Bloomberg reported Thursday that Google has been using Mastercard credit card transaction data as part of the store sales measurement analytics that it has made available to some retail advertisers. That’s not really news. The reporter’s angle is that “most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking.”
This story picks up the narrative of the AP article on Google’s use of location history from a couple of weeks ago. That basic narrative is: consumers are being deceived by marketers. That’s a blunt assessment that lacks nuance. Yes, consumer privacy is critical but we should be careful about suggesting every situation equals “deception.”
Last year the Electronic Privacy Information Center (EPIC) filed an FTC complaint about Google’s store sales measurement program. In the complaint, EPIC asserted that Google had access to “sensitive information about consumer purchases, health, and private lives”:
Google has collected billions of credit card transactions, containing personal customer information, from credit card companies, data brokers, and others and has linked those records with the activities of Internet users, including product searches and location searches. This data reveals sensitive information about consumer purchases, health, and private lives.
However, Mastercard does not turn over nor does Google receive personal credit card transaction data. The two companies have encryption and anonymization measures in place to protect the identities of individuals. In the background, ad exposures are being matched to in-store transaction data, yes, but it’s occurring at an aggregate and anonymous level.
Mastercard doesn’t tell Google that I, Greg Sterling, purchased Nike shoes in Dick’s Sporting Goods on August 31. Instead, I’m part of an anonymous mass audience that was exposed to an online Nike or Dick’s campaign (hypothetically) and then, if I buy the shoes, I’m part of another aggregate audience that purchased the shoes in the store. The advertiser sees percentages and large numbers; there’s no individual data reported by Google Ads. Indeed, advertisers — especially the large national brands that are part of this program — are not interested in individuals; they’re interested in scale, mass audiences.
In the “offline world,” credit card purchase data has been used for marketing and audience profiling for years. In this new more privacy-sensitive climate, however, the fact that Mastercard has been selling transaction data to Google “behind the scenes” reinforces the deception narrative.
Yes, Mastercard probably should inform its customers that aggregate purchase data is used for reporting purposes (all the major credit card companies are doing a version of this). But individual purchase data is not accessible to Google.
Google is far from the only marketing company involved in the use of consumer transaction data. Facebook and a wide range of third parties are part of a larger ecosystem that use location and purchase data.
IRI, as just one another example, uses loyalty card data to confirm in-store purchases. Kantar has this same capability. And Catalina enables ad targeting based on in-store purchase behavior. However, audiences in all of these cases are anonymous and operate at scale.
For too many years many marketers had a cavalier attitude toward consumer privacy. Now that’s coming back to haunt them.
Consent and disclosure should be bedrock principles in any privacy framework; we probably do need some new federal regulations with clear disclosure and consent guidelines for marketers and data providers. But we should not paint all consumer-data usage scenarios with the same broad brush, as attempts to “deceive” the public.