Personalisation vs Privacy: Win Trust and Increase Revenue

How do retailers balance personalisation and privacy to win trust while increasing revenue?

‍

Research highlights for time-pressed retail leaders

Personalisation and privacy are often framed as a trade-off: “use more customer data to make experiences more relevant” versus “use less data to reduce risk.” Current evidence suggests the better framing for retailers is trust-led growth: design personalisation around customer control, clarity, and fair value exchange, so customers opt in willingly and stay engaged longer. This matters because consumer expectations for relevance are high, but tolerance for “creepy” or inaccurate personalisation is low. A large global study by BCG found that around four-fifths of consumers are comfortable with personalisation, yet two-thirds report at least one negative personalised experience that led them to disengage.

Trust is now directly connected to commercial outcomes. PwC’s global Voice of the Consumer Survey 2024 reports that data protection is the leading factor influencing consumer trust (83%), and that a large majority (80%) want assurances their personal information won’t be shared.  In Australia specifically, the OAIC’s Australian Community Attitudes to Privacy Survey 2023 highlights a trust-and-understanding gap: only around two in five feel organisations are transparent, 58% say they don’t understand how their information is used, and 84% want more control and choice.

Meanwhile, the “cookieless future” is no longer just a single browser deadline—it is a broader shift driven by browser defaults, user choice, and policy. WebKit’s documentation explains that Safari’s tracking prevention includes full third‑party cookie blocking by default under Intelligent Tracking Prevention (ITP), with third‑party cookie access only possible via mechanisms like the Storage Access API.  At the same time, Google’s public updates show Chrome’s path has changed: Chrome is maintaining its current approach to third‑party cookie choice, while Google is also retiring multiple Privacy Sandbox technologies due to low adoption and continuing others such as CHIPS and FedCM.

Revenue upside is real when personalisation is done well, but so is downside. McKinsey reports that personalisation often drives 10–15% revenue lift (with a wide range depending on sector/execution) and that faster-growing companies drive more of their revenue from personalisation than slower-growing peers.  BCG adds that personalised offers can generate materially higher ROI than mass promotions, and that convenience- and relevance-driven personalisation can lift conversion and cross-sell rates substantially (depending on use case).  The conclusion is that the goal is not “more personal data” but better, permissioned data used in ways customers consider fair.

‍

What the evidence suggests about first-party data, consent, and the cookieless future

A practical way to “win trust while increasing revenue” is to treat privacy as part of the product experience, not just a compliance task. The evidence breaks down into four connected realities.

First-party data strategy is becoming the economic centre of retail growth. Consumers are signalling they will share data when the benefit is obvious and the handling is responsible. PwC describes an emerging “social contract” where consumers share information for value (for example, promotions and perks) and notes that loyalty programmes are becoming a primary engine of customer data for many companies.  BCG’s research also positions first‑party data (transaction and engagement data collected directly from customers) as the “lifeblood” of personalisation efforts.  Practically, this pushes retailers toward building durable, permissioned identity and measurement capabilities across owned channels (store, ecommerce, app, email/SMS, service, and loyalty) rather than over-relying on third-party tracking.

Consent-aware personalisation is not optional if you want durable growth. In Australia, the OAIC explains that consent is generally required in higher‑risk situations such as collecting sensitive information or using/disclosing personal information for a secondary purpose.  The OAIC’s broader guidance also reflects a data-minimisation expectation: organisations may only collect personal information that is “reasonably necessary” for their functions or activities (with additional limits around sensitive information).  This legal baseline aligns with the commercial reality in ACAPS 2023: customers increasingly want real choice and clearer explanations.  The practical implication is that retailers need personalisation systems that can gracefully degrade based on consent state—still delivering a good experience without coercive “take it or leave it” data capture.

The cookieless future is better understood as “less trackable by default,” not “cookies end on a date.” Safari’s WebKit documentation states that ITP blocks third‑party cookies by default and describes how third‑party cookie access can only be granted through specific APIs.  On the Chrome side, Google’s public “Update on Plans for Privacy Sandbox Technologies” (Oct 17, 2025) says Google will continue supporting some technologies with broader adoption (for example CHIPS and FedCM), while retiring others (including Topics, Protected Audience, Attribution Reporting API, and IP Protection) due to low adoption and ecosystem feedback.  The UK CMA-focused progress reporting also records Google’s April 2025 position: maintaining the current approach to third‑party cookie choice and not rolling out a new standalone prompt, while re-evaluating the role of remaining Privacy Sandbox APIs.  The executive takeaway is that retailers should build measurement and audience strategies that assume reduced cross-site signal quality over time (through browser controls, OS changes, consent choices, and shifting platform capabilities), even if some cookies still technically exist.

