Are Indian Shoppers Giving Away Too Much Data For Too Little In Loyalty Points? | Explainers News

Consumer mobile number has become the most convenient gateway into the customer’s identity- verifying shopping frequency, average spend and product preferences (Image: Getty)

Walk into any supermarket, fashion store or pharmacy, and a familiar line appears at the billing counter, ‘May I have your phone number‘. It has become so routine that many people share it without hesitation because it feels mandatory, almost administrative. The line behind the shopper is long, the store is noisy, and a quick purchase suddenly becomes a minor negotiation.

What people rarely understand is that what may feel like an innocent request often forms the backbone of a powerful data-collection system that links your identity with your spending habits, location patterns and digital footprint. India’s booming loyalty and rewards economy has normalised this exchange, but the implications are far deeper than a simple discount code.

Why Retailers Ask for the Number Every Time?

The mobile number has become the most convenient gateway into the customer’s identity. For retailers, it can verify shopping frequency, average spend and product preferences without asking a single additional question. In practice, it serves as a personal key to a company’s database. Once entered, it links purchases, store visits, payment methods and occasional feedback into a consolidated record.

Large chains build these records to track customer journeys. Small and mid-sized businesses use them to send offers and reminders. Loyalty companies aggregate them to run targeted promotions. The number also simplifies billing and returns, which makes it seem harmless and even helpful.

However, what this really means is that the number is doing far more work for the retailer than for the shopper. It becomes a permanent identifier, one that does not need renewal, password changes or verification. Unlike an email ID that can be replaced or abandoned, the mobile number is deeply tied to daily life. That permanence is useful for companies because it creates a stable link across years of purchases.

Is It Mandatory To Share Your Number After Every Purchase?

In 2025, as per the Digital Personal Data Protection Act, the government reiterated, through a series of public advisories, that no retailer can compel a shopper to share a phone number to complete a transaction. The Department of Consumer Affairs released fresh guidance in October and November, warning brands against coercive data collection in the guise of e-bills or reward points.

• The updated norms are straightforward.
• A phone number is personal data.
• Consent must be sought freely, without pressure.
• The customer must be able to withdraw consent at any time.
• A retailer cannot deny service if the customer refuses to share personal information.

Despite this, a survey conducted by PwC India said only 16% of consumers are aware of the DPDP Act across diverse geographies, age groups, occupational backgrounds and urban-rural divides. Many believed the store’s billing system genuinely required a phone number, not realising that several chains had simply designed their software to nudge compliance.

The survey revealed over 56% of consumers are not aware of their rights related to personal data and 69% of consumers are not aware of their rights to take back their consent. With over 69% of consumers feeling that their data may not be safe with companies. Of these, 37% of respondents are from Tier-3 cities.

India’s Digital Personal Data Protection Act (DPDPA) was implemented to attempt and create a clearer framework for consent and data use. The law requires companies to specify what they are collecting, why they need it, and how long they intend to keep it. Individuals are also granted the right to withdraw consent, request deletion, and escalate complaints in case of misuse.

However, the effective implementation remains uneven. On-ground retail interactions do not always align with the written provisions. Many cashiers continue to request numbers without clarifying purpose, and customers often assume that providing a number is mandatory for billing.

How Loyalty Culture Gives The Illusion of Benefit?

Loyalty programmes in India grew rapidly between 2020 and 2025, powered by aggressive digitisation, UPI expansion and cashless payments. Pharmacies began offering points that could be redeemed on the next purchase. Apparel chains rolled out tiered membership systems. Food brands sent personalised coupons with food-aggregator notifications feeling almost eerie in regards to the content and timings, and then grocery stores introduced app-based rewards like ‘Cash’, ‘Money’ or ‘Scratch Cards’.

These schemes appear generous but their value is often symbolic. Customers accumulate small amounts of credit that rarely translate into substantial savings. Points expire quickly or require high minimum spends. Birthday discounts feel pleasant but rarely shift actual buying behaviour.

To simply understand, loyalty points create a sense of gain without delivering much. What they deliver instead is data- the more a customer redeems, scans or checks in, the richer the dataset becomes. Some retailers combine it with location information, app browsing habits or purchase timing.

In a country where shopping is frequent and mobile-based, loyalty systems flourish because they appear optional. Yet they shape habits in a pattern that consumers do not always recognise.

Why Customers Should Not Share Phone Numbers With Retailers?

Consent in retail settings operates on a thin line between request and assumption. Many customers offer the number because the cashier repeats it mechanically and the moment feels transactional rather than optional. Some worry that refusing might delay billing or complicate returns. Others assume that the shop would not ask unless the law required it.

• Few are aware that they are protected by several frameworks:
• the right to refuse sharing the number at point of sale
• the right to receive a physical bill without extra charge
• the right to ask why the number is being collected
• the right to withdraw consent later
• the right to know if the number has been shared with partners

These protections exist, yet daily practice does not reflect them. The gap between rights and behaviour is wide because most shoppers do not associate mobile numbers with risk. A number feels less sensitive than a bank detail or Aadhaar. It feels innocuous, even when it sits at the centre of modern data collection.

How Consumers Can Tell If Their Data Is Being Misused?

Misuse often shows up long before a formal breach is announced. Unusual spikes in promotional messages, calls from brands you never interacted with, sudden login alerts, or delivery updates for orders you did not place are early signs that your number has travelled beyond the store you shared it with. If receipts or loyalty updates appear from outlets you have never visited, it usually indicates that your data has been pooled, sold or accessed without consent. Any unexpected pattern linked to your number is a signal worth paying attention to.

What Customers Can Do If Their Data Is Misused or Breached?

When mobile numbers leak or appear in unwanted marketing lists, many customers simply block the sender or delete the messages. Few pursue formal remedies, even though they have several options. If a retailer or partner mishandles data, customers can:

• raise a grievance directly with the company’s designated data officer
• demand an explanation of how the number was collected, stored and used
• request evidence of consent
• ask for logs of data sharing with third parties
• file a complaint with the Consumer Court Of India, if the company does not respond within the stipulated timeline
• seek financial compensation if the breach caused tangible harm such as fraud, harassment or financial loss (via The Data Protection Board or Consumer court)

These steps place responsibility back on the retailer, rather than on the customer attempting to manage the fallout alone.

Can Shoppers Remove Their Numbers From Databases?

Many customers do not realise that they can ask for their mobile numbers to be deleted. The option exists across most retail systems, even if it is not widely advertised. Shoppers can:

• request deletion directly at the store
• email customer care to erase their data (can take upto 30 days)
• opt out of loyalty programmes entirely or request the same to be shared only on email (consumers can create a separate email ID for such purposes)
• revoke permissions through brand apps
• request a bill without linking it to their number
• ask for visual confirmation once deletion is complete

Some companies comply immediately, others require follow-up. The effort is worth it because it resets the relationship between shopper and retailer. It also reduces unwanted messages and limits how much of a person’s daily life is tracked through one identifier.