The case of the US supermarket chain Target

We have already mentioned the case of the Target supermarket chain, which suddenly started sending a teenager regular adverts for baby products. After a complaint from the father, the family found out that the daughter was actually pregnant. How could the supermarket chain have known this before the family?

WHY?

• The supermarket chain assigns each customer an internal identification number. 
  
  
• All purchases and interactions are stored under the corresponding number, be it purchases, payment by credit card, visits to the website, calls to the hotline, etc.
  
  
• The supermarket chain's statistics department analyses the collected data and attempts to derive instructions for action with the aim of increasing the supermarket chain's sales. For example, parents receive targeted catalogues with toys before Christmas, customers who buy swimming costumes in April receive vouchers for sun cream in July and advertising for diet guides in December. 
  
  
• As the birth of a child is particularly lucrative, a kind of "pregnancy prediction score" has been created that predicts the pregnancy and even the delivery date of customers. This score is based on an analysis of items that are purchased with a certain frequency by pregnant women (e.g. nutritional supplements, fragrance-free skincare products) or products that are no longer purchased (e.g. menstrual hygiene products or contraceptives). Accordingly, customers who are assigned to this category receive special pregnancy-related advertising and vouchers. 

Source: https://crackedlabs.org/studie-kommerzielle-ueberwachung/info

Backgrounds

Our shopping behaviour reveals a lot about ourselves, our lifestyle and our social status. And even if not all data is recorded completely, this does not protect us from being categorised. A team of researchers led by Yves-Alexandre de Montjoye from the Massachusetts Institute of Technology (MIT) analysed credit card data in which the names, credit card numbers and products purchased were removed from the database. Nevertheless, in 90% of cases, only four additional data points were sufficient to assign a data record to a real person. 

Source: https://www.science.org/doi/10.1126/science.1256297

So we leave data traces everywhere, many of them without realising it. This brings us back to our question from the beginning: "Do we have nothing to hide?" and "What could possibly happen to me?". Perhaps you think differently now.

Example

Just imagine: Your insurance company increases your premiums. Following cooperation with the loyalty points programme of a supermarket chain, you have been identified as having an unhealthy lifestyle. The insurance company therefore increases your premiums. 

Unjust? Aren't they allowed to do that? 

Yes, that's true. And yet the idea is not as far-fetched as it seems at first. Some German health insurance companies have long been advertising discounts if the insured person agrees to share their smartwatch's health data with the insurance company. Insurance companies and banks use automated systems that use our data (e.g. age, place of residence, etc.) to assess our creditworthiness or calculate our insurance risk. And anyone who ends up in the wrong database for whatever reason may no longer be allowed to enter the USA or other countries tomorrow.