The NSA may be grabbing most of the privacy-invasion headlines these days, but some experts see a threat from another source: the supermarket checkout line. Loyalty cards—swiped at checkout to receive discounts at most of the city’s chain groceries and drugstores—are helping retailers build a mammoth archive detailing everything you ever bought. “The concern is that this personal information will be used for some purpose outside your expectations,” says Chris Hoofnagle, director and senior counsel at the Electronic Privacy Information Center.
For one thing, who knew your shopping list could be used against you in court? Loyalty-card data have been subpoenaed: In one case, a Washington man was falsely accused of arson after grocery records indicated he had bought a fire starter. But the real concern is a different kind of self-incrimination. Actuaries have long sought reliable information to predict who is at risk for heart disease and other ailments; the fear is that insurance companies will raise rates for shoppers with bacon and Mallomars habits. In 2001, the supermarket chain Stop & Shop tested a program called SmartMouth (discontinued soon afterward) that used customers’ purchases to create a nutritional profile for them. Eating too much sodium, too few vegetables? The program would tell you. According to an article by Katherine Albrecht in the Denver University Law Review, a Stop & Shop executive admitted that the company had been considering partnering with “three or four” HMOs to make use of the SmartMouth data.
Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), an advocacy group founded in 1999 by Albrecht, who has testified before the Federal Trade Commission, works to keep Stop & Shop–like “partnering” from happening. “I think a lot of people in the insurance industry would like to see it happen,” says CASPIAN associate director John Vanderlippe.
Not so, says Larry Akey, spokesperson for Washington, D.C.–based America’s Health Insurance Plans, an association representing 1,300 health-insurance providers. “We’re not aware of any insurance companies that would have interest in the food-purchasing habits of customers,” Akey says. Michael Sansolo, a senior VP with the Food Marketing Institute, a supermarket trade group, says, “All the retailers I talk to recognize that customers are concerned about privacy.” And at least one retailer, Whole Foods, did away with its card program after listening to customer concerns.
Most every chain grocery and drugstore in the city offers a program, including D’Agostino’s D’AG Rewards, the Food Emporium’s Gold Points, Duane Reade’s Dollar Rewards, Gristede’s Diamond Value Club, and CVS’s ExtraCare. The stores say that the programs are simply used for inventory control and to reward frequent shoppers. Nicholas D’Agostino III, owner-president of D’Agostino Supermarkets, estimates that 75 percent of his shoppers use the card and says, “D’Agostino’s policy is ironclad. We’re not sharing the information with anyone else.” But as CASPIAN’s Vanderlippe points out, “Once the data’s been collected, it has a nasty habit of never going away.”