Retail Analytics: Smart-Stores Saving Bricks-and-Mortar Retail or a Privacy Problem?

This article contends that large-scale data-gathering and processing by bricks-and-mortar retailers, known as ‘retail analytics’, can be a significant privacy problem in the way it normalises surveillance and the datafication of daily life. It argues that there is a disconnect between the legitimate commercial objectives of retailers and shopping centres and the extent of the impact on an individual’s privacy, as well as the erosion of privacy at a societal level. The article contributes to the literature by outlining retail analytics practices and their purposes with the aim of promoting greater awareness of them. It further highlights the importance of considering privacy in any decision-making about the implementation of data-gathering and processing technologies. In particular, it argues that there is an overreach by retailers in their data-gathering activities—that there is a disproportionate approach adopted when the objective of the retailer is greater customer convenience or engagement, but the result is a widespread surveillance system in bricks-and-mortar retail outlets. It argues that any consideration of privacy needs to honour privacy’s value and importance in order to attribute appropriate weight in decisions around the appropriateness of particular retail analytics practices and their implementation. Bricks-and-mortar retailers face significant commercial competition from online outlets, particularly at this time of pandemic restrictions. Both shopping centres and stores now attempt to provide a more personalised, customer-centric in-store shopping ‘ Bricks-and-mortar’ retailers are increasingly looking to retail analytics as a way of staying competitive with online counterparts. Retail analytics


I. Introduction
This article contends that large-scale data-gathering and processing by bricks-and-mortar retailers, known as 'retail analytics', can be a significant privacy problem in the way it normalises surveillance and the datafication of daily life. It argues that there is a disconnect between the legitimate commercial objectives of retailers and shopping centres and the extent of the impact on an individual's privacy, as well as the erosion of privacy at a societal level. The article contributes to the literature by outlining retail analytics practices and their purposes with the aim of promoting greater awareness of them. It further highlights the importance of considering privacy in any decision-making about the implementation of data-gathering and processing technologies. In particular, it argues that there is an overreach by retailers in their data-gathering activities-that there is a disproportionate approach adopted when the objective of the retailer is greater customer convenience or engagement, but the result is a widespread surveillance system in bricks-and-mortar retail outlets. It argues that any consideration of privacy needs to honour privacy's value and importance in order to attribute appropriate weight in decisions around the appropriateness of particular retail analytics practices and their implementation.
Bricks-and-mortar retailers face significant commercial competition from online outlets, particularly at this time of pandemic restrictions. Both shopping centres and stores now attempt to provide a more personalised, customer-centric in-store shopping 'Bricks-and-mortar' retailers are increasingly looking to retail analytics as a way of staying competitive with online counterparts. Retail analytics is a subset of big data analytics, and proponents contend that its use can provide a greater understanding of customer behaviours and patterns. To achieve this, retail analytics requires 'smart-stores' to collect and store as much data as possible about in-store customers, and to build detailed consumer profiles that can be used to sell products on an increasingly individualised basis. At the same time, enhanced efficiencies are gained by a better matching of staff resources and design of store layout that directly correspond to customer behaviours. The range of data collection and analysis technologies used in retail analytics is evolving and currently includes facial recognition software and video analytics, specially designed sensors, Bluetooth beacons, Wi-Fi data collections and point-of-sale systems, including loyalty cards. When these collection technologies are combined, a smart-store can, thus, resemble a sophisticated consumer surveillance system entailing numerous collectors and reusers of consumer-generated data. This article argues there is a disproportionate impact on privacy when compared to the benefits for retailers. It outlines the developing sphere of retail analytics and its manifestation through smartstores. It considers some of the key privacy issues that emerge through retail analytics and the consequent surveillance and 'datafication' of everyday life. This includes the issue of whether collected data is personal information, the degree to which individuals can understand the multifaceted data collection processes of smartstores, and the importance and weight to be attributed to privacy in any decision-making by stores in the uptake of various technologies.
Principles (APP) only arise where the information is 'personal information' as defined in the Act. The challenge in retail analytics is that collections of information are not always going to obviously be personal information in the statutory sense. The definition of personal information is context-specific and, therefore, changes over time. It is possible for a piece of data to not be personal information in one context; however, when combined with other data it may become personal information.

