Document Type



Explosive growth in technology has brought a unique opportunity to the doors of brick-and-mortar retail—a nearly $3.38 trillion industry struggling to regain relevance among modern, digitally enabled shoppers. Specifically, in-store analytics, or shopper tracking technologies, are allowing these retailers to better compete with online stores by tapping into consumer data unprecedented in the brick-and-mortar context. With these technologies, stores now have access to detailed metrics, like consumer dwell times, journeys, product engagement, product views, and demographic data such as age and gender, which can be used to optimize store operations and marketing and promotions.

Recent events, however, including a string of data breaches and the passage of strict privacy laws in Europe and California, have renewed efforts for broad information privacy reform that could have deleterious consequences for these technologies. This Note examines the current state of privacy law; two approaches to information privacy reform that appeared before the 116th Congress, namely consumer control and business accountability; and the potential impact of these two regulatory approaches on in-store analytics technologies. It concludes that properly balancing consumer privacy and business interests through regulation requires more than a one-size-fits-all federal band-aid. Instead, it proposes starting with targeted federal acts aimed at the bigger gaps and outliers in existing information privacy law, like brick-and-mortar technologies. Addressing in-store analytics, specifically, it recommends federal regulation focused on business-accountability and expanded FTC powers, and it outlines specific considerations for a targeted act.