Do shoppers really know where their data goes after the checkout?

Shops are heavily investing in the promise that they can become full-on media businesses that can monetize shopping insights and their media space, and loop advertising activity in with the point of sale.

That’s the promise, at least, but can advertisers really dig through your receipts indefinitely?

The scale of retail

According to IAB Europe, the number of online retail media networks in Europe doubled between 2020 and 2022 to almost 90. From the most established supermarkets to the pluckiest e-tailers, if there’s a sizeable audience and desirable inventory then there’s now a retail media network (RMN). And that is echoed in the projected growth, with the IAB claiming that by 2026 retail media spend could be as big as TV spend in Europe.

When we ask experts about this sudden scale, Nick Henthorn, vice-president of sales at clean room technology firm InfoSum, tells us there are three reasons retail media is rising. Firstly, he says, the adoption of programmatic adtech into retail businesses makes it viable to build these businesses. Meanwhile, retailers have had the foresight to turn shopper data into first-party data with a clear advertising use case as third-party identifiers erode. And finally, clean room tech like InfoSum’s is making it easier for data collaborations to occur between media owners and retailers.

Laura Badea, the digital commerce partner at media company Wavemaker, says retail media is enabling it to ”directly match customer ID data with impressions,” which is helping it ”optimize advertising budgets”. Jason Wescott, who heads up Xaxis’s global commerce practice, is meanwhile more concerned about its limitations, saying: “If retail media is to scale to the levels we want, it has to be more open and combined so everyone can combine as a single source of truth… or it will be ridiculous.”

For Luke Stanford, head of retail media at Zenith’s Performics, there are fears that there may be a formation of ”an industry of walled gardens... which can cause challenges with measurement... [thus] creating a complex space of multi-channel attributions.”

In short, for retail media to fully win over marketers, there has to be an ability to join the dots on shopper behavior across retailers... and where there’s dot-joining, there's an inherent privacy risk.

What advertisers know about you

If you’re a member of a loyalty scheme you should take a closer look at the terms and conditions you hastily agreed to. Your data will be informing advertising and will be shared with external partners.

There is a value exchange – in theory. For access to supposed discounts, your shopping habits are dissected and categorized to catalyze more consumption and prove that previous ad placements worked.

As intrusive as that sounds, there are some restrictions in place designed to protect your anonymity. A biscuit brand couldn’t personally pay a retailer to find out how many times John McCarthy buys biscuits each month in order to target me with ads. It’d be illegal and, at that scale, would do little to move sales either way.

However, as a user of a retailer loyalty scheme, I am more likely than not to have opted in for advertising activity. But to be compliant with current privacy legislation, retailers anonymize and segment their audiences. I become user number 347,909 and then identified as a frequent biscuit buyer among a cohort of 7,001 other frequent biscuit buyers. There’s a minimum audience size here too to reduce chances of identification.

User 347,909 of course provided a home address, a postcode and an almost complete purchase history (sometimes the app doesn’t load in the store). So the retailer knows where you are located, it knows what types of products you buy, brand preferences (useful for competitors) and whether you are a loyal or lapsed customer of such a product. It can work out whether you are a single person or a family based on food volume purchases or whether baby products are purchased. Any individual could literally sit in numerous segmentations, by demographic or product habits. User 347,909 is so much more than the biscuits he eats. He buys a certain beer brand before major football events. And buys marinated meat when the temperate reaches a scorching 10°C.

Now, as intrusive as this all is, there is some good news. Audiences can’t be created for sensitive issues such as medical brackets or even smokers. Health data is worth protecting – see this case in the US about anti-abortion ads being targeted at women entering clinics that offer abortion.

So the retailer has built this database, it can run ads across its own network, which includes in-app, online, in-store and in your inbox. But there’s only limited media for it to use – it gets a lot of traffic, but only a slither of the potential audiences, so some also buy ads across the internet and social. Retailers will attempt to match their data with the data on these platforms and find a sizeable amount of their customers on their devices. The users must also have opted in to these services.

This approach is becoming more common.

• How The Trade Desk’s new Ocado deal aims to ‘expand the definition’ of retail media

InfoSum’s Henthorn acknowledges that, once the data is gathered, its application is where further privacy concerns are. ”Traditional matching methodologies that rely on data sharing and commingling could potentially create a privacy breach by their very nature.”

In the UK, InfoSum has been working with the two largest BVODs, alongside two of the nation’s biggest loyalty schemes in Tesco and Boots, to create sizeable cohorts. While it is still early days, Henthorn sees a future where retailers and broadcasters could be more collaborative, matching a greater volume of profiles and unlocking more marketable insights on them. But, he admits, clean room efforts mean nothing if the data isn’t already gathered in a compliant manner.

Writing in The Drum last week, InMobi‘s Todd Rose went deeper, arguing: ”The longer-term issue with today’s clean rooms is that they require you to trust an intermediary to steward and protect data. While it’s better than trusting a non-neutral counterparty, it still means handing over the reins to your data and it’s still vulnerable to data breaches.”

What marketers admit off record about retail media

It took regulators decades to catch up with the privacy concerns facing user privacy on the internet. New movers into the booming retail media and CTV spaces have breathing space, for now, ahead of any incoming bespoke regulation. In Europe, GDPR will cause the most common headaches, with retailers having to outline a legitimate interest (specific business cases) in processing and sharing select data.

As such, they’ve to find a balance between profitability and future-proofing their model against rising regulation tides. There’s also customer experience to account for – how will they feel when they start getting retargeted with their favorite biscuits while they’re on a diet, for example?

For the anonymous sources we spoke to, however, the biggest privacy challenge facing retail media is its consent-gathering apparatus, which by many accounts has been stapled into existing apps and loyalty schemes. Some wonder whether retailers might be falling down the ’forced consent’ pitfall. Do we really agree to this use of our data when we accept the T&Cs? Does the average shopper know their trusty old loyalty card is enabling brands to target them across the web, on addressable TV and throughout social?

Advertisers would argue that they are providing a relevant ad experience – someone who enjoys biscuits, for example, would probably be interested in a promotion at their local supermarket. That could arguably be an improved and more relevant ad than what they’d likely see targetted via a third-party cookie.

One adtech veteran, speaking off the record, wonders whether all 90 of the EMEA RMNs can honestly say they are correctly capturing consent for these purposes. More than a minor update to the T&Cs is needed to inform shoppers that their trolley activity might inform advertising. ”It’s a very gray area.”

A data expert at a top retail media network opened up too, saying that despite all the talk about clean data processes, a good deal of the data is still being plugged into Facebook and Google. Are all 90 of these retailers properly anonymizing and processing this data before broad transmission through the world’s largest ad platforms?

The data expert claims that data processing is a lot more manual than the industry would have users expect. ”It’s a bit like a dark art.”

Ironically, those concerns aside, it may be the sheer volume of legalese required to process these operations that hurt compliance. While top retailers are ”particularly good” at ensuring shoppers are properly opted in for retail media advertising, they have their difficulties. Every little change to the deals, partnerships and distribution of the data technically has to be announced. Any opt-ins predating retail media expansions likely don’t offer consent for the latest use cases. ”The technology is accelerating so quickly, you’re constantly having to update your privacy policy and have it opted into,” explains our data expert.

Speaking frankly, they admit that until policies like GDPR pay more attention to this burgeoning new media. ”We’re all trying to find the loopholes before they get closed.”

Sign up for the Media Agency Briefing for a weekly through the biggest questions facing the industry. And check out more from The Drum’s latest Deep Dive, where we’ve been demystifying data & privacy for marketers in 2023.