II. Data Collection Techniques, Technologies and Strategies
Data-gathering by retailers is not new. Store loyalty cards, credit card payment information and purchase history analysis have been around for decades. However, the development of the 'smart-store' 17 and the large range of collection technologies and analytical techniques associated with 'big data' have taken things to another level. 18 Retailers are collecting data from many sources including in-store Wi-Fi, mobile phones, mobile apps, kiosks, digital signage, social media and online search engines. In some cases, the data collection is about improving store layouts and inventory management, managing security and staffing levels, and curating the right mix of brands and goods to entice the likely customer. 19 The data that can be captured and analysed at an aggregate and anonymous level, or is attached to products rather than people, is less concerning from a privacy perspective. However, where the data collection is focused on decision-making at the individual customer level, then different considerations apply. The shift from aggregate to individual-level data analysis, enabled by tracking technologies, is seen by marketers as highly desirable, as it allows for much more granular targeting. 20 Sometimes it is not clear whether the data collection is focused solely at the aggregated level or whether it could be utilised at an individual customer level. For example, a store may have the tools to do a 'shopping basket analysis' to determine its discounting strategy across the board-an aggregated analysis may reveal that 50% of customers purchase socks and underwear at the same time such that it is more profitable to only discount one of these at a time. However, if the ability is retained to drill down at an individual customer level, then offers may be targeted to particular customers based on their past purchase history, and this may trigger privacy concerns.
In the case of supermarkets, customers' every move can be tracked with devices such as radio frequency identification (RFID) tags on products or shopping trolleys, as well as a range of global positioning system (GPS) tracking-based technologies, handheld price checkers, and thermal scanners in the ceiling. 21 GPS relies on satellites to provide accurate latitude, longitude, altitude and time, and is accurate to between four metres and fifteen metres. 22 Video cameras are also sometimes fitted with facial recognition technology, which allows for the comparison of a captured image at a predetermined location to a predetermined set of definitions (a template) typically tied to customer demographics. The power of this data-gathering comes from combining technologies such as GPS and phone network triangulation and Wi-Fi to provide the most precise location information. Other examples of combinations of technologies include RFID and digital touchscreens (such as kiosks) 23 fitted with facial recognition cameras, and beacons using Bluetooth technology to send offers to a customer's phone. 24 The facial recognition cameras are sometimes used in a 'face detection' way-that is, not to identify individuals by matching them to a database of photographs but instead to group them under demographic categories such as age, gender and race. 25 Detailed insights into individual customers can be captured through these cameras by recognising their emotions, detecting and measuring facial expressions, and even analysing their eye movements. 26 Advertisements can be targeted to billboards based on the demographic information and mood of the group walking past, evident in the Westfield example discussed in Section IV(C). 27 Cameras fitted with retail analytics software facilitate 'video analytics'. The video analytics process is designed to detect, track and recognise 'objects of interest' from multiple videos while interpreting their behaviour. 28 An 'object' can be a face, a head, a human or a queue of people. 29 The behaviour can include dwelling time, attention or movement across different sections. 30 17 A smart-store is a bricks-and-mortar retailer that utilises a range of new technologies and modern marketing concepts; see Hyunwoo, "Smart Store." 18 For example, see Pantano, Smart Retailing, 70. 19 Randhawa, "Retail Analytics," 601. 20 Bradlow, "Big Data," 85. 21 Cox, Retail Analytics, 17. 22 Cheung, "Location Privacy," 43. 23 Kiosks are a secure cabinet consisting of touchscreens, a computer and a printer with a credit card reader. They can be found in airports, retail stores and malls, hotels and banks. Inman, "Shopper-Facing Retail Technology," 9. 24 Ventura, "Retail in the Digital Era," 20. 25 Sightcorp, "Face Analysis Technologies." 26 Sightcorp, "Face Analysis Technologies." 27 Edwards, "Smile for the Camera." 28 Shan, Video Analytics for Business Intelligence, vi. 29 Shan, Video Analytics for Business Intelligence, vi. 30 Cazzato, "Pervasive Retail Strategy," 24.
The objective of video analytics is to describe the behaviour of shoppers and the effectiveness of ads, shelf space and product displays, and is generally done by calculating a range of indexes for attraction (viewing), attention (amount of time a customer spends looking at an item), relevance (how interesting) and engagement (derived from the correlation between relevance and attention). 31 'Gaze tracking', which can give information about the focus of attention, 32 underpins these indexes.
Location is a particularly rich source of data. 33 It has been described as one of the most sensitive forms of personal information because of the way it implicates other kinds of personal information and allows for inferences to be drawn. 34 In other words, it can be used to deduce many other things about an individual. 35 Section A explores in greater detail the techniques and technologies associated with location analytics.

