5 Jan 2024

Trust and transparency: Mastering data privacy in loyalty and promotional strategies

Reza Javanian

Mohammadreza Javanian

Talon.One loyalty expert


5 minutes to read

As consumers increasingly welcome personalized offers and rewards, their privacy concerns are also on the rise. Notably, 85% of consumers say that knowing a company’s data protection policies is important before deciding on a purchase.

With the implementation of new privacy laws in four U.S. states, the EU reviewing its GDPR enforcement, and Google rolling out its Privacy Sandbox to Chrome users in 2024, marketers will face a busy year as they strive to align both company and regulatory policies.

In this blog post, we’ll cover: 

  • Data sources available to brands

  • Data privacy challenges in loyalty or promotion campaigns

  • How your loyalty program can act as a data flywheel 

  • The impact of privacy laws on the incentives landscape

  • Best-in-class examples from brands fostering trust and transparency

Prioritizing data privacy: Consumer data types for businesses

Before jumping into the challenges, it's worth defining the different data sources businesses typically use to target and segment users. These can be split into four categories:


Different types of consumer data available to businesses

Image source

Data privacy challenges for loyalty programs & promotional strategies

Brands looking to personalize their loyalty rewards and promotions face two major challenges:

1. Lack of transparency with customers

Many brands still struggle to communicate clearly with their customers what data they’re collecting, and how this will benefit them. This can damage trust, create skepticism among customers, and make them less willing to share data.

2. Data breaches and security concerns

Cybersecurity threats are on the rise, with the most recent IBM Data Breach Report indicating that an alarming 83% of surveyed businesses encountered more than one data breach.

Instances of data breaches not only compromise customer privacy but also inflict severe damage to a brand's reputation. If you’re working with a vendor to power your loyalty and promotions, you need to make sure they have the highest security practices in place to keep your customer data safe.

Example questions to ask prospective (and existing) vendors include: 

  • What security measures do you take to prevent data breaches? 

  • What data encryption processes do you have in place? 

  • How do you carry out vulnerability assessments? 

  • What is your approach to penetration testing?

How loyalty programs help

Loyalty programs serve as a dynamic data flywheel, encouraging both the member and brand toward mutually beneficial outcomes. The best loyalty programs not only reward customer loyalty but act as data engines, continuously refining understanding of member preferences and behaviors.


How loyalty programs act as a data flywheel

Image source

The success of the loyalty program as a data flywheel depends on being transparent with customers in how you collect and use data.  This makes members informed collaborators in this exchange, rather than mere participants, and get a better understanding of how their data contributes to a more tailored and rewarding experience. By clearly communicating what data you are collecting, and how it will better serve customers, brands foster a sense of trust that further fuels the data flywheel.

Privacy laws and how they impact loyalty programs and promotions

The increasing importance of information security has led to the establishment and proposal of a wide range of data protection laws across the globe. 

1. European Union

Implemented in the EU, the General Data Protection Regulation (GDPR) stands as a benchmark, emphasizing individual rights and privacy. All brands working across the EU need to comply with the GDPR when collecting, processing, and storing consumer data.

GDPR-compliant loyalty programs require explicit consent for data processing, emphasizing principles like data minimization, transparency, and individual control. Compliance also involves respecting the right to be forgotten, ensuring data security, and, when applicable, conducting Impact Assessments.

2. United States

In the US, a patchwork of data protection regulations and proposals exist at both the federal and state levels, including:

  • Credit Card Competition Act: The Act requires credit card banks to offer merchants multiple networks to choose from when processing their cards, to help merchants reduce fees to cards. If implemented, it would severely affect free credit cards and credit card loyalty programs, and mean a number of no-fee cashback cards disappear. 

  • Federal regulators: As the Federal Trade Commission continues to tighten data privacy regulations, certain industries heavily reliant on third-party data exchanges have voiced concerns. For example, the National Restaurant Association has urged the FTC not to 'over-regulate' restaurant loyalty programs. 

  • State regulations: The states of Colorado, California, and Florida have implemented restrictions on what loyalty operators can do with loyalty data. These restrictions include: (1) banning automatic opt-in, (2) communicating the program benefits & data requirements, (3) enabling consumers to delete personal data, and (4) prohibiting brands from making private data a requirement of general program participation.

3. Canada

In Canada, the Consumer Protection Privacy Act obliges businesses to be transparent about all aspects of their interactions with consumers. A notable example is Ontario’s Consumer Protection Amendment Act (Loyalty Points), which requires businesses to disclose their points expiry policies and to give customers at least two years to redeem their points.

Best practices for privacy and personalization

The following best practices show how certain brands have successfully navigated and maintained the delicate balance between privacy and personalization, leveraging their loyalty programs and promotions to create trust and transparency for their customers.

Ulta Beauty

Ulta Beauty, a U.S. makeup and fragrance brand, uses quizzes to make customers more loyal and gather data directly from them. 


Ulta Beauty's skincare quiz

Image source

Before starting the quiz, the brand lets users choose if they want skincare recommendations based on their concerns or specific products. Depending on the chosen category, Ulta Beauty then asks follow-up questions and provides personalized suggestions.

Snap My Eats

NPD Group, a leading global market research agency, operates a rewards program known as Snap My Eats, in the UK. Participants can sign up and download the app, earning up to £5 in credit each month by completing surveys and capturing images of their food and beverage receipts.


Snap My Eats enables users to earn credits by participating in surveys and snapping pictures of their receipts for food and beverages.

Image source

To redeem rewards through Snap My Eats, members need to accumulate £10 in value. This requirement encourages continuous engagement among members and, at the same time, helps in managing program costs.

Monthly loyalty newsletter

Join thousands of marketers and developers getting the latest loyalty & promotion insights from Talon.One. Every month, you’ll receive:


Loyalty and promotion tips


Industry insights from leading brands


Case studies and best practises

Newsletter author

Isabelle Watson

Loyalty & promotion expert at Talon.One

Talon.One Logo

The World's Most Powerful Promotion Engine


Wiener Strasse 10
10999 Berlin


41 Church Street
B3 2RT Birmingham
United Kingdom


One Boston Place, Suite 2600
02108 Boston, MA
United States


1 Scotts Road, #21-10 Shaw Centre
228208 Singapore

G2 LogoMach Alliance LogoISO 27001 Logo

© 2024 Talon.One GmbH. All rights reserved.