Award-winning research examines how consumers, retailers and regulators struggle to defend interests
Consumers, it’s 2021. Do you know where your data is?
There’s a lot more personal data out there than many retail customers realize. Most know of the cookies that track internet browsing, and some are keenly aware of the amount of information Google, Facebook, Amazon and other corporations gather. When it comes to data privacy, however, less frequently considered sources of personal data include phone apps, smart home devices and wearable technologies, which all siphon off info as they’re used. And once these companies get that data, where is it going?
“It is difficult for consumers to successfully navigate these different sources of data collection, even for those consumers who are particularly savvy,” College of Business marketing professor Kelly Martin explains. “People really have a terrible time understanding what’s going on. I would say that that’s really through no fault of their own. It’s an increasingly complex space for consumers. Their data are being pulled from a lot of sources of which they’re not even aware.”
Martin’s latest research, which was coauthored by College of Business Dean Beth Walker and others, takes a deep look at what kinds of consumer data is gathered and the interests competing for control of that information. Their work, “Data Privacy in Retail,” was published in the Journal of Retailing, and examines how consumers, retailers and regulatory agencies are shaping the debate around data privacy. The piece received the journal’s 2021 Davidson Award, which recognizes the best research published the previous year.
In the increasingly digital world, consumers’ data footprint is expanding to include more than mere purchasing data. Inferences about health, financial situations and emotional wellbeing can be drawn from aggregated purchasing patterns, information gathered from websites and smartphone apps, consumer questionnaires and other sources. This unprecedented number of data points and the power of Big Data-style analytics gives retailers and data firms the ability to know a lot – some may say a disturbing amount – about consumers.
“I think that people sometimes say, ‘Well, I don’t really have anything to hide. So sure, take my data. It’s not a big deal,’” Martin said. “I think the problem is, if everybody has that feeling, then nobody is putting checks and balances on the companies that are extracting this from us, and so it’s just kind of a free for all.”
A Broad Overview
That’s where Martin and Walker’s latest research comes in. With little policy-level oversight of data privacy coming from federal politicians, their research uses interviews with experts, a multinational consumer survey and global case studies to create a comprehensive overview of the landscape surrounding data privacy specific to the retailing sector. The pair discover that in absence of regulation, the retail landscape looks a lot more like the wild west than many realize.
Navigating the Consumer Data Wild West
Completely corralling your data in an era with few regulations may be next to impossible, but Kelly Martin provides a few basic guidelines to help guard your privacy.
Nothing is Truly Free: You may not pay to use free apps on your phone or social media websites, but you’re not getting them for free – by using them you’re providing companies access to your personal information, your browsing patterns, and other engagement behaviors.
Read the Terms of Service: Nobody likes fine print and legal jargon but knowing what data a company collects and how it plans to use it can help you make more informed decisions.
Opt Out When It Makes Sense: Once reading terms of service, consumers will discover that many companies offer them the ability to opt out of different data collections and uses. If it makes sense for you, opt out.
Know What’s Behind the Scenes: Apps and platforms may gather data beyond what you input into them, collecting browsing information, location information and, in some cases, information from mail and chat apps on your phone. Sometimes, the best protections are simply in changing a very broad setting from public to private.
Two primary interests compete in the deregulated landscape. On one hand, informed consumers to want control over data that describes their habits and lifestyle. Twentieth-century concepts of privacy and anonymity often form perspectives which may be out of synch with the information age. On the other, retailers and other corporations invested into systems that collect customer data with the expectation that they’ll be able to leverage that investment and build their business plans to do just that. Adding to anxieties, lack of regulation surrounding personal data have only muddied the water.
“Probably what’s the most scary on the firm side is if ultimately there’s a sea change where consumers now get to own and control their data,” Martin explained. “Then companies are in a lot of trouble. They’re going to really rethink what they’re doing and how they’re doing it.”
CSU College of Business professor Kelly Martin discusses the role consumer trust plays in the debate over digital privacy.
That leaves regulators in an unenviable position. Where the General Data Protection Regulation (GDPR) set clear boundaries for citizens of the European Union, there’s a lack of regulation for data and internet privacy in the United States. From a strictly policy standpoint, Martin understands the reasons for delay: Technology has moved faster than most lawmakers and just catching up to the myriad viewpoints surrounding the issue is a monumental task, let alone forming policy around it.
“It’s intangible. Having a working understanding of data privacy requires a pretty high level of sophistication,” Martin said. “I don’t know the extent to which various regulatory bodies are able to do that. It’s obviously a huge challenge.”
The Push for Regulation
Both sides of the divide hope regulators take up the issue. While it’s not surprising that consumer advocates look to constrain data sharing, many firms are also looking for signals from the government. Business hates uncertainty, and without a clear roadmap for data-sharing policy, a cloud of uncertainty hangs over any long-term strategy.
With California and Virginia already enacting their own privacy regulations – and a law introduced in the Colorado legislature earlier this month – firms face an even more uncertain future. Rather than navigating a single, comprehensive act, companies may be forced to navigate a patchwork of 50 state-level regulations.
“That’s expensive,” Martin said. “It’s costly, and so they are asking, ‘Please regulate us.’ It’s because it’s so much more efficient if we had a federal law.”
Even with momentum behind consumers and firms looking for concrete regulations, comprehensive public policy is still a long way away for American consumers, Martin said.
“There’s just so much out there right now that trying to even conceptualize how that could be reined in and brought back under the purview of the consumers control is pretty difficult to fathom right now,” she said.