A. Location Analytics and Customer Tracking
Location analytics, in the context of retail, has been defined as the process or ability to gain insight from the location or geographic component of business data. 36 Transactional data, when laid out in a geographic information system, can result in new insights. In the context of retailers, it has been particularly used to identify historical spending habits of people from different geographical locations and to allow for targeted advertising and better product distribution. 37 It can be used to improve sales and store layouts with the ability to track customer movement, creating greater efficiencies in staffing and cleaning of high traffic areas. 38 Max goes further in explaining the context for location analytics in a retail setting. 39 She argues that the concept emerged from a combination of disciplines, notably web analytics, where offline (bricks-and-mortar) retailers have wanted to emulate the success of online retailers such as Amazon, as well as the desire for targeted marketing, which is based on the assumption that personalised promotions to customers will increase conversion (the rate at which browsing customers convert to customers who purchase something). The data largely comes from a smartphone collecting its location from a variety of wireless technologies such as GPS and mobile cell phone towers, and is sometimes referred to as 'mobile location analytics'. 40 In-store tracking is a prominent example of mobile location analytics. The term is often understood as referring to a range of technological solutions that integrate retail infrastructures with sensor technologies, with the aim of continuously tracking and analysing customers' activities in or near a venue. 41 A retailer may rely on a range of technologies including GPS, Wi-Fi, and Bluetooth beacons to this end. 42 One increasingly common data collection technology being used in retail analytics is Bluetooth Low Energy (BLE) beacons, sometimes referred to as Bluetooth smart beacons. The primary objective of beacon use in retail analytics is for location tracking and targeted marketing to promote customer loyalty and impulse buying, and to increase customer spending. 43 Beacons allow retailers to directly contact customers and to send personalised advertisements and offers when they are in the vicinity of the store, 44 or even in a specific part of the store; they also allow for tracking movements, behaviours and frequency of visits. 45 Beacons are small radio transmitters that can be fixed throughout the retail environments or even built into displays or tablets. 46 The beacons send a signal that can then activate a smartphone app installed on a customer device. 47 BLE tracking is becoming increasingly commonplace because it is now built into Apple and Android devices without customers having to download an application; they only need to opt in to 'anonymous tracking'. 48 Max contends that location analytics was initially used in retail for 'people counting'. 49 However, retailers soon realised that location analytics could be used not only for the generation of in-store population statistics, but also for tracking individual customer behaviours. As such, location analytics could provide insight on population-based sales conversion rates, but it could also be used to generate data on how to increase this rate. 50 Even at this early stage, the original locational solutions to track customer behaviours in a store were a blend of laser, thermal and video technologies. 51 Thus, locational tracking techniques have developed into 'people-tracking technologies' that seek to capture customer and employee activities in the physical store and allow retailers to better understand traffic patterns, manage queues and demand, measure sales conversion and empower marketing.

B. Wi-Fi Location Analytics
It is now increasingly common practice for retailers and shopping centres to offer free Wi-Fi to customers as part of the customer tracking exercise. Wi-Fi is the technology standard for exchanging data over a wireless local area network. 52 Wi-Fi-enabled devices continually send 'probe requests' to find networks to join within range. 53 The probe requests and responses contain an identifier known as the media access control (MAC) address unique to the device, and this identifies devices in a network. 54 The MAC address is assigned by a manufacturer to a Wi-Fi-enabled device and is visible in communications between devices irrespective of whether the wireless connection is encrypted. 55 This means that a retailer can utilise wireless technologies and infrastructures to collect probe requests, then extract the MAC address and link it to a specific location. 56 It becomes possible to track customers by monitoring the signal strength received by the Wi-Fi access point, which can then be used to estimate the distance of the device from the access point. 57 The technology functions well indoors and is used more widely than GPS, despite not being as accurate as GPS. 58 Moreover, if the device is within the range of several access points, then this further increases the accuracy with which a retailer can pinpoint the device's location. Monitoring of the device location can occur over time, thus, building a profile of a customer's behaviour. This occurs even if the device is not connected to Wi-Fi, as it is sufficient for the device's Wi-Fi feature to be turned on. 59 Thus, Wi-Fi is a people-tracking technology that is ideal for capturing unstructured movement in large venues. 60 This is becoming increasingly important because Wi-Fi sensors can monitor radio waves from smartphones and can cover a range of approximately 10,000 square metres. 61 The technology can in this way be used to track customer behaviour over a relatively broad location through the combination of different Wi-Fi access points, both in-store and out. For example, journalists visited a Canberra shopping centre, utilised the free Wi-Fi and then requested the collected data. The data revealed which websites they had visited on their iPhones as well as where the phone had been and noted details of what section of the centre the device was in, for how long and on what floor. 62

III. The Purpose of Analytical Operations
Since the technologies are evolving, collection strategies are likely to develop considerably over the short and medium terms. It is appropriate to consider the purpose of these analytical operations at a more general level. The main function of retail analytics is personalisation. There are three categories of practices overlapping to some extent, but can be identified as: • personalisation and targeted ads to enhance in-store customer experience and to increase sales and loyalty • audience measurement information and demographics to improve the efficient use of store resources and to facilitate personalisation • profiling interests and behaviours to facilitate a more personalised customer service.
The different types of analytical function that are starting to emerge from smart-stores provide insight into the development of dense and multiple data collection networks. The analytical function of the smart-store is predicated on omnibus-style data collection to fulfil the main purpose of the analytical exercise: personalisation. This section outlines key facets of personalisation, and, in doing so, examines how proponents of retail analytics justify the collection of data for a more enhanced and personalised customer experience. This is achieved in three ways: targeted marketing to customers, increasing audience measurement, and enhanced customer profiling.

