A looming threat hangs over Main Street as Congress considers the American Privacy Rights Act. The NRF is calling on Congress to fix the sweeping privacy legislation that could leave Main Street businesses vulnerable to lawsuits.
Safeguarding consumer privacy is one of retailers’ top priorities and has beenfrom catalog mailing lists all the way to today’s mobile apps. That’s because retailers know establishing a loyal and long-term relationship with customers requires more than just providing access to merchandise at prices they are willing to pay. Retailers are required to win customers’ trust in the hyper-competitive marketplace that stretches from Main Street to online. One element of that trust lies in the information retailers gather about customers to better serve them and win their business. NRF supports a consumer-centric approach to data protection under state and federal laws.
There are many ways in which data drives retail and the customer experience:
Consumer information – from addresses to credit card numbers to buying preferences – allows retailers to offer customers products, services, value and convenience that would be difficult to offer otherwise.
Consumers today are increasingly sensitive about the personal information they disclose and expect their information to be handled confidentially.
Virtually all retail customers are willing to trade some personal information for valuable and convenient benefits. This is how customers stretch their dollars and realize tangible benefits beyond the purchase itself.
Retailers go to great lengths to adopt policies and practices that put customers first and invest billions of dollars each year in technology to collect, analyze, use – and protect – customer information.
Government regulations should not restrict benefits and services consumers enjoy in their shopping experiences in the real world.
Like retailers, lawmakers and regulators are concerned about the use, abuse and protection of consumer data. The result has been an increasing number of initiatives ranging from the state level to national to international. In their attempt to protect consumers, however, some of these efforts are so far-reaching that they would interfere with retailers’ ability to offer the customer service Americans demand. Loyalty programs, discounts, free shipping and other benefits are among the most common services threatened by these initiatives. If adopted, consumers could find themselves asked to grant permission to use information every time they visit a store or click on a new web page, and asked to provide the same information repeatedly if retailers are not allowed to retain the information.
Americans are more comfortable with data sharing than policymakers understand. They are savvy shoppers and quite sensitive to the types of information they are willing to share in exchange for retail services and benefits. Americans reject bothersome requests, intrusiveness and hidden programs, but favor transparency, convenience, discounts and value. Many of the new laws and regulations being adopted threaten the dividends consumers receive for selectively sharing their data.
With the California Consumer Privacy Act now in effect and the possibility of similar legislation being passed in other states, Congress is renewing efforts to pass a federal law that would set uniform national standards and preempt state and local laws on the issue. NRF supports the concept of such legislation but believes it should cover all entities that handle consumer information – including financial institutions, telecommunications providers and others – rather than just retailers.
The California Consumer Privacy Act took effect in 2020, placing sweeping restrictions on how retailers and other business collect and use information about their customers. Among other issues, private citizens are able to sue over violations, opt out of having data shared, and demand that their data be erased. While the law currently applies only to companies with locations in California or doing business online with Californians, NRF is concerned that it could become a model for other states or Congress.
The General Data Protection Regulation is a European Union law that sets out changes to almost every aspect of consumer data processing. While the measure is aimed primarily at EU-based businesses, it also applies to companies from any country in the world that have stores in Europe, target sales to Europeans over the internet or track Europeans online. It therefore has significant implications for many U.S. retailers.
Among other privacy issues, Congress is debating how consumers are notified when sensitive data such as Social Security, driver’s license, bank account and credit card numbers are breached. NRF strongly supports creation of a uniform national data breach notification law that would replace the dozens of conflicting and confusing state laws currently in place across the country but is concerned because financial institutions and some other industries have sought to be exempted from the legislation. In order to truly protect consumers no matter where data is breached, NRF believes any national data breach law should cover all entities that handle consumer data, not just retailers.