Could Data Privacy Be Retail’s New Competitive Differentiator?

Some say that in the new era of retail, data is gold. For others, data is oil. Whatever valuable commodity data represents, it’s key for retailers in their quest to drive innovation and differentiation in vital areas including marketing, customer experience and product development.

But new laws, regulations and tech policies are forcing businesses to completely rethink how they collect and use data. Additionally, consumers have become more aware of companies’ data collection practices and have actively responded to personalization practices they perceive as shady, intrusive or both. 

In fact, 90% of consumers say they care about data privacy, while nearly 30% have  switched companies and providers over their data policies and data sharing practices, according to research from Cisco

According to data experts, the key to adapting to this increasingly complex and ever-changing space is developing processes for communicating, managing and responding to key shifts in: 

  • New privacy laws and regulations; 
  • Industry-specific changes that affect retail tactics and tech investments; and
  • Highly targeted privacy laws around specific use cases, such as in-store tracking and biometrics.

“It is all very complex, and people rely on internal and external experts, such as privacy departments and privacy officers, to guide them,” explained Gary Kibel, who is a partner in the Digital Media, Technology & Privacy; Intellectual Property and Advertising, Marketing & Promotions Practice Groups at Davis & Gilbert LLP. “I think the retail industry has been slower to come about, largely because they probably thought it didn’t apply to them as much, but that is definitely changing.” 

The biggest change for retailers is that new regulations will have an impact on virtually all business functions and their respective investments. Specific departments — from marketing to customer experience and ecommerce — will need to own their respective data strategies and ensure they comply. And while having a Chief Privacy Officer and a supporting privacy department is beneficial, ethical data collection practices also will need to be embedded into the very fabric of the organization. 

“These are rules to live by. They’re a code of conduct born from the fact that the data you use each day to communicate with customers is never truly yours; it belongs to your customers,” explained Gavin Laugenie, Head of Strategy and Insight at Dotdigital. “In our Rise of the Responsible Marketer report, we found that 75% of [consumers surveyed] said brands could do more to ensure the safety of their data. You have to first earn their trust before you can benefit from their business.” 

As Privacy Concerns Mount, Transparency and Communication Are Key

Data from myriad surveys and research reports have painted a very similar picture: that the vast majority of consumers have no issues with companies collecting and using their personal data — if they have a good experience in return. According to Accenture91% of consumers still want a personalized online shopping experience despite the increase in data privacy concerns.

But what does that mean in today’s terms, now that ecommerce has become even more embedded in the customer experience, with digital platforms and social networks taking up more space in the modern buying funnel? 

“Privacy is now part of the marketing mix,” said Kibel. “For the same reasons you want to come up with nice creative, good messaging and good offers, privacy is becoming a differentiator. If you do something that creeps people out, they’re not going to want to use your service.” 

As a result, brands and retailers must constantly walk the tightrope between high-quality personalization and damaging consumers’ trust. “The drive for more privacy means we’re putting the power back in the consumer’s hands,” noted Vivek Sharma, Co-Founder and CEO of Movable Ink. “In today’s world, it’s imperative that retail brands get consent and build a relationship with their customer and are focused on what’s most valuable for them. This is a welcomed direction, and the sooner brands embrace this, the more loyalty they’ll engender from their customers.” 


3 Tips for Managing Data Privacy Challenges

Data security and marketing experts shared their best practices to help retailers navigate these ever-changing tides: 

  • Communicate with consumers clearly and frequently: It is legally required for businesses to communicate their practices for data collection and use, and violating these laws puts companies at risk, Kibel noted. But beyond that, ongoing communication with customers about how you’re using data to create better experiences for them is simply a good practice, because consumers are becoming increasingly aware of these issues. “We’re still largely in an ‘opt-out world’ here in the U.S.,” said Kibel. “Although some changes are making ‘opt-in’ creep into new laws, it’s still incumbent on the business to have the right disclosures in place.”
  • Create a clear value exchange: First parties such as retailers are now better able to gather and monetize their data, but they need to ensure they’re providing a clear value to their customers. “You need to explain to the consumer what the value is for them,” Kibel advised. “If you’re going to ask for their email address, explain what they get in exchange, such as better offers and more targeted ads and recommendations. You want to explain that there’s value in that exchange for the data — that they’re not just giving it up for some unknown reason.”
  • Put the customer in control and don’t over-ask: Sure, data is great, but how much do you really need to create the campaigns and experiences you have in mind? Be mindful of how much you’re asking consumers to share and how you’re allowing them to customize the experience as their expectations change. “Build a preference center specific to your organization,” Laugenie recommended. “Doing this will ensure you have a more reliable and valuable database to personalize with. You’ll always want more data because the better you know your customers, the more relevant and targeted you can be. But you don’t need to know everything about them. Date of birth isn’t required if you’re not going to send a lovely birthday message to them each year. So only collect the data you need. Anything more is just a waste of time for both parties.”