A. Targeted Marketing
Personalisation in the form of targeted marketing is one of the ultimate drivers for retail analytics. The logic seems to be that customers are more likely to buy a product or service if it is relevant to them; to know this, retailers must collect as much data as possible to build a clear picture (profile) of their customers. 63 According to EKN, retailers are using analytics to gain a deeper understanding of their customers' behaviours, needs and preferences to build a more personal relationship. This greater knowledge of customers is supposed to improve marketing effectiveness by micro-targeting, which ultimately leads to offers that increase the likelihood of a purchase. 64 Similarly, Gassen and Fhom describe the motivation for retail analytics as better understanding customers' shopping patterns, which, in turn, leads to improved customer engagement and marketing, optimised product placement and the ability to run targeted campaigns towards user groups who share similar profiles. 65

B. Audience Measurement Information and Demographics
While targeted marketing can focus on individual customers, it is becoming increasingly common for retailers to now target broader population demographics. A customer's physical characteristics, such as their height, weight, gender, and skin and clothing colour-sometimes referred to as 'soft biometrics' 66 -are captured by video cameras fitted with facial recognition and video analytics technology. These 'soft biometrics' can be used to describe the essential characteristics of an individual without (it is argued) uniquely identifying them. 67 The technology has evolved to the point at which a person's emotional state and eye movement can be collected. 68 In some instances, the cameras are concealed within mannequins. 69 Mogg argues that while stores generally have security cameras that could be fitted with the facial recognition technology, the advantage of having it within the mannequins is that it improves the accuracy of the data, given the close proximity of the camera to individual customers. 70 In addition to picking up these demographic details, the cameras are also able to register how long someone is looking at an item, 71 and it is possible that the mannequins may be fitted with microphones to pick up customers' conversations about the products displayed. 72

C. Profiling Interests and Behaviours
As outlined, retailers are investing in more resources to better target both individuals and broader populations of customers. Indeed, this means that the interests and behaviours of customers can be profiled to a significantly greater depth than previously. Hildebrandt defines profiling as the process of knowledge discovery in databases by means of pattern recognition. 73 The patterns emerge from data-mining, and after interpretation and testing, they can be used for predicting the behaviour of the subjects being profiled 74 or for predicting preferences and attitudes. 75 In the context of retail analytics, behavioural advertisers use customer profiling for direct marketing purposes. 76 Advances in tracking technologies have enabled advertisers to construct personal profiles to target customers individually, thus, creating more relevant advertising and efficient advertising spending. 77 However, this can give rise to some significant privacy concerns. King and Jessen identify a range of privacy concerns with profiling, including interference with customers' rights to adequate notice of the collection of their personal information and pervasive and non-transparent commercial observation of consumer behaviour, as well as the increased generation of unwanted marketing material. 78 In fact, unauthorised creation of consumer profiles was one of the fastest growing consumer complaint categories in the United States, rising by 193% from 2007 to 2008. 79

