Kroger’s Surveillance Pricing Harms Consumers and Raises Prices, With or Without Facial Recognition

Every time you step into a grocery store, you step into a machinery of data that tracks, analyzes, shares, and influences your shopping behavior. Based on shopping history and data shared from data brokers—including internet browsing history and online purchases—grocery stores may infer your age, gender, race, economic status, family makeup, health conditions, or other lifestyle characteristics. Grocery stores might categorize shoppers as “interested in fitness and not price sensitive” based on often buying organic foods and visiting gym websites or “expecting mother with a toddler” based on purchases of prenatal vitamins and searching online for toddler-sized clothing. Grocers build detailed profiles of consumers to nudge them towards shopping choices that increase their profits, whether through different prices or personalized discounts and offers—at the expense of the consumer. Even worse, grocery stores also sell data gleaned about you to other companies, further enriching their profits while undermining consumers’ privacy. 

Surveillance pricing is a growing practice that relies on collecting vast amounts of data from customers, making inferences about customer characteristics, and using those inferences to inform the price each customer pays for products—all to maximize profits. Companies engaged in surveillance pricing violate consumer privacy by surreptitiously collecting data about consumers and using it for unexpected and out-of-context purposes, threatening their autonomy by covertly influencing their choices, and extracting more from what customers ultimately pay for products.

Recently, Kroger caught the attention of lawmakers and the media over its potential use of facial recognition to enhance its surveillance pricing capabilities and its use of electronic shelving labels (ESLs) to profile and target customers with higher prices. Although Kroger has since claimed that it has no plans to identify customers’ faces at digital displays, the grocery chain has been using ESLs for years.

Regardless of whether facial recognition or ESLs are involved, surveillance pricing is already a reality that harms consumers by violating their privacy and increasing the cost of everyday goods. This blog post explains why surveillance pricing is a concern for consumer privacy, how ESLs and facial recognition fit in, and two lessons we can learn: (1) the need for data minimization regulations; and (2) the need for facial recognition technology regulations.

 Why Surveillance Pricing is More Privacy Invasive than Dynamic Pricing

Surveillance pricing refers to the practice whereby companies collect or obtain individualized personal information about their actual or potential customers and use a variety of techniques to target different prices to specific consumers for the same goods or services to generate greater profits. The goal of surveillance pricing is to determine the highest price that the business infers the customer is willing to pay, based on data collected about the customer. 

There are several related but different terms used in this space. “Personalized pricing” refers to the practice of businesses using consumer-specific data about their conduct or characteristics to set different prices to different consumers based on what the business thinks they are willing to pay. In contrast, “dynamic pricing” refers to using non-customer-specific variables to adjust prices depending on changes in demand and supply, often in real time. Examples of companies using non-customer-specific variables to change prices include Uber prices surging during rainy weather, last-minute flight prices increasing, or Ticketmaster charging more than $22,000 for a Taylor Swift concert ticket because of massive demand. These types of dynamic pricing may also be called “surge pricing” because prices surge in real time when demand increases. All of these practices fall under the broader umbrella of price discrimination, where a business charges different prices for similar products for reasons unrelated to the cost to the business.

In practice, surveillance pricing can harness customer-specific and non-customer-specific data to determine the ultimate price the consumer is willing to pay. With surveillance pricing, the products shown or prices displayed differ for each consumer depending on where the consumer is, what time it is, who the consumer is, what the consumer is doing, the prior actions a consumer has taken, or interactions with the seller. For example, Target charged $100 more for a TV on its app when the consumer was in the vicinity of a Target store versus farther away because Target had determined consumers are willing to pay more the closer they were to a store. Orbitz inferred that Mac users are willing to spend more on booking hotels, steering them to more expensive options than non-Mac users. Booking sites also charged higher prices for the same hotel rooms based on what city the consumer was browsing the website from, leading to a difference of more than $500 for the same room in one case. Surveillance pricing can allow retailers to take advantage of individual consumers’ willingness to pay more while keeping individual consumers in the dark about lower prices offered to other consumers.

Electronic Shelf Labels and Facial Recognition Can Widen Surveillance Pricing’s Reach

While surveillance pricing is more common online, grocers are utilizing various tools to expand its reach into brick-and-mortar stores. The letters from lawmakers to the Kroger CEO specifically raised concerns around the use of electronic shelf labels and facial recognition technology.

Electronic shelf labels (ESLs) are small screens that replace paper price labels in stores, allowing grocers to change prices in mere seconds rather than having employees physically change the paper price tags. As Senators Warren and Casey and Congresswoman Tlaib have pointed out, ESLs can be used for dynamic pricing, allowing stores to rapidly adjust prices based on a variety of factors, including time of purchase, where a grocery store is located, and other data. Many grocery chains, including Kroger, have rapidly expanded their use of ESLs in recent years. Walmart plans to install ESLs in 2,300 stores by 2026.

