain how this information will be utilized, whether for personalized recommendations, marketing initiatives, or data analytics.

Crucially, obtaining user consent should not rely on an easily ignored checkbox or a quickly tapped “agree” button; instead, it is vital to ensure that users provide informed consent, fully understanding how their information is used. Currently, most privacy policies are written in professional jargon that is incomprehensible to the average user and are excessively lengthy (Acquisti, Brandimarte, & Loewenstein, 2015). Cashback apps should adopt privacy policies that are both more concise and easier to understand.

A concise and understandable privacy policy would encourage more users to actively read it. Of course, due to regulatory requirements, most apps may not be able to shorten their privacy policies because they are required to detail their privacy obligations and content to users. However, what they can do is strive to make their privacy policies as simple, clear, and comprehensive as possible, making efforts to encourage consumers to read them.

For example, X’s privacy policy draws in users right from the start with a “Before you scroll, read this”, as well as indicating at the beginning that they have written their privacy policy in as simple and understandable language as possible (X, 2023).

Practices In Privacy Protection: What the users can do

For users, they are at a disadvantage when it comes to protecting their privacy. In 2023, Australia released an eagerly awaited review of the Privacy Act of 1988, marking an important step in privacy law reform.

This potential reform touches on a wide range of issues, including proposals to remove exemptions for small businesses that meet certain criteria, set new restrictions for targeted advertising (especially those aimed at children), and add a range of personal privacy protections such as the “right to be forgotten,” allowing people to request the removal of search results containing sensitive or incorrect information, among others (Australian Government Attorney-General’s Department, 2023).

However, the issues discussed in the review report have not yet been implemented, and the Privacy Act of 1988 is still not adequate in fully protecting user privacy. But before reforms are made, enjoying the cost savings from cashback apps should not come at the expense of personal privacy.

For now, what users can do is to read app privacy policies more carefully, actively manage our data sharing preferences, and adjust privacy settings when necessary (Acquisti, Brandimarte, & Loewenstein, 2015).

Towards the Future of Privacy Protection

In a digital age, cashback apps provide millions of Australian users with an innovative and practical way to save on expenses, thereby coping with the rising cost of living. However, these benefits are not without their costs, as privacy issues—especially concerning the collection, processing, and use of users’ shopping data—have become an increasingly pressing concern.

Consequently, cashback apps need to implement more transparent, understandable, and user-friendly privacy policies while also giving users greater autonomy to easily manage their personal information and privacy preferences.

In this process, governments and legislative bodies should also play a role, updating and improving relevant privacy protection laws and policies to ensure they can keep pace with the rapid development of the digital age.

Additionally, raising public awareness about the importance of protecting personal data, as well as how to effectively manage and safeguard one’s privacy information, is also crucial.

As technology continues to advance and society places a greater emphasis on privacy rights, consumers, businesses, and governments must work together to ensure that, while we enjoy the conveniences of digitalization, we also effectively protect everyone’s privacy rights.

Reference List:

Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science (American Association for the Advancement of Science), 347(6221), 509–514.

Australian Government Attorney-General’s Department. (2023). Privacy Act Review Report 2022.

Cashrewards. (2023). Privacy Policy. Retrieved April 10, 2024, from

Chhabra, S. (2022). Why does privacy paradox exist?: A qualitative inquiry to understand the reasons for privacy paradox among smartphone users. Journal of Electronic Commerce in Organizations, 20(1), 1–20.

Goggin, G., Vromen, A., Weatherall, K., Martin, F., Adele, W., Sunman, L., & Bailo, F. (2017). Digital rights in Australia. Retrieved from

Ho, V. T. (2022). Motivation impulses customers’ online shopping intention via cashback and rewards mobile applications. Independent Journal of Management & Production, 13(5), 1235-1255.

Humphry, J. (2024). Issues of concern: Privacy, security and digital rights [Unpublished lecture notes]. University of Sydney.

Nissenbaum, H. (2018). Respecting Context to Protect Privacy: Why Meaning Matters. Science and Engineering Ethics, 24(3), 831-852.

Obar, J. A., & Oeldorf-Hirsch, A. (2020). The biggest lie on the Internet: ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society, 23(1), 128–147.

ShopBack. (2023). ShopBack privacy policy. Retrieved from

Tong, K. (2024, March 24). Cashback apps have earned users like Viona hundreds of dollars in lifetime earnings. But are they really worth it? ABC News.

X. (2023). Privacy Policy. Retrieved April 10, 2024, from

Be the first to comment

Leave a Reply