Center for Consumer Privacy and Innovation

Woman at checkout counter in boutique

Retailers’ highest priority is the trusted relationships they have with their customers. In a competitive marketplace like retail, consumers have the power to choose when, how and where they shop. They are willing to provide their personal information in exchange for the products and services they expect and enjoy.

Government regulations should not impede these customer benefits and services, although many new data privacy laws and regulations, like the California Consumer Privacy Act, restrict how retailers collect and use information to serve their customers.

NRF’s Center for Consumer Privacy and Innovation will provide thought leadership and strategic counsel in public policy discussions at the intersection of retail and the consumer. Led by retailers, the center will promote and protect innovation in the retail customer experience, develop resources and solutions to assist national and state partners in their advocacy efforts, and drive emerging public policy in technologies that improve and enhance customer service.

"Retail innovation has created a frictionless shopping experience, providing access to millions of products, both online or in-store and always at our fingertips, to be delivered how and when we want."

Matthew Shay, President and CEO, National Retail Federation

Privacy principles

The Center for Consumer Privacy and Innovation advocates for the following federal privacy legislation principles:

  1. Comprehensive and uniform federal standard

    A comprehensive federal law on data privacy should protect consumers in a nationwide, uniform and consistent way.

  2. Transparency for consumers

    Consumers should be informed of the categories of personal data that businesses collect and how that data is used by them.

  3. Preserve customer services and benefits

    A federal data privacy law should preserve the ability of consumers and businesses to voluntarily establish mutually beneficial business-customer relationships, including rewards and loyalty programs.

  4. Responsibility for own conduct

    A federal privacy law should make all businesses responsible for their own conduct. It should not expose them to liability for privacy violations by their business partners, including contractors, franchises and other businesses.

  5. Statutory obligations for all

    Businesses should not be forced to hold other businesses to their privacy obligations through contracts alone. All businesses that handle consumers’ personal information should have direct privacy obligations under the law.

  6. No exemptions

    Every industry sector that handles consumers’ personal information should have equivalent obligations to protect consumers’ privacy under the law.
    Privacy Stoplight Model
    The stoplight demonstrates the types of restrictions that should apply to data in different use cases.

Customer-centric privacy approach

Effective data privacy legislation respects customer choice and should encompass three approaches to data regulation based on which business is using personal data and for what purposes,

The Center will be releasing a customer-centric privacy model this year that proposes nationwide regulations based on customer expectations with respect to business uses of data. This model will be one that could be used as the basis for federal or state privacy legislation.