Protecting Consumer Privacy

Center for Consumer Privacy and Innovation

NRF has launched a retailer-led initiative intended to promote and protect innovation in the retail customer experience. Learn more.

Safeguarding consumer privacy is one of retailers’ top priorities, and has been from the advent of the catalog mailing list all the way to today’s mobile apps. That’s because retailers know that establishing a loyal and long-term relationship with their customers requires more than just providing access to merchandise at prices they are willing to pay. Retailers are required to win the customer’s trust in the hyper-competitive marketplace that stretches from Main Street to online. One element of that trust lies in the information retailers gather about their customers to better serve them and win their business. NRF supports a consumer-centric approach to data protection under federal and state laws.

There are many ways in which data drives retail and the customer experience:

  • Consumer information – from addresses to buying preferences – allows retailers to offer customers products, services, value and convenience that would be difficult to offer otherwise.
  • Consumers today are increasingly sensitive about the personal information they disclose and expect their information to be handled confidentially.
  • Virtually all retail customers are willing to trade some personal information for valuable and convenient benefits. This is how customers stretch their precious dollars and realize tangible benefits beyond the purchase itself.
  • Retailers want to meet the customer where they are, so they go to great lengths to adopt policies and practices that put the customer first and invest billions of dollars each year in technology to collect, analyze, use – and protect – customer information. 
  • Government regulations should not restrict benefits and services consumers enjoy in their shopping experiences in the real world. 
inserting credit card with chip

Like retailers, lawmakers and regulators are also concerned about the uses, abuses, and protection of consumer data. The result has been an increasing number of initiatives ranging from the state level to national to international. In their efforts to protect consumers, however, some of these efforts are so far-reaching that they would interfere with retailers’ ability to offer the customer service Americans demand. Loyalty programs, discounts, free shipping and other benefits are among the most common services threatened by these initiatives. If adopted, consumers could find themselves asked to grant permission to use information every time they visit a store or click on a new web page, and asked to provide the same information repeatedly if retailers are not allowed to retain the information.

Americans are more comfortable with data sharing that policymakers understand. They are savvy shoppers and quite sensitive to the types of information they are willing to share in exchange for retail services and benefits. Americans reject bothersome requests, intrusiveness and hidden programs, but favor transparency, convenience, discounts and value. Many of the new laws and regulations being adopted threaten the digital dividends consumers receive for selectively sharing their data.

Federal Legislation

Principles for Federal Privacy Legislation

With the California Consumer Privacy Act set to take effect in 2020 and the possibility of similar legislation being passed in other states, Congress is renewing efforts to pass a federal law that would set uniform national standards and preempt state and local laws on the issue. NRF supports the concept of such legislation but believes it should cover all entities that handle consumer information – including financial institutions, telecommunications providers and others – rather than just retailers.

As Congress holds hearings on the issue this year, NRF has urged lawmakers to adopt legislation that “promotes consumer privacy across all industry sectors.” NRF was also among 12 associations asking for a “uniform, nationwide and consumer-centric data privacy law.”

In November, NRF and other members of the Main Street Privacy Coalition called on lawmakers to develop a “uniform and fair framework” as they draft privacy legislation. The coalition made its request in a letter outlining principles for federal privacy legislation that was sent to the Senate Commerce, Science and Transportation Committee; Judiciary Committee; Banking, Housing and Urban Affairs Committee, and Health, Education, Labor and Pensions Committee. The four panels earlier released Senate Democrats’ principles for comprehensive privacy legislation.

California Consumer Privacy Act

When the California Consumer Privacy Act takes effect in 2020, it will place sweeping restrictions on how retailers and other business collect and use information about their customers. Among other issues, private citizens will be able to sue retailers over violations, opt out of having data shared, and demand that their data be erased. While the law currently applies only to companies with locations in California or doing business online with Californians, NRF is concerned that it could become a model for legislation in other states or in Congress.

Learn more about the California Consumer Privacy Act.

European Rules

The General Data Protection Regulation is a 2018 European Union law that sets out changes to almost every aspect of consumer data processing. While the measure is aimed primarily at EU-based businesses, it also applies to companies from any country in the world that have stores in Europe, target sales to Europeans over the internet or track Europeans online. It therefore has significant implications for many U.S. retailers.

Learn more about European privacy rules.

Data Security

Among other privacy issues, Congress is debating how consumers are notified when sensitive data such as Social Security, driver’s license, bank account and credit card numbers are breached. NRF strongly supports creation of a uniform national data breach notification law that would replace the dozens of conflicting and confusing state laws currently in place across the country but is concerned because financial institutions and some other industries have sought to be exempted from the legislation. In order to truly protect consumers no matter where data is breached, NRF believes any national data breach law should cover all entities that handle consumer data, not just retailers.

Learn more about data security.

More on Privacy

California Consumer Privacy Act
NRF advocates for customer-centric data protection.
Read more
European Privacy Rules
NRF advocates for fair implementation of GDPR.
Read more
Data Security
NRF is committed to finding broad, long-term solutions to ensure that sensitive consumer information is protected.
Read more