The Ripple Effects of Big Tech’s Data Sharing Shifts

Shifts in the worlds of advertising and targeting have encouraged retailers to take a hard look at how they collect and use data. Historically, marketing and ecommerce teams have relied on third-party cookies from internet activity to piece together information about their customers. Combining these cookies with first-party data from their owned properties allowed retailers to glean more insights into how target consumers interact with different apps and platforms. 

But in spring 2021, Google announced that it would remove third-party cookies in an attempt to enhance privacy on its Chrome browser (the company eventually delayed implementation of this move until 2023). Soon after, Apple announced big changes to its operating systems to put privacy front and center. With the iOS 14.5 update, apps would have to switch from an “opt out” model to an “opt in” one. Consumers will have to digitally “raise their hand” and actively say they want apps to track their activity. 

For the most part, data shows that most people are declining to share their data for ad targeting purposes. In addition, Apple’s new Mail Privacy Protection has stopped email marketers from tracking pixels and masks the IP addresses of Apple Mail users. These steps are limiting contextual personalization analysis that relies on time of open or IP address information such as location and device type. 

To effectively respond, organizations are focusing on collecting zero- and first-party data that they can use to bolster their omnichannel personalization strategies, according to Sharma. “These shifts highlight the growing importance of owned and operated channels like email, retailer’s websites, and their mobile apps. Owned channels allow brands to have a direct relationship with their customers who share data about themselves explicitly (zero-party) or [that] a brand can pick up implicitly (first-party) within a trusted communication.” 

For marketers, the value of these data types is clear: according to a recent survey of marketers75%cite first-party data as generating the greatest consumer insight, and 62% believe first-party data garners the highest ROI of any data type. 

These attitudes are inspiring retailers to invest further in customer data platforms (CDPs) and customer relationship management (CRM) solutions that can help them use zero- and first-party data to achieve one-to-one personalization at scale. 

“Brands have invested very heavily in data technology to more easily unify the disparate data points to get stronger insights into every customer and drive more efficient campaign orchestration,” Sharma explained. “However, marketers are now faced with the task of creatively activating their data treasure troves and leveraging what they know about each individual customer in a compelling way to generate those powerful and memorable customer experiences.” 

How Policy Complexity Impacts Experience Investments 

Finally, it’s important to note that governmental regulations around privacy differ from market to market and, in the U.S., from region to region. While GDPR serves as the overarching privacy law in Europe, applied to every industry and every part of the continent, the U.S. has taken a “radically different approach” in that there is not one comprehensive consumer privacy law, according to Kibel.

“We have a lot of different sectoral laws at the federal level and then at the state level there is a dearth of really comprehensive consumer privacy laws,” he explained. For example, the CCPA (California Consumer Privacy Act) became one of the nation’s first comprehensive consumer privacy law when it was passed in 2018. In 2023, Virginia and Colorado also consumer privacy laws will go into effect. 

The most notable new additions to data privacy regulations revolve around how personal information is collected in physical spaces. “These are very unique, targeted privacy laws and they are big for the retail industry, specifically around the collection of biometric information and the use of facial recognition technology,” Kibel said. “There have been laws passed in Illinois, the city of Portland, Ore. and in New York City and Baltimore around these issues and this is a big challenge for retailers, because they may have been using those technologies. But now, there are new restrictions and limitations.” 

For example, in New York City, retailers simply need to post signage in a physical location about how they’re tracking physical movement in a store, but Portland has placed an outright ban on this technology. Retailers that have implemented or plan to implement in-store tracking and analytics technology will need to look at their current tech stack as well as their experience roadmaps to determine if these new regulations will impact their investments. 

Featured Event

Join the retail community as we come together for three days of strategic sessions, meaningful off-site networking events and interactive learning experiences.



Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: