Store loyalty cards, while offering benefits such as discounts and rewards to consumers, also raise several privacy concerns. For what is often a minimal incentive, they encourage many consumers to hand over valuable intelligence about themselves and their behaviour, often without even reading the small print. As a result, many people are completely unaware of how their data is being used, and by whom when they sign up for loyalty cards. More worrying still, the average citizen also appears to inherently trust that organisations will handle their information responsibly.
Commercial organisations are eager to try to build more detailed profiles of their customers in a bid to market and sell to them, thereby increasing their profitability. These detailed profiles of their customer base can aid them in undertake so-called behaviour analytics.

The main privacy issue with loyalty cards are as follows:

1. Data Collection: When customers sign up for loyalty cards, they often provide personal information such as their name, email address, phone number, and sometimes even more sensitive data like their purchasing habits and preferences. This extensive data collection raises concerns about how this information will be used and shared by the store or potentially sold to third parties.
2. Tracking Purchasing Habits: Stores can track every purchase made using a loyalty card, creating detailed profiles of customers’ shopping habits. This data can be used to target advertisements or promotions, and in some cases, it may even be shared with third-party marketers or advertisers without the customer’s explicit consent.
3. Loss of Anonymity: Loyalty card programs eliminate anonymity in shopping transactions. Instead of being able to make purchases anonymously, every transaction is tied back to the individual’s loyalty card account. This loss of anonymity can be unsettling for consumers who value their privacy.
4. Risk of Data Breaches: The vast amounts of personal data collected by stores through loyalty card programs make them attractive targets for hackers and cybercriminals. If the store’s database is breached, customers’ personal information could be compromised, leading to identity theft, fraud, or other forms of misuse.
5. Lack of Transparency: Many consumers are unaware of the extent of data collection and tracking associated with loyalty card programs. Stores may not provide clear information about how they collect, use, and share customer data, making it difficult for consumers to make informed decisions about whether or not to participate.
6. Potential for discrimination: There is a concern that data-driven personalisation may inadvertently lead to discriminatory practices. For example, certain customers may receive better offers or promotions based on their demographics or spending habits, creating an unequal playing field.
7. Difficulty in Opting Out: Even if customers become concerned about their privacy and want to opt out of a store’s loyalty card program, they may find it difficult to do so. Some programs make it challenging to cancel accounts or remove personal information from their databases, leaving consumers feeling trapped in a system that compromises their privacy.

Discrimination through loyalty cards

Tesco and Sainsbury’s have been criticised for effectively forcing shoppers to sign up for its loyalty scheme by charging non-members much higher prices. The chain even barred one man from entering a store at all because he didn’t have the mobile app or Clubcard.
Companies have access to personal information, purchase history, location, financial information, even biometric data and behavioural inferences. This allows them to social profile their customers in detail. This personal data can be shared with third parties with the customer unaware of the privacy implications of their personal data being used by other organisations for social profiling.
As such technology becomes mainstream, privacy campaigners are fighting back. In July 2022 the privacy group Big Brother Watch submitted a complaint against Southern Co-operative for its use of facial recognition cameras in 35 of its stores for this reason.
Privacy campaigners are unimpressed by supermarkets’ attempts to recruit new members by offering lower prices on food in store to cardholders only: “The growing trend of retailers forcing customers to use loyalty cards just to access special offers and discounts during a cost-of-living crisis is worrying,” said Jake Hurfurt, head of research and investigations at privacy advocacy group Big Brother Watch. “Customers should be able to freely choose whether they want to hand over their data to big companies, rather than feel pressured by the promise of huge savings on their shopping bills”.

Privacy Concerns Loyalty Apps

It’s no secret that our smartphones are an incredibly effective data collection tool that we willingly carry around in our pockets everywhere we go. The vast amounts of data that we generate can be used for your benefit, but apps will often request access to a wide range of permissions during installation. The Starbucks Android app is a good example of this. When you go to install the coffee chain’s app it requests:
• Device & app history
• Identity
• Contacts
• Location (approximate & fine)
• Photos / Media / Files (read & modify)
• Storage (read & modify)
• View Wi-Fi connections
• Receive data from internet
• View network connections & full network access
• Control vibration
• Prevent device from sleeping
Data sets are highly valuable in the information age, and are often used to profile us for mortgages, insurance, and even how long we are kept waiting on customer care lines. Let’s say you frequent a bar that has a loyalty card app. The app may collect data on when you visit, how long you are there for, and potentially link your spending directly to the app. An insurance company may be particularly interested in purchasing this data and use it to profile you when you renew your premium. But I doubt people understand how much data is being collected, how it could be used, how it might be sold to other companies, how third parties might have access to it. Similar information coupled with movement tracking and other pieces of information allows retailers to build a convincing profile of a customer and target them with ads.
Some experts fear that accurate profiles allow traders to have an advantage over unsuspecting customers, nudging them to behave in ways that correspond with the retailers’, rather than shoppers’, interests.
Dave Hatter, a cybersecurity expert at the Cincinnati-based cybersecurity company IntrustIT said that it is doubtful that people who use loyalty programs are aware of the scale of data collection that retailers take part in. “I know some of these companies use third parties to analyse this data. They’re selling it to other companies. They’re combining it with data from other data brokers and so forth to create a more complete profile,” he explained.
I think probably everyone has at least a very high-level understanding that they’re exchanging the information about all the stuff they’re purchasing with. But I doubt people understand how much data is being collected, how it could be used, how it might be sold to other companies, how third parties might have access to it. I know some of these companies use third parties to analyse this data.
If they buy data from Facebook, Google data brokers, et cetera, and they have 5,000 data points on you, and they have four- or five years’ worth of everything you’ve ever bought. They’re going to know more about you than you do.
They’re going to know precisely what you’re likely to do next. They’re going to know exactly how to convince you to buy certain things. I don’t think the average person who’s not in technology realizes how much data is being collected, how that data could be used to influence you to nudge you.

Offers Are Not What You Think They Are

Tesco and Sainsbury’s are using potentially dodgy tactics on some of their loyalty offers which can give the impression that savings are more substantial than they really are, a new Which? investigation suggests, as the consumer champion finds some customers are being denied access to member discounts altogether.
Which? has shared its findings with the Competition and Markets Authority (CMA) and asked them to look at whether supermarkets could be hiking their ‘regular’ prices to make loyalty scheme customers feel they are getting a discount.
As part of the investigation into retailers’ growing use of promotions attached to loyalty card schemes, the consumer champion analysed 141 Clubcard and Nectar card prices at Tesco and Sainsbury’s and tracked their pricing history back six months. It found that around a third (29%) of the member-only promotions were at their so-called ‘regular’ price, less than 50 per cent of the six-month period.
Among the potentially dodgy deals uncovered by Which investigation, Sainsbury’s advertised a jar of Nescafé Gold Blend Instant Coffee (200g) for £6 with a Nectar card – a saving of £2.10 on the ‘regular’ price of £8.10. But the regular price had also been £6 at Sainsbury’s until it went up to £8.10 just two days before the Nectar price launched. Which? also found the ‘regular’ Sainsbury’s price was much higher than at other supermarkets. At Asda, the same jar was £7, while at Morrisons, Ocado and Waitrose it was £6, £5.99 at Tesco and £5.49 at Lidl.
Overall, Which found a third of the products at Sainsburys (34% of 71 products) were the ‘regular’ price less than half the time over the previous six months. At Tesco, it was a quarter of the products Which? looked at (24% of 70 products).

Where Does the Data Go?

Although a loyalty card app is associated with a store, the retailer themselves won’t often analyse the data themselves. Instead, they will employ third party companies to handle and analyse the data. Data transfer like this is usually protected under the retailer’s privacy policy as the transfer is required for their business operations. However, things get a little murkier when companies aim to sell your data.

Who Really Benefits Form Loyalty Cards

A recent advertising campaign in the UK by the fast-food chain KFC encourages you to download their loyalty card app. In return you receive two free chicken wings, valued at just £0.99 ($1.28). When a company is so determined to have you download their app you must wonder who benefits. It likely isn’t you.
Using data and technology to personalise a shopping experience, create a more impactful in-store experience, or generate a new income stream may seem like low hanging fruit for the retail sector. But the importance of privacy can’t be ignored.