Transparency is increasingly a growth lever, not a cost. ACAPS 2023 shows transparency and comprehension are weak: only two in five feel organisations are transparent, and over half do not understand how their information is used.  PwC’s survey reinforces that data protection is a top trust driver.  And customer trust is connected to how retailers deploy AI as well: Salesforce’s “State of the AI Connected Customer” report highlights a trust decline and shows that 42% of customers trust businesses to use AI ethically (down from 58% in 2023), alongside increased customer protectiveness regarding personal information.  Transparently explaining “what we collect, why, and what you get in return” becomes a commercial differentiator because it increases opt-in rates, reduces complaints, and protects customer lifetime value.

A final constraint executives should keep visible is the cost of privacy failure. IBM reports a global average cost of a data breach of 4.4M USD in 2025  and 4.88M USD in 2024,  turning privacy and security from “risk management” into a margin issue. In Australia, OAIC reporting shows breach notifications remain high: July–December 2024 had 595 notifications, with 1,113 total notifications in 2024, and 69% attributed to malicious or criminal attacks.  In parallel, Australia’s privacy penalty regime increased significantly, with maximum civil penalties for serious/repeated interferences with privacy reaching the greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover, as described in Australian government legislative documentation and OAIC guidance.

‍

How Can Retailers Balance Personalisation and Privacy to Win Trust While Increasing Revenue?

Retail leaders are being pulled in two directions at once. On one side, customers expect retail experiences that feel relevant: the right products, the right offers, the right channels, and less wasted time. On the other, customers are increasingly wary of how their personal information is collected, shared, and used—especially as data breaches and AI-driven decisioning become daily news.

This tension is often described as personalisation versus privacy. In practice, the retailers that grow sustainably treat it as personalisation with privacy—using trust as the mechanism that unlocks both customer relationships and revenue.

This article unpacks what that means in plain language and provides a practical model for:

• Building a first-party data strategy
• Delivering consent-aware personalisation
• Preparing for the cookieless future
• Using transparency as a growth lever

‍

Personalisation and Privacy (Plain-Language Definitions)

What Is Personalisation?

Personalisation is any deliberate effort to tailor an experience to an individual or a segment based on information about them or their context.

In retail, this can include:

• Product recommendations
• Tailored promotions
• Personalised search results
• Reorder prompts
• Local store stock visibility
• Customer service context

‍

What Is Privacy?

Privacy is the customer’s ability to understand and control what happens to their personal information—and the retailer’s responsibility to handle that information safely, fairly, and for clear purposes.

Privacy is not just a legal requirement—it is part of the customer experience. It answers questions like:

• Why are you asking me this?
• What do I get out of it?
• Who will see it?
• Can I change my mind later?

When personalisation lacks privacy, it feels intrusive. When privacy lacks value, it feels like friction. Trust is the bridge between the two.

‍

Why “Personalisation vs Privacy” Is the Wrong Battle

Many organisations still act as if they must choose between:

1. Aggressive personalisation for growth, with privacy handled later
2. Minimal data usage to reduce risk, sacrificing growth

A better approach is to design personalisation around customer choice and a fair value exchange.

This creates a self-reinforcing cycle:

• Customers opt in
• Data quality improves
• Experiences become more relevant
• Engagement and lifetime value increase

If customers don’t see value or control, the cycle breaks.

‍

First-Party Data Strategy: Build a Trustworthy Data Asset

A first-party data strategy focuses on data from direct customer relationships.

Key First-Party Data Sources

• Purchase and basket history
• Loyalty programmes and preferences
• Behaviour on owned channels (site, app, email, SMS)
• Customer service interactions
• Returns, exchanges, and delivery preferences

The goal is not to collect everything—but to collect data you will actually use to improve customer outcomes.

