There is a fundamental difference in the volume of data collected by Trader Joe, Costco et al and Amazon.
Costco at best knows what I bought at their store, Amazon knows a lot more than that. Just from the data they collect on the store they will know how many people compared what products with what else, what are they searching for, what is in who's shopping list, they will likely know demographics and lot more information about the buyers as well.
It is not remotely the same problem between online and offline.
Actually retailers are far more sophisticated than you think. Plenty of data brokers work with them to help piece together a larger puzzle. Plenty of startups willing to help them get to the sophistication of Amazon as well. Still early days for knowing consumer shopping behaviour in store but they pretty much know who you are if you signed up for loyalty cards or paid by card.
While it is more sophisticated than most people think, target famously knowing about a pregnancy, even before a close family member does happen , online will always have lot more data, and it is just not data on the website only .
Same way we legislate privacy ? Our shopping data should be just as anonymous as browsing and PII perhaps more so . This is not much different from GDPR type regulation ?.
How do we make companies follow it is different issue altogether . First step is the make liability exposure high for violating (like COPA ?) and provide consumes right to access what they have on you.
There is no technical way privacy of this or any other kind can be guaranteed, companies internal controls are always going to be opaque and data collection looking from the interfaces we can audit may not visible .
We can only make it higher risk legally and give consumers frameworks to make it easier to expose violations
Individual shopping data from the consumer to the retailer. That should be PII and treated like any other sensitive data.
Aggregate data on what consumers bought from the retailer. This is the retailer's data.
Individual sales data from sellers of the retailer's platform. This should be PII and treated like any other sensitive data.
Aggregate data on what consumers bought from all sellers on the retailer's platform. This is the retailer's data.
Individual data on consumer actions on the retailer's platform prior to purchasing an item. This can / should be PII. This includes search history, shopping cart, listings visited, etc.
Aggregate data on consumer actions on the retailer's platform prior to purchasing an item. This is the retailer's data.
---
My position is it's unreasonable to ask retailers to limit their use of aggregated, anonymized data. And unless you limit that use, it doesn't materially change the current situation. The major difference between Walmart, Costco and Amazon is Amazon has a lot more aggregate data.
If retailer is just a retailer , aggregate sales data is theirs to do as pleased . If they are also sellers it is problem, if we cannot stop them collecting or using , then all sellers must have access to the same information.
Costco at best knows what I bought at their store, Amazon knows a lot more than that. Just from the data they collect on the store they will know how many people compared what products with what else, what are they searching for, what is in who's shopping list, they will likely know demographics and lot more information about the buyers as well.
It is not remotely the same problem between online and offline.