Data Privacy Laws
Fashion & Retail Need to Prepare Now
For nearly a year, consumers have been spending more time online — and generating more data with every minute that passes. Companies like to mine that data to send targeted ads with personalized product offerings. But consumers are becoming more aware that their digital lives aren’t completely private and that’s sparking concern, whether they’re on their mobile phones, computer, or talking near a voice assistant like Amazon’s Alexa.
That’s because while ecommerce transactions help connect brands with consumers, those digital journeys are captured by retailers, data companies, data brokers…. Now, after a year that had people hiding behind masks and closed doors, analysts say businesses have a responsibility to make sure consumers aren’t exposed online. The U.S. doesn’t have a comprehensive federal law regarding data privacy. But companies that maintain data security measures and are transparent about what they collect stand to foster a better relationship with shoppers during this difficult economic climate.
"Consumers are generating more personal data through the use of devices. And the businesses that power that connectivity inevitably collect and store that same data."
Executive Director, NCSA
The National Cyber Security Alliance (NCSA) held its annual Data Privacy Day in January to highlight ways to safeguard consumers’ personal information and stress the importance of data privacy. This year, the group urged individuals to “Own Your Privacy,” while advising businesses and organizations to “Respect Privacy.”
“The pandemic has ensured that people all over the globe are more connected now than ever before,” said the NCSA’s Kelvin Coleman, executive director. “Consumers are generating more personal data through the use of devices. And the businesses that power that connectivity inevitably collect and store that same data. Data Privacy Day’s main objective is to be a yearly call-to-action; one that spurs discussion, reevaluation and awareness about how people can keep themselves and their data safe, and to show organizations that accountability, transparency and a commitment to fair and legitimate data collection practices will ultimately lead to enhance public trust and better brand reputation.”
Online privacy has been a concern ever since consumers realized that if they looked at a product on one website, an ad for the item would follow them around the web for days. Even though consumers want a Google search to give them the best results for a particular product, they don’t want Big Tech companies tracking their every move. A McKinsey & Company report states 90 percent of consumers are “concerned about their online privacy, and nearly 50 percent have limited their online activity because of privacy concerns.”
When shopping for clothes online, just 51 percent of consumers are “very or somewhat satisfied” with the privacy given to their personal information, according to Cotton Incorporated’s Lifestyle Monitor™ Survey (January 2021). They have a higher rate of satisfaction (58 percent) regarding the security of using credit or debit cards to make an online purchase.
But in the coming year, nearly a third of consumers (29 percent) say they plan to purchase more clothes online than they did last year, while 33 percent expect to simply browse more, according to the Monitor™ Survey.
Ecommerce grew 28 percent in 2020, according to ROI Revolution, an ecommerce-focused digital marketing agency, and is expected to grow 14.3 percent in 2021. That spells more data that needs to be warehoused.
In a Wirecutter column that ran last May in the New York Times, writer Thorin Klosowski detailed how, after the California Consumer Privacy Act was enacted, he requested his data from more than 30 companies, including Amazon.
“It won’t surprise anyone that Amazon collects and stores everything you do on Amazon,” he wrote. “The company has a list of everything I’ve purchased or returned, everything I’ve watched on Amazon Prime video (including what device and location I watched it from) and everything I’ve searched for on Amazon (including if I clicked an internet or external link). It tracks every customer service email and chat. It tracks everything you can imagine it tracks and some things you might not.”
That means one U.S. company has an awful lot of data on the average consumer. Here in the U.S., more than 2 in 3 consumers (72 percent, up significantly from 66 percent in 2020) say they shop for clothes on Amazon, be it to browse or make a purchase, according to the Monitor™ survey. In fact, the majority of consumers say they prefer to purchase clothes online at Amazon (56 percent), followed by Walmart (22 percent), Target (18 percent), Kohl’s (15 percent), Macy’s (14 percent), and eBay (9 percent).
A report from the Ponemon Institute, a research center dedicated to privacy, data protection and information security policy, found that to increase trust in online sites, 70 percent of consumers “want to be explicitly required to opt-in before the site shares or sells their personal information.” And 64 percent say “advertisers should not be allowed to build a profile of me for targeted ads unless I grant permission or opt-in.”
McKinsey suggests businesses ask themselves questions such as “How are you ensuring the secure operation of your cloud environment?” or “How complete is your security-and-privacy technology stack, and how do you determine this?”
In a discussion during NCSA’s Data Privacy Day, Rita Heimes, general counsel and data protection officer for the International Association of Privacy Professionals (IAPP), spoke about “Creating a Culture of Privacy” within an organization. She said getting the language right is important when businesses inform shoppers they have the customers’ data, and asking if the customers would like to see it.
“You can be inviting. ‘It’s your data, you’ve trusted it to us and any time you want to know what we have, we can tell you, we can show you,'” she stated. “These are all legal obligations now. Why not be more inviting? Why not be more transparent that these are options for your customer? As consumers begin to understand their own rights, if you’re already set up for it, you can deal with this more smoothly.”
Heimes also points out that California’s Consumer Privacy Act should be a wake up call that America’s individual states are going to be adopting standards like the General Data Protection Regulation (GDPR) adopted in Europe in 2018.
“There have been several federal privacy bills, a lot of which have legs, a lot of which have bipartisan co-sponsorship,” Heimes said. “And now that we more or less have party alignment across both houses and the White House, the chances are better than they’ve ever been that there will be federal privacy legislation. So that shouldn’t be a surprise when it happens. That’s what [businesses] should be getting ready for.”