Most large companies doing business in California are required by the state’s new privacy law to disclose what they know about customers and how that information is used.

This resulted in fairly straightforward announcements by many businesses.

Then there’s Ralphs, the supermarket chain owned by Kroger.

…As part of signing up for a rewards card, Ralphs “may collect” information such as “your level of education, type of employment, information about your health and information about insurance coverage you might carry.”

It says Ralphs may pry into “financial and payment information like your bank account, credit and debit card numbers, and your credit history.” […]

Ralphs says it’s gathering “behavioral information” such as “your purchase and transaction histories” and “geolocation data,” which could mean the specific Ralphs aisles you browse or could mean the places you go when not shopping for groceries, thanks to the tracking capability of your smartphone.

Ralphs also reserves the right to go after “information about what you do online” and says it will make “inferences” about your interests “based on analysis of other information we have collected.”

Other information? This can include files from “consumer research firms” — read: professional data brokers — and “public databases,” such as property records and bankruptcy filings.

[The article also notes that Ralphs' parent company Kroger also owns a company 'devoted solely to using customer data as a business resource' by aggregating data about its customers and selling it on the open market.]

“This level of intrusiveness seems like a very unfair bargain in return for, say, 20 cents off a can of corn,” Fordham’s Reidenberg said.