To comply with California’s new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here’s an article about Ralphs, a California supermarket chain owned by Kroger:
…the form proceeds to state that, as part of signing up for a rewards card, Ralphs “may collect” information such as “your level of education, type of employment, information about your health and information about insurance coverage you might carry.”
It says Ralphs may pry into “financial and payment information like your bank account, credit and debit card numbers, and your credit history.”
Wait, it gets even better.
Ralphs says it’s gathering “behavioral information” such as “your purchase and transaction histories” and “geolocation data,” which could mean the specific Ralphs aisles you browse or could mean the places you go when not shopping for groceries, thanks to the tracking capability of your smartphone.
Ralphs also reserves the right to go after “information about what you do online” and says it will make “inferences” about your interests “based on analysis of other information we have collected.”
Other information? This can include files from “consumer research firms” – read: professional data brokers – and “public databases,” such as property records and bankruptcy filings.
The reaction from John Votava, a Ralphs spokesman:
“I can understand why it raises eyebrows,” he said. We may need to change the wording on the form.”
That’s the company’s solution. Don’t spy on people less, just change the wording so they don’t realize it.
More consumer protection laws will be required.
*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2020/01/customer_tracki.html