consumer data

What is consumer data?

Consumer data is the information that organizations collect from individuals who use internet-connected platforms, including websites, social media networks, mobile apps, text messaging apps or email systems. Although the collected data often contains personally identifiable information (PII), it can also include computer information, location data, IP addresses, purchasing histories and browsing preferences.

The term consumer data is commonly used interchangeably with customer data. In some cases, however, the two are distinguished from one other to provide a context for the data. For example, an organization might use only the data it collects from its customers when planning a new product line. On the other hand, it might use a broader range of consumer data for that planning, using information from both inside and outside its own customer base. One way to think of customer data is as a subset of consumer data.

Today's companies collect vast amounts of information about consumers. Much of what they gather is PII data, such as name, age, gender, race, income, demographics and contact information, but they also collect non-PII data such as IP addresses and device IDs. In addition, many companies track information about how consumers interact with internet-connected platforms, such as what websites they visit or which links they click. Another source of information is transactional information, which includes purchase histories, service subscriptions and other types of transactional behavior. Many companies even track personal data about consumer attitudes toward products and services.

A chart showing personal data sources.
Organizations can collect a variety of consumer personal data and unique online identifiers.

Organizations use a wide range of tools and techniques to retrieve consumer data. For example, they often use browser cookies and pixels to collect information. A cookie is a small tracking file stored on a user's device, and a pixel is a code snippet that sends tracking information directly to a server. In addition, many companies use fingerprinting to track details about a user's browser and device in an attempt to identify the individual user. Organizations might also collect data from public sources, purchase data from brokers or gather data in other ways.

Why do organizations collect consumer data?

Companies collect and analyze consumer data for many reasons. One reason is to attract, engage and retain customers, which is usually done as part of a broader customer relationship management strategy. For example, a company often uses this type of information to target specific consumers with product or service ads. When collecting data for this purpose, most organizations also perform advanced analytics that incorporate technologies such as machine learning and deep learning, helping them better focus their efforts.

Companies also collect consumer data to add or enhance the services in their apps or websites, in an effort to improve the overall user experience. For example, a shopping app might track the products that a user adds to their shopping cart to retain the products throughout the user's session or beyond. A health app might track a user's activity to provide a record over time. Data collection can help companies provide each of their users with a personalized experience based on individual preferences.

Another reason that many companies collect consumer data is to sell it to third-party businesses, such as data brokers. Data brokers collect and aggregate data from a wide range of sources and then place it on the open market, often without consumers knowing how their data is being used. The data marketplace has become such big business in recent years that many organizations now rely on brokers to provide them with the information they need to carry out more comprehensive campaigns.

Consumer protection laws

Companies today face many challenges in walking the fine line between collecting consumer data and protecting that data from data breaches and mishandling. This balance has become even more difficult as privacy and cybersecurity concerns grow, along with the number of regulations that strive to protect consumer data.

Laws such as the European Union's General Data Protection Regulation and the California Consumer Privacy Act are making it more difficult for organizations to use PII data as freely as they once could. The laws require organizations that handle PII be more accountable in how they protect, retain and use that data. Several other U.S. states have now passed privacy laws, as have many countries in other parts of the world, a trend that's only likely to continue.

Even so, many areas of the world still put few restrictions on the use of PII data. For example, the U.S. federal government has yet to pass a comprehensive consumer privacy law, which means most states are still unprotected. Many other countries have also failed to pass meaningful privacy legislation.

Even where PII data is protected, however, there's a growing concern about new technologies that make it possible to identify an individual's identity from non-PII data, often with a high degree of accuracy, even if the data has been aggregated and anonymized. This has become especially true with the rise in the use of artificial intelligence (AI).

In the 2013 Scientific Reports article "Unique in the Crowd: The Privacy Bounds of Human Mobility," four researchers reported their findings from studying human mobility data for 1.5 million people. They discovered they could uniquely identify 95% of the individuals with only four spatio-temporal points. In the 10 years since the study, AI techniques have advanced significantly, further blurring the line between PII and non-PII data. In fact, some AI algorithms now make it possible to de-anonymize consumer data, putting data privacy at an even greater risk.

Learn what methods, including authentication and encryption, companies use to protect customer data.

This was last updated in January 2024

Continue Reading About consumer data

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG