Data privacy for consumers is going to be a key competitive differentiator in the Retail sector. Three emerging trends pointing to this are

• Increasing regulations around data privacy

• Chief Data Officer roles will gain more influence in organizations

• A rise in a customer-centric approach

There is no denying pandemic-forced lockdowns have boosted the growth of online retail sales. Online retail sales increased from 16% of total retail sales to 19% in 2020. This increase in online retail has resulted in an unparalleled increase in data collection and increased efforts by retailers to deliver personalized marketing. This has raised issues around the privacy and security of consumers’ personal information.

Retailers routinely use AI to analyze data from chatbots, product reviews, and social media (including from consumer interactions online) to understand the customers. Additionally, discounts and loyalty programs are continuing to be used to incentivize customers to share data.

Data privacy concerns are also being taken seriously – Apple’s App Tracking Transparency features, Google’s plan to phase out third-party cookies by 2023, and stricter regulatory penalties are making headlines. It is important for retailers to take privacy seriously and provide more transparency, security, and data ownership control back to the consumers.

Safeguarding consumer privacy has always been a priority but has taken on more urgency in contemporary online shopping and marketing that is driven mainly by data. To gain a competitive edge in the market, Retailers need to be ahead of the rapidly evolving data privacy landscape and fully adapt to changing trends.

Increasing Regulations around Data Privacy

Since the General Data Protection Regulation went into effect in 2018, consumers have been more empowered about how their data and privacy should be protected. This has since been followed by multiple regulations in different jurisdictions. California was the first US state to introduce its GDPR-equivalent data protection law, CCPA (California Consumer Privacy Act). California’s CPRA, Virginia’s VCDPA, and Colorado’s CPA will go into effect in 2023. More and more states in the US and countries worldwide are likely to pass similar data privacy laws. Currently, six states in the US have privacy bills that are actively being considered. Globally, 76% of countries have either drafted or enacted their data privacy laws, including China, Russia, Australia, and Brazil.

Since the enactment of GDPR in 2018, companies under EU jurisdiction have been fined in excess of $1.1 billion for non-compliance with data protection policies. The highest of this has been the 2021 fine of ~$0.88 billion imposed on Amazon by Luxembourg’s National Commission for Data Protection.

As more and more data privacy laws are emerging across the globe, retailers should prepare themselves to provide more transparency about their data collection and usage to the consumers and state clearly their intent for using personal data acquired from consumers. Companies should expect

● More power to individuals over their personal data

o Transparent and explicit consent collection

o Right to retract/de-identify/delete their data

● A hike in accountability

o Notification of breaches

o Expanded audits

● Increasing anonymizing of datasets to

o Secure the identities of individuals

o Address the risks of re-identification

● Appointment of privacy officers, adoption of more robust security/privacy mindset, and more regular assessments of privacy impact

The variance between these different laws will also add complexity from a compliance standpoint for companies that operate across multiple jurisdictions.

Chief Data Officer (CDO) roles will gain more influence in organizations

According to an IDC report, the collective sum of the world’s data will grow to 175 ZB by 2025. Retailers must understand that not all data share the same level of importance, focusing on the right data will provide a win-win for both retailers and consumers alike. Responding to the changing market conditions and consumer perceptions requires an ability to leverage data that is collected in a transparent and ethical manner to maintain customer trust and loyalty. This has paved the way for a new Chief Data Officer (CDO) role in the C-Suite.

CDOs will be responsible for formulating strategy, leading integrations, maximizing utility, and ensuring proper data governance. CDOs will have to work in a cross-functional manner and implement privacy and data protection laws and policies through cross-collaboration with the General Counsels, Chief Risk Officers, and Chief Information Security Officers.

For improving retail performance and strengthening competitive edge, retailers may also expand the CDO role from risk and compliance management to help Data Privacy Officers with timely, efficient audit responses. The influence of CDOs will also be felt in framing solutions to address consumer data protection trends and data privacy regulatory requirements.

Rise in customer-centric approach

The new era of data privacy demands retailers to beware of Personally Identifiable Information (PII). A retailer deals with plenty of information, usually obtained from consumers in exchange for retail services and benefits, that can identify an individual, top being email address, IP address, physical location, credit card number, name, clothing details, web cookies, and surveillance footage.

One of the core components of consumer data privacy regulations is that retailers should be transparent about their intent of acquiring PII from consumers, with consumers given the control to share information with organizations at their will. The new era of retail should comprehend the fact that now people reject bothersome requests and intrusiveness but favor transparency and convenience. According to a Deloitte Report, 90% of the consumer find personalized advertisements appealing. 80% of the consumers are more likely to purchase from a company that offers personalized experiences. But this comes with a responsibility for the retailers to provide customers with more extensive personal data controls. Retailers should initiate the following privacy strategies to comply in quicker and more accurate ways with existing and new regulations:

Customer-centric data management

• Working out a streamlined UX, comprising opt-in/opt-out, data access, and permissions information in one place.

• Upgrading to customer data platform (CDP) for holistic information aggregation and ongoing data storage and access monitoring.

Integrating privacy into the design

• Ensuring privacy right off the bat can enhance the security and privacy parameters significantly and will be a key differentiator for retailers. AI can be implemented to bring applications in line with regulatory compliances.

• Utilizing data-discovery-based AI tools, retailers can get a holistic overview of data being collected and conveniently deal with Data Subject Access Requests (DSAR).

• Maintaining evergreen data maps that integrate information from numerous sources can help retailers detect and manage risk. This can identify areas where security features could be enhanced to drive business value.

Keeping up with the pace of the market can be a major challenge for retailers. However, a comprehensive assessment of risk exposure to existing and upcoming laws along with implementing necessary technical changes can help retailers stay ahead of the competition. Ensuring consumer privacy is a critical need today. Done correctly, it can help to establish a loyal and long-term relationship with customers and, thus, a prospering future for retailers.