When was the last time you were asked whether you had a loyalty card while shopping? Or if you wanted your receipt to be emailed to you, rather than printed? In France, the latter will become an everyday occurrence – there are plans to phase out paper shop receipts this year to reduce the amount of rubbish thrown away.
Shoppers hand over a treasure trove of data to retailers every day, often without thinking much about it. Loyalty cards are often seen as a good way to save money – 95% of Brits are members of at least one. Personalisation is another benefit and it’s something 91% of shoppers say they want, according to Accenture.
But when e-commerce soared during the pandemic, so too did data collection. And the prospect of what comes next is starting to worry privacy campaigners.
The allure of new technology
While other sectors such as healthcare and financial services have been shaped by privacy regulation and compliance responsibilities, experts say the retail industry has been slow to address concerns about privacy. With the rapid rise of e-commerce in recent years, many retail brands don’t have large compliance teams to rely on.
That’s leading to data breaches and cyber attacks. According to PwC, the retail sector is the focus of around 4,000 data security threats every year. In Feb 2023, high street retailer WH Smith was hit by a cyber attack, with hackers accessing some workers’ data. This followed an announcement in January this year of a cyber attack at JD Sports which saw 10 million customers’ personal data compromised.
There has also been a push to invest in omnichannel technologies that promise to make physical retail stores as measurable as websites. In Australia, academics are developing technology to enhance store layouts by using in-store cameras to capture when shoppers raise an eyebrow, open their eyes or smile. Other retailers are using facial recognition technology to run checks when shoppers buy age-restricted products at self checkouts, or to enhance security. Tesco has been criticised for effectively forcing shoppers to sign up for its loyalty scheme by charging non members much higher prices. The chain even barred one man from entering a store at all because he didn’t have the mobile app or Clubcard.
As such technology becomes mainstream, privacy campaigners are fighting back. In July 2022 the privacy group Big Brother Watch submitted a complaint against Southern Co-operative for its use of facial recognition cameras in 35 of its stores for this reason. In the US, there have already been a number of lawsuits related to the use of biometric data in virtual try-on technology under the Illinois Biometric Information Privacy Act (BIPA). Brands including Dior, Louis Vuitton and Estée Lauder have all had action taken against them. Walmart’s ‘Be Your Own Model’ tool specifically recommends users wear fitted, minimal clothing and heels. While the company does not currently share these images with third parties, there may be plans to do so in the future (although a spokesperson says if that happens, the photos will be blurred and anonymised).
Seventeen other states in the US are currently in the process of introducing their own biometric data protection legislation based on BIPA so expect more lawsuits in future. In New York City, businesses are now required to post a biometric identifier information disclosure if they’re using facial recognition technology. A recent investigation by a New York Times journalist found only a few are complying.