IV. Privacy Concerns: Datafication and Normalising Surveillance
The privacy concerns arising from customer profiling are not specific to one technological development, but are instead representative of a wider concern: datafication and the normalisation of surveillance practices through everyday automation. Under the Privacy Act, smart-store retailers subject to the legislation 80 must comply with the APP in the collection, handling and processing of personal information. Personal information is defined as: information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not. 81 The challenge is that many of the retail analytics practices may not on their face necessarily be characterised as being 'about' an identified individual or even 'about' an individual who is 'reasonably identifiable' under the current terms of the Act. Whether or not metadata generated by a mobile device in the hands of retailers is personal information in Australia is a grey area. 82 Whether or not cameras that are used for face detection (cf. facial recognition) are making an individual reasonably identifiable is also questionable. This means that retailers may not necessarily consider that what they are doing falls under the protections in the Privacy Act and, therefore, remains largely unregulated. The Privacy Act and the definition of personal information were under review by the Australian Government in 2020 and 2021. While the definition of personal information is intended to be expansive, 83 the Australian Attorney-General's Department describes 'it is somewhat unclear in its application to technical information'. 84 The review is not expected to be finalised until later in 2022; however, an amendment to the definition of personal information to make clear the Privacy Act's application to technical information may address concerns about how data is collected across the digital economy. 85 Even where a retailer's collection practices are clearly for 'personal information', it is questionable whether those collection practices will meet the requirements in the APP. For example, collecting personal information is accepted only where it is reasonably necessary for a retailer's functions (APP 3.2); by fair and lawful means (APP 3.5); with the individual's consent where the information is also 'sensitive information' (APP 3.3), and with reasonable notification of the collection practices (APP 5); and where managing the information is done in a transparent manner in line with a published privacy policy (APP 1). The case studies outlined in Sections A-E illustrate these points.
A key effect of the extended use of retail analytics is that bricks-and-mortar stores are essentially emulating the data-gathering and customer surveillance abilities of online retailers. Turow et al. argue that physical bricks-and-mortar retailers are playing catch-up with their online counterparts in their ability to provide 'individualised relevance'. 86 They define this as presenting the shopper with products that reflect that person's interests, encourage the person to investigate the products on-site, and that offer goods at personalised prices that reflect the person's comfort zone. In fact, much of the existing literature on retail analytics extols the positive virtues of personalisation for retailers through targeted marketing as a means to increase sales. 87  1970s and 1980s. They contend that monitoring people through their digital personae is much more economical than physical observation and, hence, it has become more widespread. 89 They also refer to the concept of 'überveillance' as the sum total of point in time, predictive, real-time and retrospective types of surveillance, and the deliberate integration of an individual's personal information for the continuous tracking and monitoring of identity and location in real time. 90 This can be contrasted with 'locational privacy', which can be defined as an individual's expectation that when they are moving in a public space in normal circumstances, their location is not being systematically and secretly recorded for later use. 91 The tension between überveillance and location privacy is that information arising at different times, and from different forms of surveillance, can be combined to offer a more complete picture of a person's activities, and to enable more inferences to be drawn, or suspicions generated. 92 This combining of information can be thought of as 'datafication'. Beyond digitisation, datafication puts information into a quantified format so that it can be tabulated and analysed. 93 Datafication allows for more sophisticated information analysis and facilitates analyses across large data sets. 94 It seems to be driven by the desire to turn 'human behaviour … into an analysable form', 95 and has led to 'the wider transformation of human life so that its elements can be a continual source of data'. 96 Referring back to retail analytics, Turow's et al. focus on how understanding the retail industry's strategies for organising and 'naturalising' information-gathering about customers is important. Bricks-and-mortar retailers in trying to remain competitive are normalising information-gathering about their customers to the extent that they are becoming 'cultural routines'. 97 The period of the mid-1980s through to the 2010s is referred to as a 'great data transition', with customers no longer viewed through a broad demographic lens but as individuals giving off streams of data often in real time. 98 The development of the internet and the success of online sales of books and music are seen as decimating their real-world counterparts. 99 Bricks-and-mortar retailers' perception was that their long-term survival depended on migrating to the digital world themselves, embracing the tracking potential of new technologies and the 'actuarial' potential of the data collected. 100 These retailers are seeking to find an optimum 'loyalty and analytics' combination, describing this as the need to integrate data mining and surveillance into their sales areas. 101 The requirement is to mimic the online sites' ability to follow people around and tailor offers to them, which will generate repeat business.
This constant wide-scale data-gathering becoming entrenched in 'real-world' smart-stores, and the consequent surveillance and datafication in which it results, do not sit comfortably with privacy. Such erosion of privacy through immense data-gathering and processing capacity in the most ordinary of everyday environments (shopping centres) runs the risk of becoming entrenched as a cultural norm. The loss of privacy in this incremental way should be acknowledged so that privacy may be given its proper weight in decisions about how data-gathering and processing technology is utilised.
Giving privacy its proper weight requires some articulation of its meaning and value. Although privacy is widely considered notoriously difficult to define, 102 its value is generally understood in terms of 'promoting personal dignity and autonomy in ways that are important for individual personality, healthy civic discourse, and democratic governance'. 103 Where privacy is lost, it has been said that much else is lost, due to privacy's centrality to the whole structure of human interaction. 104 In the context of retail analytics, the most relevant privacy interests can be summarised as freedom from surveillance and manipulation, and the 'right to be let alone' and to be protected from the unreasonable intrusiveness of others. 105 The 'right to be let alone' suggests a sphere in which it is possible to be anonymous and unobserved, 106 an objective that is increasingly difficult to achieve in a world where retail analytics and big data collection methods are used. Despite this, there is arguably the expectation of individuals in public places still seeking and finding freedom from identification and surveillance. 107 Being free from certain kinds of intrusion is at the core of privacy, and this is understood through social and legal norms that specify 'when, where, and in what ways we may and may not be observed, listened to, questioned, and in other ways kept track of'. 108 Those legal norms may be found in information privacy legislation such as the Privacy Act. The real objective of information privacy regulation has been described as protecting individuals against unjustified interferences in their private life by protecting them against unjustified collection, storage, use and dissemination of their personal information. 109 The question becomes whether smart-store retailers' data-gathering and processing is justified. It could arguably be viewed as manipulation with the enhanced ability to not only target consumer preferences, but also exploit individual vulnerabilities. 110 The following case studies illustrate actual examples of retailers' data-gathering practices and highlight some of the privacy implications from those practices. They demonstrate that the extensive data-gathering and processing practices of retailerswhile potentially offering useful insights for stores, or convenience for customers-come at a disproportionate cost to individual privacy through unnecessary surveillance and datafication.