ESLs can change prices of goods throughout the day, making it possible for a shopper to see one price at the shelf when picking up the item and another price when checking out. While grocers contend that ESLs were implemented only to “lower prices,” ESLs also make it possible to increase prices quickly. With many Americans concerned with grocery prices and inflation—combined with reports that grocery stores were taking advantage of pandemic supply chain disruptions to further hike prices—consumers and lawmakers have questioned grocery stores’ intentions.

More controversial were Kroger’s purported plans to use facial recognition in stores. Kroger has partnered with Cooler Screens, which installs digital screens that embeds cameras and sensors to replace refrigerator and freezer doors that are usually see-through in grocery stores to serve ads.  In the initial reporting on Cooler Screens’ controversial partnership with Walgreens, Cooler Screens touted its ability to use facial detection to infer features such as age and gender to tailor the digital ads on the screens. Kroger expanded its partnership with Cooler Screens in 2023. Kroger insists the sensors do not collect or store shoppers’ data and that Kroger does not seek to identify customers through facial recognition technology—only to detect customers’ presence, dwell time, and door opens.

While Kroger denies using facial recognition technology, Senators Warren and Casey’s letter also pointed out that Kroger could use cameras at digital displays that will use facial recognition to determine the customer’s gender and age, which can be combined with more personal information from using the Kroger app to customize offers and advertisements.

Surveillance Pricing Harms Consumer Privacy from Online Shopping to Brick-and-Mortar Stores  

Even if a retail store is not using ESLs or facial recognition technology, it can still engage in surveillance pricing through the vast network of data collection and sharing that occurs without consumers knowing. Grocery stores may collect the data from the consumer’s past purchases, app usage, and loyalty program usage, but may also incorporate data from third parties like data brokers.

The collection of data can include—or be used to infer—sensitive information such as geolocation, age, gender, race, ethnicity, finances, religion, employment, political speech, and online activities. With this trove of data, consumers are segmented into categories that help determine their likelihood of purchasing products or services and at what price. Some examples of categories may be “reluctant gamblers,” based on a consumer lingering on a sports betting site longer than expected, new parents who are less price-sensitive because they select fast delivery on baby formula, or individuals who are in an area experiencing flooding to target them with stress-relief products.

What customers buy and for what price can be influenced by what products are shown first, by price tags, or by discounts and promotions. Through the collection of data about individuals and the ability to target individuals with different promotions, surveillance pricing allows businesses to estimate and charge as much as the individual consumer is willing to pay. Even if grocery stores say that their discounts and promotions offer savings to consumers, their ultimate goal is to influence shopper behavior to increase profit.

Surveillance pricing is not limited to online shopping and can be a tool to connect prices between physical stores and online stores. For example, a price targeting tool can set different prices for products sold at different locations of a business and update the prices shown when customers visit the online website to reflect prices at the consumer’s nearest store, based on their location data. Online behavioral data, such as what the consumer has searched for, their demographics, and other data suggesting their likelihood to purchase certain items can be used to target consumers with coupons and discounts that they would use at brick-and-mortar stores. Further, if a customer has the store’s app on their phone, Bluetooth beacons may ping the app to record the customer’s presence in the store and send personalized offers.

Surveillance pricing can lead to consumers unfairly having to pay more for products that others receive discounts for based on inferences surreptitiously made about them. Take, for example, two shoppers with similar demographics shopping at the same store. Person A usually buys detergent A, and person B buys detergent B—which the store knows from their purchase histories. The store can send person A a discount for detergent B because the store makes a higher profit on detergent B, hoping person A switches long-term. This targeting is great for the grocer because it doesn’t need to give that same discount to entice person B, since they’re already buying detergent B. Surveillance pricing can thus lead to some customers paying more for the same products as other customers receive discounts on them. This, in turn, can drive real or perceived price unfairness and increase distrust by consumers against retailers.

More broadly, the surreptitious creation and use of detailed profiles about individuals violate consumer privacy and individual autonomy, betray consumers’ expectations around data collection and use, and create a stark power imbalance that businesses can exploit for profit. Especially in the context of Kroger, which is both a grocer and a pharmacy, the increased prices hit consumers where it hurts most, and consumers cannot easily avoid the privacy invasions. 

To make matters worse, Kroger makes big money from monetizing customer information in other ways. Kroger sells shopper “insights” to other brands based on the extensive personal data it collects, which can include a customer’s name, mailing address, phone number, purchase history, location data, financial and payment information, health-related information inferred from shopping history, mobile device data, and demographic data (such as age, marital or family status, gender, race, and employment information). Grocery stores are developing lucrative new revenue streams with their retail advertising businesses, which are built on the data gleaned from customers. This dynamic incentivizes grocers to collect as much consumer data as possible without consumer consent. 

