Loyalty cards for New World Clubcard, Farmers, AA Smartfuel and Airpoints.
Research report
28 January 2020

How much are loyalty schemes earning from your data?

Loyalty schemes earn big money from the data they collect about us.

Member comments

Get access to comment

Ray M.
07 Mar 2020
Want privacy don't join

If you don't want your info used or sold then the only realistic solution is to not join these schemes. The old saying that 'nothing is free' applies. In return for giving you fairly small discounts the scheme owners are 'buying' information about your behaviour that they believe they can make money from.
It is a transaction where you are the product.

Tony I.
09 Feb 2020
Interesting reading

It's pretty disappointing to read "When we asked major loyalty schemes for a full list of third parties that received data, none would provide this information." I wonder how they manage to get away with this given Principle 3 of the Privacy Act. The NZ Government publication "Information privacy principles - descriptions and examples of breaches of the IPPs" (https://snapshot.ict.govt.nz/resources/digital-ict-archive/static/localhost_8000/assets/GCPO/Information-privacy-principles.pdf) makes interesting reading and states you should tell individuals "If the information will be disclosed to anyone else, and if so who?". So why not as a bare minimum require the data collectors to maintain a list on their website of who these third parties are you could reference if you wished to (and yes I do understand that the seller and receiver of our information would prefer anonymity but I'd prefer transparency of what happens with my data).
I'd also be interested in any follow-up research including a banking industry example.
Thanks for the interesting and informative report.

Viv Riddell
08 Feb 2020
Loyalty cards

Thanks for your analysis. One other thing that I didn't see in your report was the time to expire for the loyalty points. I find this particularly annoying as Countdown points need to be earned within 6 months. As a shopper for one, I don't usually get sufficient points in a 6 month period.

Renate S.
08 Feb 2020
The other side of the paranoia coin

The coin has two sides. If I get some benefit from a loyalty scheme, I do not mind if someone else also gets a benefit, e.g. those who have information about my shopping also make money with my info. So what? It is only statistics, not private info. It does not hurt me, and I am not paying or losing money if they too have some gain. To this date it has never harmed me. Hacking someone's data can happen to anyone. That is what Norton or similar software is for. But to the contrary, by enhancing their business, they can provide better service to potential clients and we are both winners. Yes there is "no need to know", but so long it does not harm ME and so long I am not paying for it, let them have their share of the cake. Stop the paranoia and scaremongering. That is not what we are paying for with our Consumers subscriptions.

Tony I.
09 Feb 2020
Response: The other side of the paranoia coin

Personally, I'm in complete disagreement with you about this. This is exactly the type of research I want consumer to be doing with my subscription.
I'd back consumer doing one of their campaigns on this subject.
If you think Nortons on your local machine will help protect your PII data from enterprise hacking you need to educate yourself some more.
The Netflix documentary - THE GREAT HACK is sobering viewing on what is being done with our data, and that is just the tip of the iceberg.

Marysia V.
11 Feb 2020
Not paranoia or scare mongering

We absolutely do need to know what happens to our data in these schemes. The fact that the companies would not tell us exactly who our data is shared with is very concerning. If one of these partner companies is hacked and they have our data, then we are at risk. If they share sensitive data with insurance companies (esp. Health Insurers) then you might not be able to get affordable insurance. The flow on effect is significant. I find it totally unacceptable that they have refused to tells us who they share our data with, and I feel that they are in breach of the intent of the NZ Privacy Act. We need consumer to keep analyzing these companies and informing us of rights. We need a campaign to force them to tell us where our data is sold and/or shared, and for us to opt in/out of their data sharing/selling.

Bob F.
08 Feb 2020
Great Research to Publicise Widely

This is great analysis of an increasingly troublesome threat to the individual's privacy and autonomy. Hopefully Consumer will follow this up to find out and further publicise how this harvested information is used to target us, and by whom, but also to work on our behalf to lobby government to block as much of this intrusive exploitation as possible. Heartfelt thanks to both Consumer and Researcher. Keep it up!

John M.
08 Feb 2020
Loyalty schemes selling of your info.

There is nothing to stop you when you initially join one of these schemes to enter completely erroneous information! Sure they still know when you shop and what you buy but if you are a 20 yo male but are registered as a 90yo trans, then their info is not very accurate. So if we ALL deliberately mislead them most of their info would be crap.

Stephen G.
08 Feb 2020
?Too late to stop

Certainly the monetary value is hardly worth the risks, though there is always something great about using my true rewards loyalty points for a "free" shop at Farmers.
I wonder if I ceased swiping my loyalty cards now and cancelled them, I would imagine that the already received data continues to be available and thus is a part of the collective available for future hacking? Any comments?