A. Case Study 1: Target
The department store Target's data analytics system rose to prominence when it was revealed in a 2012 New York Times article that it was able to predict that a young woman was pregnant before her family knew. 111 The woman's father had gone to the store to complain about Target sending his teenage daughter discount vouchers for maternity items, but, as it transpired, Target were indeed correct that she was pregnant. 112 Target had collected data about the young woman's purchase history for twenty-five unique products, which were analysed together, producing a 'pregnancy prediction' score. 113 The analysis included comparison of the purchase history of customers who had joined its baby registry with its wider customer database. 114 The young woman in this case had not joined the baby registry, but because her purchases were similar enough to customers' in the registry, Target was able to infer that she was pregnant. 115 Indeed, Target had perfected the technique to the extent that they were able to know what customers bought at different stages of the pregnancy, and to target the personalised offers more precisely. 116 The example is striking for several reasons. In particular, it reveals how the decisions of others (those joining the baby registry) affect the privacy of individuals (who have not joined the baby registry or volunteered their information). Barocas and Nissenbaum suggest that only 20% of a particular population needs to disclose that they possess a certain attribute for an adversary to then identify all the other members in the population who also have this attribute. 117 As such, it implies that the value of the consent of the other 80% of that population is significantly weakened. 118 The choices of the individual about their information will not be determinative.
The other striking aspect of this example is that Target capitalised on marketing research, which shows that when someone is going through a significant life event (such as the birth of a child) they are more susceptible to marketing offers. 119 Target marketing staff apparently stated that 'new parents are a retailer's holy grail', and that if they could identify and target women in their second trimester (which is when most expectant mothers begin buying items such as maternity clothing and vitamins), this would increase their chances of securing them as long term-customers. 120 Marketing staff were also able to demonstrate that when a child is born, the parents are so exhausted and overwhelmed that whoever they are shopping with at the time is likely who they will stay with over many years, and not just for maternity items but also other goods. 121 Target's prediction of the young woman's pregnancy was not a random exercise but a calculated business decision. If privacy is understood as more than just protection of information but in terms of personal privacy and the desire to be let alone and to be free from unwarranted intrusion and manipulation or domination by others, 122 then it is particularly striking in the way the company targeted pregnant customers. One's susceptibility to change brands to Target due to exhaustion and overwhelm, and their value as long-term customers, meant their identification as pregnant customers was important to the store precisely because they were vulnerable and could be more readily manipulated. It highlights the power imbalance between retailers and individuals and how retailers can exploit this for their own ends.
While the huge volume and granularity of the data collected by retailers may increase their competitiveness and the personalised service they can offer customers, it also provides the vehicle through which surprising and intrusive inferences can be made about those customers.

