Technology is transforming the retail experience. However, retailers implementing cutting-edge technologies should be alive to the fundamental legal considerations and activities involved in facilitating those implementations and, in particular, have an awareness of the legal data and privacy issues in play. In this article, we explore some of the biggest technology trends identified in our 10th annual Retail Trends presentation (webinar and insights) to uncover the some of the key data privacy issues businesses should be thinking about before rolling out new technologies in 2022.

Autonomous delivery

Though autonomous delivery isn’t new, the pandemic triggered a renewed focus on finding options to reduce human contact and manage increased customer demand, along with logistics pressures and staffing considerations. Fully autonomous robots and drones that can navigate new areas and obstacles on their own could be a potential solution, however, they are mostly still in the technical phase of development and do not have full legal approval. For example, early in 2021, the UK Civil Aviation Authority approved trials to test remote piloting of drones to deliver PPE and coronavirus test kits to difficult-to-reach areas – a step in the right direction, but not entirely autonomous as human input is still required to be piloting the machine.

Even if and when wholly autonomous delivery technology is legal and more widely available, there are concerns that adopters should be thinking about beyond the obvious questions of liability in any accidents. Questions such as, what happens if the cameras record protected buildings or art which infringes IP law? What are the rights and restrictions regarding the deliberate or incidental recording of individuals, especially where there are certain expectations of privacy? Businesses will also need to consider how they will store, use, share and monetise the data they do collect, as well as the cybersecurity concerns each individual machine could pose to their network.

Check-out free stores

We’re already seeing grocery stores and internet giants implementing check-out free stores around the world. At the most basic level, these stores use cameras and software to monitor and automatically charge customers for the products they carry out of the door without the use of a till or other check-out mechanism. Such ‘frictionless shopping’ technology reduces the time that customers have to wait in queues, allows employees to focus on the customer experience, and reduces the instances of undetected shoplifting.

However, there are serious legal implications to consider. For this technology to work, the program needs to be able to accurately shadow a customer which necessarily requires some sort of data to be collected and tied to an individual, which makes it ‘personal data’ under data protection regulations. Many businesses already struggle with understanding what data they collect and fully complying with their data processing obligations, and the compliance burden will only become even more difficult as check-out free technology expands. Most solutions will be implemented by third-parties and each party will need to be clear on their data rights and obligations and contractual obligations in every scenario.

If the technological concerns weren’t enough, the impact of artificial intelligence or the use of data for behaviour analysis and targeted advertising raises additional considerations around fairness and transparency, consent, potential sensitive personal information, and potential employment law considerations.

Virtual and augmented reality 

Even before the metaverse, there has been ever growing interest in virtual reality (VR), augmented reality (AR), and mixed reality (MR) as the technology has improved and public sentiment has softened. Although these technologies offer retailers new and exciting spaces and contexts in which to market, sell and create customer relationships, they come with their own legal considerations.

At the very basic level, there is an incredible amount of data created and processed as a necessary part of understanding and integrating the physical and digital worlds. This introduces concerns around privacy, and security more broadly, as there is more information which needs to be managed and secured. Businesses may want to rethink the current approach of putting the onus of privacy control on users and begin much more proactive privacy management as they begin to play with these new tools.

Similar to the discussion around physical stores, there are privacy concerns in tracking users through the environment. However VR headsets and suits, for example, will likely also track biometric data such as heart rate, eye movement, and pupil dilation, all of which marketers have already identified as incredibly valuable information. This data can be used to understand a person’s attention, interest, and emotion to stimuli which could lead to other biometrically-derived data such as a person’s age, health, and sexual attraction. The privacy implications of businesses having access to this kind of personal sensitive data has not been considered by legislators in any detail, and it is unclear if consumers will even be comfortable with businesses gathering these kinds of insights.

Final thoughts

The future of retail technology is certainly exciting, but the potential pitfalls of adopting these technologies without careful consideration of the privacy issues and ethical questions should not be overlooked. Understanding ahead of time what you want the technology to do, what data you collect and use and how it all works together is paramount to conducting effective privacy impact assessments, understanding your legal obligations and implementing appropriate safeguards. Falling foul of your obligations could be not only incredibly expensive, but also lead to long-term reputational damage.

Please get in touch with our Deloitte Legal expert technology lawyers who are here to support you in identifying business opportunities, assessing legal risks and delivering solutions in this rapidly changing landscape.