RILA On How United States Retailers Are Responding To Changing Privacy Rules

omnichannel retail

Merchants often find themselves caught in the middle as states from New York to California pass data security laws. In our latest Merchants Guide To Navigating Global Payment Regulations, PYMNTS speaks to Nicholas Ahrens, vice president of innovation for the Retail Industry Leaders Association, on how merchants can remain compliant without sacrificing their competitive edge.

California Consumer Privacy Act (CCPA), Washington Privacy Act (WPA) and other new privacy and online transaction standards are changing how businesses interact with consumers’ data in the U.S. Retailers are dutifully speaking with their payment service providers (PSPs) and industry partners to adhere to these shifts, but they must also keep their customers’ experiences in mind. Personalized experiences require merchants to have access to data — a crucial resource in helping them distinguish themselves from competitors.

The nation’s ongoing debate about privacy is similar to that which took place in the European Union prior to PSD2’s and GDPR’s introductions. U.S. states are starting to implement new standards, too, with the CCPA introduced two months ago and WPA on the path to ratification in Washington. The critical question, then, is not whether retailers can comply with these rules, but how they will do so while remaining competitive, Nicholas Ahrens, vice president of innovation at U.S. retailer trade group, Retail Industry Leaders Association (RILA), told PYMNTS in a recent interview.

“There is a core element of the retail business that is unchanged, which is [that] their Number One objective is to serve customers and to make sure that customers have the best possible experiences on whatever platforms [with which] they’re engaging,” Ahrens said. “Modern retail is not just a physical store thing or a mobile thing or an online thing. It is all of those things connected and integrated, and it is data that enables all of that to happen.”

Merchants must make sure their customers’ experiences match those belonging to international retailers as well as local brands, he continued. That means they must determine which data is available to them and how it can be used to cultivate relationships with consumers wary of sharing personal details.

Retailers And Data’s Role  

Data is being sent at an unprecedented rate — one of the main reasons there are so many rules surrounding its flow between merchants, businesses and consumers. However, this inundation of laws is creating uncertainty among merchants who want to keep their processes compliant.

Privacy conversations are old hat for retailers, Ahrens noted. Questions on how to keep data secure are expected, but those regarding usage transparency or which elements they can access are somewhat new.

“We maintain a privacy leaders council with the heads of privacy as well as payments communities, [and] this is never a new conversation,” he said. “This is an ongoing conversation, so I think that as different states put out different proposals, we can continue to bring [other elements] in. But, these [proposals] are not plucked from the ether. … These are proposals that [come from] things we know and have seen and have also had conversations about.”

Retailers rely on access to online buying, browsing and purchasing habits to market their goods or services and personalize existing customers’ experiences. Most of the rules that state governments are discussing concern how to manage such data as information and as a critical resource. These approaches differ from state to state, but retailers’ priority — enabling competitive experiences — remains the same regardless of how robust privacy laws may be, Ahrens explained. Merchants must hang onto consumers’ trust, which can be difficult when data rules rapidly develop.

“[Retailers] know retaining consumer trust is vital,” Ahrens said. “Every interaction is increasingly important because you are not just appearing as a retailer interacting with the market [or] just competing against fellow retailers. You are [also] competing against all the customer experiences that your customer is having. So, whether it is their engagement with [a major streaming provider] or otherwise, they
are comparing the customer experience they’ve had with you against those [companies].”

Retailers also typically have more personal relationships with consumers as they deal more directly with them than regulators. Merchants are the first to bear the financial and other consequences when consumers are dissatisfied, and customers expect seamless experiences no matter how well-versed they are in the intricacies of open banking and security standards.

Consumers And Privacy Changes  

More consumers may also expect greater access to their information in the wake of sweeping changes like GDPR and PSD2. This may be due more to the security threats they face when conducting conversations and business online, however.

“What I do think is changing are consumer attitudes, generally,” Ahrens said. “I actually do not think it is because of the law. I think it is because of broader [consumer] awareness about the technological landscape, and so whether that is from [social media or analytics companies] or other interactions that folks have, I think people are just so much more conversive about technology. It is more of [their] daily life … and I think that, for many retailers, it changes [their] consumer interactions.”

Rising consumer sensitivity to which companies hold their data and why is familiar to retailers, but the conversation carries somewhat higher stakes in the U.S. The country’s standards are lacking compared to other markets in which local citizens already enjoy protections, such as the EU.

“In the broader privacy landscape, I think, obviously, Europe is the pacesetter for the world in this space,” Ahrens said. “There was a time when the U.S. and Europe were both trendsetters of the privacy landscape [but], very clearly, it has swung in the direction of Europe. When you look at Brazil and other countries [that] are looking for data privacy regimes, they are emulating [those seen in the EU].”

It is unclear how many privacy rules state regulators are looking to implement, but what retailers and consumers want from these rules — increasingly transparent data access and control — stands out. Merchants will thus need to work with regulators to ensure both groups’ interests remain protected.