B. Case Study 2: Cadillac Fairview
Cadillac Fairview is a North American commercial property company. It owns at least a dozen large shopping malls in Canada where it had installed facial detection technology in its digital directories/information kiosks.
Cadillac Fairview's privacy policy did not make any mention of using facial recognition (or detection) technology. 123 Cadillac's practice of using facial recognition (detection) technology without gaining individual consent was the subject of a joint investigation by the Canadian federal, Alberta and British Columbia privacy commissioners ('the Privacy Commissioners'). 124 The main focus was on the issue of whether Cadillac's use of 'anonymous video analytics' (AVA) technology in its interactive digital directories resulted in the collection, use or disclosure of personal information and, if so, whether Cadillac obtained adequate consent for the collection, use or disclosure of that information, including whether Cadillac retained the information longer than necessary. Cadillac argued that its practice in relation to the AVA software was not the collection of personal information because the stored gender and age estimates generated by the system are anonymous and could not be used, alone or in combination, with other information to identify an individual. The company is quoted as stating that its goal was to analyse the age and gender of shoppers and not to identify individuals. 125 This demonstrates that the emphasis on 'identifiability' means there are practices that organisations may not be recognising as the collection of personal information and requiring compliance with the Privacy Act.
The Commissioners found that the AVA technology: 126 (i) took temporary digital images of the faces of any individual within the field of view of the camera in the directory [and that this was] retained in computer memory briefly during processing (ii) used facial recognition software to convert those images into biometric numerical representations of the individual faces [which is] sensitive personal information that could be used to identify individuals based on their unique facial features (iii) used that information to assess age range and gender.
The Commissioners noted that while they did not find any evidence that Cadillac had used the biometric information, including any of the retained numerical representations, for identification purposes, there had been the collection and use of personal information through the AVA technology without the requisite notice or consent. 127 It did not matter that the captured images of individual faces were kept only for a very short time. Further, the images captured by the technology were used to generate additional personal information including numerical representations, age range and gender of individual faces, which were then collected and retained for a much longer time period. 128 The Privacy Commissioners reasoned as follows: We accept that the demographic output generated by the AVA Technology, such as age and gender assessments, would not on their own, constitute personal information for the purposes of the Acts. That said, non-identifying information can be 'personal information' in context, and in this case, the demographic output was retained with other information including biometric information, location, and a timestamp. It is our view that the combination of this information raises a likelihood … that the individual could be identified. This is the case even though we found no evidence that CFCL attempted to 122 Wacks, Privacy, 38. identify individuals from this collected personal information. It is therefore our position that the demographic output also constitutes personal information in this context.
The ability to combine identifying information with non-identifying information is enough, then, to make information personal and subject to the protection of privacy legislation. Even if the step of identifying individuals is never taken, it is the potential to do so that means the information should be treated as personal information.
A secondary issue investigated by the Commissioners was whether Cadillac's use of mobile device geolocation technologies resulted in the collection, use or disclosure of personal information. The Commissioners found in this instance that Cadillac did not collect the location information of identifiable individuals through mobile device tracking technology. This was because there was no practical prospect of associating a hashed and randomised MAC address (device identifier) and the non-granular 'zone' geolocation information collected using Wi-Fi triangulation with a logged-in Wi-Fi account or an anonymous shopper journey. However, they noted that as a general principle, device identifiers can constitute personal information where they render a specific individual identifiable either alone or in combination with other information. 129 This case study demonstrates the contextual nature of the definition of personal information and how organisations will not always consider what they are doing to be subject to the Privacy Act.

C. Case Study 3: Westfield
Westfield (now known as Scentre Group) is a large shopping centre company with shopping centres throughout Australia and New Zealand. The media has reported on Westfield's use of digital advertising billboards to capture the age, gender and mood of passing customers to tailor advertisements. 130 According to Westfield's privacy policy: 131 audience measurement information collected passively using in centre technologies such as SmartScreen Advertising Units which utilise image processing software to aggregate data such as shopper numbers and demographics. These technologies do not identify individual shoppers, or record or retain images of individual shoppers.
Westfield refers to this information in its policy as 'other information we collect', an indication that they do not consider it 'personal information' but still pertinent enough to include in their privacy policy. The technology is not facial recognition but rather face detection, such that the collection of information is limited to age and gender rather than precise photo-matching databases to identify who customers are. 132 Even so, the technology would likely come as a surprise to most customers, particularly as, according to The Guardian, 'once the billboards have your attention they hit record, sharing your reaction with advertisers'. 133 As the practice does not identify individuals or make them 'reasonably identifiable', it is unlikely to trigger the provisions of the Privacy Act because there is no capture of 'personal information' on a surface examination. However, there is the broader question of whether privacy is still infringed in circumstances in which an individual is not identified but is being targeted as part of a group and surveilled without their full awareness of the practice. Without a detailed explanation of how the technology works, it is possible that it is similar to the Cadillac Fairview example, in which the Canadian Privacy Commissioners found there were enough pieces of information retained by the software system to make the information personal in that context, despite Cadillac's lack of intention to identify people. If the cameras have the ability to recognise the mood of the passing individuals, then this suggests that at some stage in the process, a photo with good resolution must be taken to make that association. 134 This case demonstrates that privacy policies may not always make retail analytics practices entirely clear and that much depends on the company's interpretation of whether they are collecting personal information and, therefore, subject to privacy legislation. and sensors that detect which products are picked up from (or returned back to) the shelves 136 and adjust the customer's bill accordingly. 137 The primary appeal for consumers seems to be the absence of queues to pay for goods, with an apparently seamless and fast shopping experience. However, the volume of data collected in the process, together with the privacy risks that this brings, is the trade-off. 138 Amazon Go has automated much of the purchase, checkout and payment steps associated with buying food. 139 The technology in combination is known as 'Just Walk Out Technology' and is responsible for keeping track of items taken from, and in some cases returned to, the store's shelves, and keeps track of the customer's virtual cart. 140 'Just Walk Out' is comprised of: 141 • an app using location-based services • QR code IDs • integrated payment • image recognition • multiple sensor technology • artificial intelligence • machine learning • similarity to web shopping through just one click.
However, the extent of the privacy impact is more readily understandable with Miles's description of the technology: Amazon's convenience stores rely heavily on location technology to track consumers' movements inside buildings. Cameras analyze shopping behaviors, strategically placed microphones listen to conversations, and information about consumers' shopping habits is stored in a central database that Amazon can reference for future operational and strategic planning. 142 This case study demonstrates the convenience offered by a 'just walk-out' smart-store is only possible through extensive datagathering across several channels. If this style of store were rolled out more widely, then it seems that extensive surveillance would indeed be normalised and privacy concerns intensified. Customer convenience is unlikely to justify the reach of such surveillance infrastructure.