‍

The Five Building Blocks of a Strong Strategy

1. A Single Customer View (Without Forcing Identity)

Retail data is often fragmented across teams. This leads to poor personalisation.

The goal is a connected, governed view that:

• Links relevant data (e.g., loyalty + POS + ecommerce)
• Respects consent
• Allows anonymous interaction when preferred

2. A Clear Value Exchange

Every data request should answer: What does the customer get in return?

• Weak: “Sign up for marketing updates”
• Strong: “Get digital receipts, easier returns, and tailored offers”

Clear value increases opt-in.

3. Data Minimisation and Purpose Clarity

Only collect data tied to specific use cases:

• Faster checkout → purchase history, receipts
• Recommendations → browsing + preferences
• Local fulfilment → location + delivery preferences

Unused data creates risk, cost, and complexity.

4. Security as a Growth Strategy

Data breaches damage:

• Trust
• Loyalty participation
• Customer lifetime value

Privacy and security are not just compliance—they protect revenue.

5. Measurement Without Cross-Site Tracking

As third-party tracking declines, retailers need:

• Strong first-party analytics
• Consent-aware measurement
• Incrementality testing
• Clear separation of CX vs ad metrics

‍

Consent-Aware Personalisation

Consent-aware personalisation means designing experiences that respect user permissions—even when consent is partial.

Principle 1: Make Consent Easy and Meaningful

Customers should be able to:

• Accept some personalisation
• Decline others

A preference centre becomes a retention tool—not just compliance.

Principle 2: Use Just-in-Time Explanations

Customers decide at the moment of request, not in privacy policies.

Examples:

• “Turn on location to see nearby stock”
• “Save sizes for faster checkout”
• “Share your birthday for a birthday offer”

Principle 3: Match Personalisation to Data Sensitivity

Use a “personalisation ladder”:

• Level 1: Contextual (no identity)
• Level 2: Recognised (basic identity)
• Level 3: Predictive (behavioural models)
• Level 4: Deeply Personal (sensitive data)

Higher levels require stronger consent and transparency.

‍

The Cookieless Future: What It Really Means

The real shift is not cookies disappearing—it’s that cross-site tracking is becoming unreliable.

Key Implications

1. Shift to Owned Relationships

Focus on:

• Loyalty programmes
• Subscriptions
• Apps
• CRM quality

2. Privacy-Safe Collaboration

Retailers increasingly use:

• Clean-room environments
• Aggregated reporting

This enables insights without exposing raw data.

3. Stronger Onsite and In-App Personalisation

Owned channels become the primary place for:

• Discovery
• Search
• Recommendations
• Service

4. Design for “No Consent”

Assume some users will opt out.

The experience must still feel:

• Convenient
• Relevant
• High quality

‍

Transparency as a Growth Lever

Transparency increases participation and reduces fear—driving revenue.

Five Practical Moves

1. Use Customer Language

Replace legal jargon with clear explanations.

2. Tie Permissions to Benefits

Show what improves when customers opt in.

3. Show and Let Customers Edit Their Data

A “Your Preferences” view:

• Builds trust
• Improves data quality

4. Offer Timed Controls

Allow:

• Temporary opt-outs
• Periodic reminders

5. Prove Restraint

Don’t ask for too much too soon. Timing matters.

‍

A Practical 90-Day Playbook for Executives

1. Choose Key Personalisation Use Cases

Focus on 3–5 high-impact areas:

• Loyalty offers
• Recommendations
• Search
• Replenishment
• Fulfilment

2. Define Data and Consent for Each Use Case

Specify:

• Required data
• Sensitivity
• Consent model
• Fallback experience

3. Design Customer Control

Define:

• Preference centre
• Just-in-time notices

4. Track Trust Metrics Alongside Revenue

Measure both:

Revenue:

• Conversion
• AOV
• Repeat rate

Trust:

• Opt-in rate
• Unsubscribe rate
• Complaints
• Data requests
• Trust survey results

‍

Conclusion

Retailers do not need to choose between personalisation and privacy. They need to choose between short-term optimisation that erodes trust and a trust-led growth model that builds sustainable revenue.

The winning approach is to collect less but better first-party data, personalise with clear consent, design for a world with weaker third-party signals, and treat transparency as part of the customer experience.