Retail & Ad-Tech
Hang out at gay bars?
Buy baby formula?
Shop at stores that are 80% Indian?
Brokers and retailers know it, and use AI to read you.
The Players
Retailers
> Collect personal info
> Analyze purchase history
> Profile you
> Host Retail Media Networks
> Sell data to brokers
Brokers
> Buy retail data
> Collect social media profiles
> Collect public records
> Correlate your accounts
> Support Retail Media Networks
> Sell data broadly
ADVERTISERs
> Join Retail Media Networks
> Bid on ad slots
> Track ad interactions
> Collect browser and device info
Surveillance Capitalism
Follow the money. Retailers and data brokers already are, and they’ve built shopping systems designed to track your behavior—surveillance capitalism at its finest. All of this personal data in one place also creates a prime target for hackers. But knowledge truly is power. Armed with awareness and a few guidelines, you can dramatically reduce your exposure and leave no trace.
In-person or online, every time you swipe your card or hit “pay now” the retailer logs what you bought, where you were, when it happened, and the price tag. If you have an account, they’ll link your shopping history to your account info. They can then use machine learning (AI) to work out personal insights into your hobbies, lifestyle, income bracket, and other demographics—crafting a laser‑sharp profile.(1)(2)
Your purchase history also gets sold to data brokers. (3)(4)(5) Having a membership means you’ve already opted-in to deep data sharing and handed over a wealth of info. Brokers will correlate retail data with public info about you that they’ve scraped from the internet. Altogether putting together your gender, orientation, ethnicity, marital status, health, political leanings, age, family members, and whatever other demographics can make them money. (6) They’ve even been caught selling location data. (7)(8) Brokers will then give some of this intel back to the retailer.
This process of data “sharing” between retailers and their “analytics partners” often doesn’t constitute a sale and so they can claim not to sell your personal data.
There are other players involved in treating you like an NPC. Large retail chains have developed Retail Media Networks (RMNs) that connect them to brokers, advertisers, and ad publishers to make profiling and ad targeting seamless. Not long ago, ad networks simply connected brands to websites, showing ads to general audiences. In the 2010s Amazon and Target began to experiment with ad targeting based on real purchase data—both online and in-person. When the pandemic hit, the development of RMNs exploded. Kroger, Best Buy, Walmart, Target, Costco, and others have now become ad-tech, and have advertisers begging for access to customer-behavior intel. (9)(10) On these networks, brands and other advertisers bid on ads that show up on websites, social media, or streaming sites. Data brokers often work as middlemen to make sure that advertisers, retailers, and social media platforms are synced to target you. In 2024 and 2025, airlines, hotel chains, and even Visa, Mastercard, and AmEx rushed to get in on this personal data monetization game, calling themselves “commerce media networks”. Data sharing has been around a while, but the depth and complexity of the market is rapidly expanding. (11)(12)(13)
Generally, RMNs intend to be privacy compliant. In many places, if they share anonymized intel and/or they have customer consent, they’re not illegally sharing personal info. The reality is that loopholes exist and data-handling procedures are lax. The players are incentivized to turn a blind eye or actively subvert privacy law. (14)(15)
unseen cost
The most direct consequence of this invasive profiling is AI‑driven, personalized ad targeting. Armed with affective-manipulation tools and your personal data, advertisers can strategically bait you. AI can now gauge your social media interactions to predict your emotional state, delivering "retail-therapy" ads exactly when you are most vulnerable so you keep spending like a good consumer. (16) But it goes beyond that—law enforcement, government agencies, insurance companies, and others are also big buyers of personal info, including transaction and location data. They’ve used this data to track protesters, raise insurance premiums, or deny loans (17)(18). Other ways the sharing of your digital profile quietly shapes your world include:
Price discrimination: You could be shown higher prices on flights, hotels or other services if you’re using a high-end phone or have a high income.
Insurance Premiums: Health data (even inferred from what you buy or search) can impact how much you pay for health insurance.
Employment: Some background check services use social media scraping and other data points to "score" candidates before they’re considered for an interview.
Credit: Data brokers’ profiles on you influence how lenders perceive your reliability.
Hackers & Black Market brokers
No need to remind you that there have been many massive data breaches where entire databases of customer’s data have been seized. The top hacks of 2025 alone are wild. Underground markets thrive on the unfettered sale of even the most sensitive data.(19) Risk of exposure varies, every company stores data in a different way with varying levels of security. Here’s a broad look at what’s at stake in the retail and payments space generally.
Data at Risk
Credit/Debit card info (account number, expiration, CCV, pin…)
Account details (address, email, phone, loyalty/rewards info…)
Products purchased and transaction details (location, amount, date/time…)
Inferred profile details (hobbies, lifestyle, income bracket…)
Precise location history
Direct Impact
Identity theft: Fraudsters can use your data to open new bank accounts, max out existing cards, file bogus tax returns, or even rent apartments in your name. The financial damage runs into the thousands, and rebuilding trust with lenders can take years.
Phishing/Scam targeting: Scammers who purchase hacked data on the dark web can more convincingly trick you into believing they’re legit when they present you with your own personal data in an email or phone call.
SIM Swap: Hackers will use your personal data to take control of your phone number by duping your cell phone provider into giving them access. This allows them to intercept login codes that can log them into other online accounts you own.
High-profile spear phishing: Someone trying to extort or blackmail you could use transaction and account data to track your habits and routines and discover protected traits. Journalists and other high-profile individuals are often targeted in this way, but if your stalker ex knows what they’re doing there are plenty of sites they can go to for dirt.
4th Amendment violations: Access to data brokers and tech companies means law enforcement and government agencies can collect data on you, including location history, camera footage, and transactions—performing deep investigations—often without a warrant.
References
(1) Inside Kroger's Secret Shopper Profiles: Why You May Be Paying More Than Your Neighbors
(2) KIRO 7 Investigates: Grocery loyalty programs sell shopper data for millions
(4) Data Brokers and Data Breaches
(5) Protecting Americans From Harmful Data Broker Practices (Regulation V)
(6) Data Brokers and Sensitive Data on U.S. Individuals
(7) FTC Finalizes Order Banning Mobilewalla from Selling Sensitive Location Data
(8) FTC Finalizes Order Prohibiting Gravy Analytics, Venntel from Selling Sensitive Location Data
(9) The new data brokers: retailers, rewards apps & streaming services are selling your data
(10) Walmart, Target, And Other Mega Retailers Leverage First-Party Data To Become New Media Giants
(11) Powering smarter and more personal advertising with Mastercard Commerce Media
(13) United Launches Airline Industry's First Media Network
(14) 90% of U.S. Publishers Are Dropping the Ball on Data Compliance
(15) Data Clean Rooms: Separating Fact from Fiction
(16) AI-Powered Emotional Targeting How It's Reshaping Ads
(17) Closing the Data Broker Loophole
(18) Data Broker Helps Police See Everywhere You’ve Been with the Click of a Mouse: EFF Investigation