What Your Grocer Knows

Michael Madison
January 21, 2010April 3, 2022
Law & Technology

Late Monday afternoon, employees at O’Hara grocer Giant Eagle Inc. got test results showing some hash brown products sold by the retailer contained a bacterium that can cause a potentially serious infection.

Within hours, an automated system was busy calling more than 300,000 Giant Eagle Advantage Card holders who records showed had purchased the affected product. “We wanted to get the information out as soon as we knew about it,” said Michael Sealy, vice president of risk management services.

It was the first large-scale use of the grocer’s automated notification system. So far, so good. Officials said many customers have thanked the company for the calls.

Loyalty cards issued by grocers and other retailers have had their critics over the years, as some people worry about how much data the companies gather and others complain they shouldn’t have to give up personal information in exchange for supermarket discounts.

But the growing practice of using that data to publicize recalls has generally been well received, even as it serves as a reminder that a company knows about your secret love of beef jerky, Twizzlers, fresh spinach or hash browns.

Warehouse club operator Costco first used its automated phone notification system in November 2007, when a toy with a coating that could make children who swallowed it to “become comatose, develop respiratory depression or have seizures” was recalled.

For years, Costco had been mailing notices to members who’d bought recalled products, said Craig Wilson, assistant vice president of food quality and quality assurance. But the late 2007 case was the first time Costco’s computer systems were set up for the robocall notification. The system can make 870,000 calls an hour.

News reports since have cited other chains, such as Wegmans, Price Chopper and Kroger, as implementing similar systems. In February 2009, when tainted peanut butter was making people sick, the Washington, D.C., consumer advocacy organization Center for Science in the Public Interest wrote an open letter urging retailers to get on board.

It’s just hash browns, or peanut butter, so let’s not lose all perspective, and public health is a very important thing. But it is a very weird world that we live in when we accept grotesque deficiencies in our system of industrialized foodstuff production, then use those deficiencies to bootstrap arguments about why we should accept significant incursions into long-accepted domains of personal privacy. In other words, if we had good systems in place to make sure that that the potatoes weren’t contaminated, then we wouldn’t have to worry so much about the “innovative” ways in which personal data are being used.

2 thoughts on “What Your Grocer Knows”

Joel West January 22, 2010 at 9:30 am

Mike,

While I agree with your general point that people seem to be ignoring the privacy incursions of these systems, your alternative is completely impractical. People and systems are never going to be perfect — and the price of cutting errors from say 0.001% to 0.0001% could be impractical.

Our food safety system is not the only one that makes mistakes. There are car crashes and airplane crashes and shuttle crashes.

Even the legal system makes mistakes. Remember OJ?

So rather than bemoan some Paradise Lost, how about talk about data retention (Google has been getting much better here) or authorized uses of the data?

Joel
Mike Madison January 23, 2010 at 7:12 am

Joel,

That works only if you assume that we live in the best of all possible worlds to begin with (on the food safety side), so that I’m worrying about moving the ball just a tiny bit. Sure, there are car crashes and airplane crashes, but I don’t agree that we should just accept them as facts of life. A lot of the food safety systems that we rely on are scary stupid and full of holes. It is not wishing for Paradise Lost to believe that we can do better. Shuttle crashes? If there is anything that we learned from the Challenger, it’s that we shouldn’t accept a “just move along, there’s nothing to see here” attitude about the errors involved. People make mistakes, mistakes get built into the system – true – and mistakes should be ferreted out and systems should be fixed. Also true, I think.

So fix the front end *and* fix the back end. At the back end, data retention is important, for sure. As for “authorized uses of the data,” I chuckle. Very little of the uses of personal data (say, grocery buying data) is “authorized” except in the very primitive, literal, formalist sense that somewhere in history I checked (or failed to uncheck) some box on a form when I signed up for my discount card. Did I have the “opportunity” to read the fine print? Probably (there’s your formalism). Did I do it? No. (I join 99.9% of Americans; there’s your pragmatism.) Had I done it when I had the chance, would I have understood it and all of its implications? Probably (putting me in a group with 1% of Americans). There’s no panacea here, but focusing on “authorized” uses — if that means “consented to when the card was accepted” — has a way of blaming the customer for (possible mis-) behavior by the producer. There is more to the story; the substance of privacy norms matters, too.

Mike

Comments are closed.