Loyalty cards and their companion apps are aggressively pushed by supermarkets and stores -- and cafes, florists, bookshops, computer gaming outlets, music stores, gas stations, and restaurants, of course.

The deal is simple: you give those businesses your personal information, and they give you discounts, bonuses, or even freebies for spending money with them.

The question is, what are you really trading for that free cup of coffee?

A Long-Term Privacy Battle

Concerns about loyalty cards are nothing new. Before smartphones and the proliferation of the internet, the loyalty card privacy debate was already brewing. In 2004, then U.K. Home Secretary David Blunkett compared the government's proposed biometric ID cards to supermarket loyalty cards. He was trying to emphasize that the ID cards were safe and didn't contain much personal information. To many though, his comparison worked the other way and compared loyalty cards unfavorably to the unpopular biometric ID cards.

While the plans for the ID cards were eventually shelved, loyalty cards have continued to proliferate. As its been cheaper and easier for companies to collect and store data about you they have found it profitable to do so. Companies have adapted to the smartphone age and now use an app to bring you deals and promotions.

Invading Your Privacy

The entire purpose of a loyalty card is to inspire you to spend your hard-earned money with a particular retailer. While they take their name from the practice of trying to instill loyalty, they often are now used to exploit your data. As with most data collection, the companies aren't usually totally upfront with their tactics -- often obfuscating their techniques behind phrases like "offering you personalized deals" and "rewards for loyalty card holders".

generic sale

It's no secret that our smartphones are an incredibly effective data collection tool that we willingly carry around in our pockets everywhere we go. The vast amounts of data that we generate can be used for your benefit but apps will often request access to a wide range of permissions during installation. The Starbucks Android app is a good example of this. When you go to install the coffee chain's app it requests:

  • Device & app history
  • Identity
  • Contacts
  • Location (approximate & fine)
  • Photos / Media / Files (read & modify)
  • Storage (read & modify)
  • View Wi-Fi connections
  • Receive data from internet
  • View network connections & full network access
  • Control vibration
  • Prevent device from sleeping

How They Use Your Data

Sure, a retailer's smartphone app needs access to your location to help you locate your closest store. But do you know what the retailer then does with that information? The most likely case is that they store it and use it in order to better target products and services to you. They could also use it to profile an area to determine if they should build more stores, as some prominent U.K. retailers did with credit card data.

target store

In these cases the data collected from you definitely benefits the business but does very little for you. The most infamous demonstration of this was when it was revealed that U.S. retailer Target could identify when a woman was pregnant. This resulted in targeted coupons sent to a woman's house where they were discovered by her father who didn't take kindly to Target's tactics. Although there is obvious benefit to offering new mothers discounts on childcare items, disclosing your sensitive data is not appropriate.

Where Does the Data Go?

Although a loyalty card app is associated with a store, the retailer themselves won't often analyze the data themselves. Instead, they will employ third party companies to handle and analyze the data. Data transfer like this is usually protected under the retailer's privacy policy as the transfer is required for their business operations. However, things get a little murkier when companies aim to sell your data.

Before you consent to have your data collected by loyalty card apps, your first port of call should be their privacy policy. The privacy policy will explain how the company collects your data, how they store it, what they do with it, and your rights in relation to your data. Privacy advocates often criticize these policies as they are often writing in long-winded and technical language. This was underlined when artist Robert Sikoryak turned the iTunes Terms and Conditions into a 94-page graphic novel. However difficult the companies attempt to make their privacy policy it is in your interest to try and interpret how safe, secure, and private your data will be.

Data sets are highly valuable in the information age, and are often used to profile us for mortgages, insurance, and even how long we are kept waiting on customer care lines. Let's say you frequent a bar that has a loyalty card app. The app may collect data on when you visit, how long you are there for, and potentially link your spending directly to the app. An insurance company may be particularly interested in purchasing this data and use it to profile you when you renew your premium.

Protecting Your Data

Everyone has a different threshold of what they consider acceptable privacy. If you are comfortable with retailers collecting data through their smartphone app, do you know how they are protecting that data? As technology has become more pervasive in our lives, retailers have had to partly become technology companies. You would be hard pushed to find a store that doesn't accept credit cards, or use digital accounting software as a minimum.

hacked

Almost every day there is news of another data breach, and these aren't coming exclusively from tech companies. The problem is so pervasive that there is even a Wikipedia list of known high-profile data breaches. Included in the list are British Airways, Gap, Starbucks, and Target, all of which provide loyalty card apps.

While financial data is often protected under stringent laws, the same isn't true for the type of data collected from smartphones. Unfortunately these risks aren't just hypothetical. Major retailers have been targets of data theft and large scale hacks. Many of these retailers are unprepared to protect themselves and your data, as they are not technology companies. A recent blog post on password security by researcher Troy Hunt highlighted this problem.

Is the Trade-Off Worth It?

Loyalty cards may not inspire customer loyalty in the same way as they used to. Companies are now profiting in a new way: with your data. The level of data collection you are comfortable with will depend on how you view the benefit of that app. If you use the retailer frequently, and would like to save some money then they might be right for you.

A recent advertising campaign in the UK by the fast-food chain KFC encourages you to download their loyalty card app. In return you receive two free chicken wings, valued at just £0.99 ($1.28). When a company is so determined to have you download their app you have to wonder who benefits. It likely isn't you.

Do you use store loyalty cards? Are they useful? Do you worry about the privacy of these apps? Have you changed your mind? Let us know in the comments below!