To kick off this discussion about privacy, let’s start with a little quiz.
When you see the data privacy pop-up at a new site you’re visiting, do you:
1. Click “accept” without reading a word?
2. Read 10 words, scroll down a few times, and then click “accept”?
Advertisement
3. Read every single word and carefully consider whether these statements reflect your personal standards around privacy and data use?*
*You are either a lawyer or a liar.
This is not to imply that privacy problems are all due to careless or ill-informed consumers, but experts do agree that a lack of education about what data different entities collect, as well as how they safeguard and use it, is a major contributing factor. Other challenges include:
- Privacy and data management regulations that vary from country to country and even from state to state;
- New customer touch points and sales channels, such as social networks, SMS texting and authenticator apps, create new potential access points for data breaches — the ultimate anti-privacy events; and
- The rise of retail media networks, which involve sharing customer data with stakeholders such as agencies, brands and even influencers, raises the risk of privacy violations either through negligence or malice.
Protecting Privacy vs. Making a Value Exchange
To make things even more complicated, many millions of consumers willingly trade away bits of data about themselves in exchange for higher levels of convenience; access to more personalized promotions, product recommendations and content; or even the full scope of benefits offered by retailer loyalty programs. In fact, you would likely need to be a Unabomber-style off-the-grid individual to not share at least some data points about yourself with governments, businesses and organizations.
“The existentially relevant part to retail [about privacy] is that people actually don’t mind sharing their information if they feel like they get value out of the relationship,” said Nick Kramer, Leader of Applied Solutions at SSA & Company in an interview with Retail TouchPoints. “Whether people are signing up for loyalty programs or [completing] a survey for an Amazon gift card, people are remarkably open to sharing their information.”
In many ways this is a win-win for both consumers and brands, but consumers don’t always understand the full implications of each value exchange they take part in.
“Many consumers misunderstand or overlook the implications of data sharing and struggle with complex privacy settings,” said Bharath Thota, a Partner in the Digital and Analytics practice at Kearney. “Increasing consumer education on data privacy and simplifying privacy settings are crucial. Companies investing in user-friendly privacy tools and transparent data practices will build stronger relationships with users.”
However, many businesses realize that they can use consumers’ desire for convenience to their advantage. “I think that saving my credit card information [on a site] shouldn’t be done by default, but most people don’t read that, and that’s how companies get away with it,” said Kramer. “Convenience and defaults are a big part of privacy issues. Additionally, consumers don’t really understand the risks of specific [actions they take].”
Is Privacy the New Sustainability?
While too many consumers are blasé about sharing their data, there are strong signs that they prefer to do business with companies that make privacy and responsible data management a priority.
“We’re seeing consumer preferences for privacy-friendly companies,” said Greg Williams, President of Audigent in an interview with Retail TouchPoints. “I fundamentally believe that privacy — and embracing a customer-centric view of data and how you safeguard it — is a benefit [for] companies.”
For example, Apple has made privacy a key brand pillar. “Privacy is designed in from the beginning,” with Apple products, said Kramer, and the iPhone’s privacy measures “have been the main selling point on a huge billboard in NYC for the last couple of years. That shows it’s at the forefront of consumers’ minds, and that companies view it as a differentiator. Ask consumers whether Google or Apple has a better stance on privacy, and whether it’s influencing their buying decisions.”
It’s possible privacy will grow to be as big a factor in buying decisions as sustainability has become, although it’s tougher for a company to demonstrate privacy-related achievements in the way that switching to EVs or participating in the circular economy shows off sustainability bona fides. Consumer concerns about privacy likely spike when major data breaches occur, but avoiding a negative rarely registers with the media or with public opinion. There’s an old journalism maxim: “Nobody covers all the planes that land safely, only the ones that crash.”
The Impact of Google’s Cookie Decision
Google’s July 2024 decision to essentially abandon third-party cookie deprecation on its Chrome browser has multiple implications for privacy. “Google was and is in a very tight spot,” said Audigent’s Williams. “They have antitrust issues on one side and privacy regulations on the other. I think they started going down the path of [creating a] privacy sandbox, got a certain length and realized it may or may not work.
“I still believe there’s a lot of good that will come out of the privacy sandbox, and Google is not giving up on this,” Williams added. “They’re giving up their original proposed plan, of Chrome being the sole means of driving the effort.”
If cookies do become less prevalent as a data-gathering tool, it could spell good news for pro-privacy efforts. “With third-party cookies fading out, tracking users across websites will decrease, potentially boosting consumer privacy,” said Kearney’s Thota. “Retailers and brands will shift to first-party data, collected directly from customers, fostering more trust and transparency but requiring stronger data management controls.”
Along these lines, retail media networks from brands including CVS, Wayfair and Albertsons have joined with Pinterest to create data clean rooms. The CVS Media Exchange (CMX), which has access to the more than 74 million members of the CVS loyalty program, leverages data like purchase habits and behaviors to effectively predict shopper needs and deliver more personalized campaigns.
The data is pseudonymized before it enters the clean room environment. Pinterest and integrator LiveRamp create a secure space where CMX can gauge the overlapping populations within both the ExtraCare data and Pinterest’s own platform data, without providing either CMX or Pinterest with access to the other’s identifiable data points.
How to Move Toward a ‘Privacy-First’ Model
Despite all the caveats and complexities around privacy, retailers and brands would certainly benefit from a more proactive approach to privacy, even if they don’t decide to publicize it. Experts recommended some key steps that companies can take:
1. Switch to cloud-based solutions.
“The shift to cloud technology has improved data management and privacy,” said Thota. “Major providers like AWS, Microsoft Azure and Google Cloud have superior security measures and data protection protocols compared to individual companies. They invest heavily in security infrastructure, compliance and monitoring, offering strong protections against breaches and threats. Their economies of scale enable more advanced security practices than most standalone organizations can afford.”
2. Explore blockchain data management technologies.
“Anonymized sharing of information enabled by the blockchain holds the promise of giving consumers more control over their information,” said Kramer. Blockchain would make it easier for consumers who are “willing to share a lot of information with a few select brands or entities for the things they care about,” while limiting access to their data by others. “The more the consumer can be empowered to control their information — even to take it back or have it be monetized — those models show a lot of promise in the long run,” he noted. “Customers would have a relationship [with a brand] that’s closer to the best in-person retail experiences.”
3. Improve overall data management, security technology and processes.
“There are plenty of actions that can be negative for privacy,” said Steve Ross, Director, Cybersecurity, Americas at security firm S-RM in an interview with Retail TouchPoints. “Storing personally identifiable information (PII) in plaintext is one example; having bad data hygiene (storing data longer than needed/used unnecessarily, storing data longer than defined in contractual obligations) is another bad idea.
“As with any cybersecurity question, the biggest weakness is always with the user,” Ross added. “For consumers, that typically includes falling for phishing emails pre- or post-transaction, and for the retailer, it’s typically cross-site scripting (XSS) attacks and e-skimming. A robust information security team is critical in defending the organization from these types of threats. For the consumer, education and awareness are the best defenses.”
