Protecting Consumer Privacy

Center for Consumer Privacy and Innovation

NRF has launched a retailer-led initiative intended to promote and protect innovation in the retail customer experience. Learn more.

Safeguarding consumer privacy is one of retailers’ top priorities and has been from catalog mailing lists all the way to today’s mobile apps. That’s because retailers know establishing a loyal and long-term relationship with customers requires more than just providing access to merchandise at prices they are willing to pay. Retailers are required to win customers’ trust in the hyper-competitive marketplace that stretches from Main Street to online. One element of that trust lies in the information retailers gather about customers to better serve them and win their business. NRF supports a consumer-centric approach to data protection under state and federal laws.

There are many ways in which data drives retail and the customer experience:

  • Consumer information – from addresses to credit card numbers to buying preferences – allows retailers to offer customers products, services, value and convenience that would be difficult to offer otherwise.
  • Consumers today are increasingly sensitive about the personal information they disclose and expect their information to be handled confidentially.
  • Virtually all retail customers are willing to trade some personal information for valuable and convenient benefits. This is how customers stretch their dollars and realize tangible benefits beyond the purchase itself.
  • Retailers go to great lengths to adopt policies and practices that put customers first and invest billions of dollars each year in technology to collect, analyze, use – and protect – customer information. 
  • Government regulations should not restrict benefits and services consumers enjoy in their shopping experiences in the real world. 
inserting credit card with chip

Like retailers, lawmakers and regulators are concerned about the use, abuse and protection of consumer data. The result has been an increasing number of initiatives ranging from the state level to national to international. In their attempt to protect consumers, however, some of these efforts are so far-reaching that they would interfere with retailers’ ability to offer the customer service Americans demand. Loyalty programs, discounts, free shipping and other benefits are among the most common services threatened by these initiatives. If adopted, consumers could find themselves asked to grant permission to use information every time they visit a store or click on a new web page, and asked to provide the same information repeatedly if retailers are not allowed to retain the information.
 
Americans are more comfortable with data sharing than policymakers understand. They are savvy shoppers and quite sensitive to the types of information they are willing to share in exchange for retail services and benefits. Americans reject bothersome requests, intrusiveness and hidden programs, but favor transparency, convenience, discounts and value. Many of the new laws and regulations being adopted threaten the dividends consumers receive for selectively sharing their data


Federal Legislation

Principles for Federal Privacy Legislation

With the California Consumer Privacy Act now in effect and the possibility of similar legislation being passed in other states, Congress is renewing efforts to pass a federal law that would set uniform national standards and preempt state and local laws on the issue. NRF supports the concept of such legislation but believes it should cover all entities that handle consumer information – including financial institutions, telecommunications providers and others – rather than just retailers.

NRF has urged Congress to adopt legislation that “promotes consumer privacy across all industry sectors.” NRF was also among 12 associations asking for a “uniform, nationwide and consumer-centric data privacy law.” In 2019, NRF and the Main Street Privacy Coalition called on lawmakers to develop a “uniform and fair framework” and outlined principles for federal privacy legislation


California Consumer Privacy Act

The California Consumer Privacy Act took effect in 2020, placing sweeping restrictions on how retailers and other business collect and use information about their customers. Among other issues, private citizens are able to sue over violations, opt out of having data shared, and demand that their data be erased. While the law currently applies only to companies with locations in California or doing business online with Californians, NRF is concerned that it could become a model for other states or Congress.

Learn more about the California Consumer Privacy Act.


European Rules

The General Data Protection Regulation is a European Union law that sets out changes to almost every aspect of consumer data processing. While the measure is aimed primarily at EU-based businesses, it also applies to companies from any country in the world that have stores in Europe, target sales to Europeans over the internet or track Europeans online. It therefore has significant implications for many U.S. retailers.

Learn more about European privacy rules.


Data Security

Among other privacy issues, Congress is debating how consumers are notified when sensitive data such as Social Security, driver’s license, bank account and credit card numbers are breached. NRF strongly supports creation of a uniform national data breach notification law that would replace the dozens of conflicting and confusing state laws currently in place across the country but is concerned because financial institutions and some other industries have sought to be exempted from the legislation. In order to truly protect consumers no matter where data is breached, NRF believes any national data breach law should cover all entities that handle consumer data, not just retailers.

Learn more about data security.

More on Privacy

California Consumer Privacy Act
 
NRF advocates for customer-centric data protection.
Read more
European Privacy Rules
 
NRF advocates for fair implementation of GDPR.
Read more
Data Security
 
NRF is committed to finding broad, long-term solutions to ensure that sensitive consumer information is protected.
Read more