Lesson 1: Data Minimization Rules Are Needed to Protect Consumer Privacy 

There are many avenues to tackle the harms caused by grocer surveillance. In California, Target agreed to pay a $5 million settlement after district attorneys accused Target of surveillance pricing practices that amounted to deceptive advertising and charging an amount greater than the lowest price advertised for an item. There is also a proposed bill in California that would ban surveillance pricing. 

Another avenue to protect consumer privacy is adopting data minimization laws and regulations to address the unregulated collection and use of consumer data. A data minimization law would limit a business’s collection, use, retention, or transfer of a consumer’s data to what is reasonably necessary and proportionate to fulfill a product or service for the consumer. This limitation should be consistent with consumer expectations and the context in which the data was collected.

Surveillance pricing itself, or differentiating prices based on personal characteristics and behavior of individual consumers, is not necessary for selling groceries or advertising a product. Kroger need not know about inferred health conditions or demographic information like gender, age, and race, to run promotions and sell products. Much of the consumer data collected by grocers like Kroger from online and brick-and-mortar shopping is not reasonably necessary to provide the products shoppers are seeking (or for reasonably necessary secondary purposes like payment processing and maintaining inventory data).

Further, the profiling of consumers and sale of customer data by Kroger is an out-of-context use of consumer data. While a consumer may expect Kroger to collect shopping data to process transactions, maintain inventory data, or improve its own product offerings, a consumer would not expect Kroger to sell customer data to third parties with no relationship to the consumer. The personal consumer data that feeds into surveillance pricing are used for purposes outside of the context in which they were initially collected, for whatever purpose the purchasers of data see fit. This is an out-of-context use of data that a strong data minimization rule would prohibit.

Consumers also do not expect their personal information from loyalty programs to be shared and combined with other data that allows third parties to infer sensitive information about them, such as their health conditions. Data minimization limits should still apply even when customers decide to share some of their data through loyalty programs to ensure that the data is used for purposes that are reasonably foreseeable—and not just freely sold to third parties. 

While big businesses tend to decry and exaggerate the cost of data protection regulations, there are real costs to not regulating. Without legal safeguards, individuals’ privacy will continue to be routinely violated as they shop for essential goods like groceries and medication. Further, consumers will be charged higher prices for goods based on information gleaned from commercial surveillance. Surveillance pricing does not provide consumers with benefits that outweigh the cost of privacy violations and higher prices. 

Moreover, the ineffective “notice and choice” paradigm clearly falls short here. Consumers, even when notified of grocery store data collection and use, may be unable to switch to a different grocery store or pharmacy for buying essential goods. There may not even be other grocery stores to turn to that do not engage in surveillance pricing, or they may not be another store nearby. Surveillance pricing burdens customers with privacy invasions that are hard to avoid without providing countervailing benefits. 

Grocery stores like Kroger cannot be trusted to self-regulate. The profit motive to extract personal data and manipulate consumer behavior is too strong. Legally binding data minimization rules are needed to protect consumers from further harm. 

Lesson 2: Facial Recognition Technology is Widespread and Should be Regulated

The response to Kroger’s use of facial detection in its stores also underscores the need to regulate facial recognition technology. Most U.S. jurisdictions lack rules that would require businesses to notify consumers if they use facial recognition. Because of this gap, it is difficult to determine what businesses are using facial recognition, and for what purpose. Even when a law requires disclosure, like in New York City, compliance is often poor.

Some businesses have deployed facial recognition with the stated intention of preventing theft. But such uses of facial recognition carry acute privacy risks. One risk is false-positive matches that prevent individuals from patronizing a business, which disproportionately impacts people of color. For example, the FTC took enforcement action against grocery chain Rite Aid for deploying facial recognition to detect previous shoplifters without reasonable safeguards, which led to a to heightened rate of misidentification for people of color and women.

Another risk of wide adoption of facial recognition for security purposes is the proliferation of private watchlists. Private businesses don’t provide notice to individuals about if and why they were put on a watchlist and no clear way to appeal such determinations. Private watchlists may be shared among nearby businesses, keeping individuals out of commerce even when they are not convicted of a crime. Even if individuals are not falsely flagged and prevented from entering a business, ubiquitous facial recognition creates the specter of of being put on a watchlist and further deteriorates privacy in public.

Here again, retail stores like Kroger cannot be trusted to self-regulate their use of facial recognition. Despite Kroger’s repeated denials that it uses facial recognition for surveillance pricing, Kroger’s privacy policy states that it collects biometric and facial recognition data in some stores for “security purposes,” including to prevent shoplifting and fraud. Further, most states’ laws would not limit Kroger’s use of the sensitive biometric data it collects to security purposes alone. Comprehensive privacy laws are needed to strictly limit or eliminate the commercial use of facial recognition technology so that the protection of consumers’ sensitive biometric data is not left up to the whims of big businesses.