E. Case Study 5: 7-Eleven
Convenience store 7-Eleven has approximately 700 stores across Australia. Its practice of collecting customer facial images upon completing a customer survey was assessed by the Australian Office of the Information Commissioner (OAIC) in 2021. 143 Across mid-2020-2021, 7-Eleven administered a survey about customers' in-store experience via a tablet device. Each tablet included a camera that took facial images of the customer as they completed the survey. Facial images were stored on the tablet for about twenty seconds before being uploaded to a cloud-hosted service and deleted from the tablet. 7-Eleven's service provider processed the facial images by converting each facial image to an encrypted algorithmic representation of the face (faceprint), and then assessed and recorded inferred information about the customer's approximate age and gender. The faceprint was then sent to another piece of software along with all other faceprints generated by responses entered on the same tablet for the last twenty hours. This software searched for faceprints that were similar; if there was a high probability match, then this was flagged in the results. The objective was to identify responses that were not genuine and exclude them from the results. By March 2021, approximately 1.6 million survey responses had been registered. 144 First, the Commissioner found that this was a collection of sensitive biometric information. She then held that risks associated with the collection of such information were not proportional to the function of understanding and improving customers' in-store experience. 145 In particular, there were other ways in which the retailer could have identified potentially non-genuine responses and collected demographic information, which would have had a lesser privacy impact on individuals. 146 The OAIC was not satisfied that the large-scale collection of customers' facial images (sensitive biometric information) through 7-Eleven's feedback survey was 'reasonably appropriate and adapted' to understanding and improving customers' in-store experience. 147 The benefit to 7-Eleven 'was disproportionate to, and failed to justify, the potential harms associated with the collection and handling of sensitive biometric information'. 148 The Commissioner noted that biometric information is of particular sensitivity due to the risk of adversity to individuals where the information is misused or compromised, and that it cannot be reissued or cancelled like other forms of compromised information. 149 She found that this was in violation of APP 3.3, as the collection was not 'reasonably necessary' for 7-Eleven's functions. 150 Further, there was no evidence that individuals expressly consented to the collection of their facial images or faceprints. 151 The case shows the OAIC using proportionality as a mechanism for assessing the necessity and legitimacy of a retailer's practice when assessing it against APP requirements for the collection of personal information. It is an example of a retailer's datagathering practices being disproportionate in its effects on privacy when compared to the benefit it is aiming to pursue. Further, it demonstrates how retailers do not necessarily regard what they are doing as the collection of personal information. 7-Eleven had submitted that the facial images and faceprints were not personal information 'because they are not used to identify, monitor or track any individual'. The Commissioner did not accept this. The Privacy Act's definition of personal information does not make any reference to the intentions of an organisation about what it is going to do with the information; the facial images here could identify individuals even if this was not what 7-Eleven intended to do with them.

V. Conclusion
These considerations highlight that the processes of data collection, storage and analysis that pervade the construct of the 'smart-store' lead to the creation of a sophisticated surveillance apparatus that is designed to monitor all aspects of customer behaviour and store use. The combination of technologies and the lack of transparency of collection practices is what distinguish retail analytics from traditional paper-based and in-person collection techniques. As argued, a key concern that arises from the use of retail analytics is that the implementation of the technology and retailers' legitimate commercial objectives come at a disproportionate cost to privacy, with often less intrusive measures being available. In particular, the case studies demonstrate how these practices entrench surveillance and datafication to such an extent that there is an erosion of privacy. The case studies also show the capacity of those technologies and how the average individual is largely unaware of the level of individual tracking that is taking place. Most individuals would be surprised to know that a retailer could deduce their pregnancy just from their shopping history, or that their image was taken and assessed biometrically when passing a digital screen at a shopping centre, or filling in a customer satisfaction survey. This article has argued that the smart-stores' intent of enhanced 'individualised relevance' is ultimately a privacy problem with its emphasis on datafication and the normalisation of surveillance through hyper-individualised targeting, tracking and monitoring. This overreach by retailers may be tempered by a better understanding of the value and importance of privacy in any decision-making about the implementation of particular retail analytic technologies.