Retailers strive to personalize the shopping experience, especially for online purchases. At what point, though, does that effort cross the line and become an invasion of the consumer’s privacy?

It’s a blurred line indeed. Shoppers, too, appreciate the personal attention they receive upon returning to the site of a previous purchase. They’re willing to fork over intimate details about themselves in exchange for discounts, ease of checkout, free shipping, “loyalty” cards and other perks. At the same time, they’re growing increasingly concerned about the massive amount of intelligence that retailers possess about them, right down to their physical location. Who owns that sensitive data, and who’s allowed to see or sell it, is the subject of intense controversy today. In 2018, European Union regulators enacted the General Data Protection Regulation (GDPR), dictating how personal consumer data can be used by merchandisers in the region. Similar laws at the federal level are sure to emerge in the U.S. and other parts of the world in the coming years.

Nevertheless, retailers and e-tailers continue to seek out the most intimate details about shoppers. Desperate for new ways to grow their businesses in a highly competitive marketplace, they’re doubling down on the strategy of personalization.

They’re framing that effort in ways that sound attractive to the consumer. They talk about shifting their operating model from “product-centric” to “shopper-centric.” And they insist that the very nature of e-commerce demands it.

Thomas Harms, global retailer leader with Ernst & Young, says the modern-day push for personalization is actually an attempt to recapture the kind of knowledge that merchandisers had before the age of superstores and the internet. “Mom and pop shops knew everything about our families — what each member wanted,” he says. Ironically, as shoppers gained more choice, the shopping experience became less personal.

The answer today lies in making practical use of the flood of consumer data that has become available to retailers and marketers in the internet age. Yet with all of the technology tools available to digest and analyze that information, “so far, they are doing too little of it,” says Michael Renz, global retailer technology leader with EY. “They’re not leveraging this data for the sake of the consumer.”

That statement will come as a surprise to anyone who has learned, for better or worse, just how much merchandisers know about them. But whether that data is being used today in a way that truly enhances the customer experience — as opposed to just giving retailers another source of revenue — is another matter.

Renz says shoppers need to be assured that they’re getting something in return for parting with personal information. “If it makes the shopping experience faster and more seamless, consumers would be willing to give away data.” That might include getting product recommendations from store associates based on what they already own — regardless of whether they purchased those goods online or in a physical store.

Harms says the thirst for data flows both ways. The younger generation of consumers is willing to part with personal information in exchange for loyalty cards, he adds, but they also demand that the retailer provide detailed data about the environmental impact, including complete carbon footprint, of the products they’re buying.

A key to fending off concerns about violating consumer privacy is the maintenance of trust, Harms says. Respondents to EY’s Future Consumer Index consistently say that they’ll only give their data to retailers who can assure them that it won’t be misused or sold to unauthorized parties. (Indeed, a slew of new laws and regulations mandate that shoppers be given the choice of specifying this.) According to Harms, it’s a question of “making sure that the data is in a safe environment, and that you recognize that the consumer has given you something that you need to be very careful with. Trust is hard to earn, and easy to lose.”

That said, consumer personalization has the potential to run rampant. Modern-day technology allows retailers to track the movement of individual shoppers in the store, including which products they’re looking at, and for how long. Harms says data-protection laws are crucial to keeping that practice from getting out of hand. At the very least, consumers must be clearly informed that they’re being surveilled.

The future will only bring more opportunities for retailers to divine the tastes and habits of consumers, in a never-ending question for “personalization.” Artificial intelligence promises to magnify that capability exponentially. Somehow, though, retailers, consumers and regulators are going to have to strike a delicate balance between harvesting the data of consumers to serve them better and violating their privacy. Because at the moment, it’s trending in the latter direction.