THE KROGER CO. | Report on safeguarding the privacy of consumer health data at the Kroger

Status
14.05% votes in favour
AGM date
Proposal number
6
Resolution details
Company ticker
KR
Lead filer
Individual
Resolution ask
Report on or disclose
ESG theme
  • Social
ESG sub-theme
  • Digital rights
Type of vote
Shareholder proposal
Filer type
Shareholder
Company sector
Consumer Staples
Company HQ country
United States
Resolved clause
Shareholders request our Board issue a public report detailing known and potential risks and costs to
the Company of fulfilling information requests relating to Kroger customers for the enforcement of state laws
criminalizing access to reproductive or gender-affirming health care, and setting forth any strategies beyond legal
compliance the Company may deploy to minimize or mitigate these risks. The report should be produced at
reasonable expense, exclude proprietary or legally privileged information, and be published within one year of the
annual meeting.
Whereas clause
The Kroger Family of Companies (“Kroger”) collects sensitive health-related information from its customers. In
addition to purchase history, this includes geolocation data, internet activity, and biometric and demographic
information, from which consumer profiles can be constructed.
This data may be accessed without consumer consent by states that criminalize access to certain forms of health
care, including reproductive and gender-affirming care, as law enforcement agencies frequently rely on digital
consumer data for their investigations. Alphabet and Meta disclosed that they collectively received over 140,000
such requests in the first half of 2024, and each complied with about 88 percent of those requests.1

Kroger’s privacy policies stipulate that it may disclose sensitive health-related information to law enforcement
officials voluntarily or as required by law. However, a 2023 congressional investigation found that Kroger does not
require legal review or a warrant before sharing patient records with law enforcement and fails to notify patients
when their data is disclosed.2 The proponents of this proposal are concerned that Kroger will comply with law
enforcement requests for consumer data in instances where the consumer activities in question were legal where
they occurred, even if deemed illegal in other states.

Consumers, companies, and the public at large benefit from knowing when law enforcement entities seek consumer
data. Transparency fosters consumer trust and loyalty. While Kroger does not currently publicly report figures on
law enforcement requests compliance, other companies do. For example, CVS discloses the number of legal record
requests it receives for its pharmacy operations, with updates published every six months.1
Kroger collects and stores digital consumer data and is not immune to law enforcement requests focused on
reproductive or gender-affirming healthcare access that may create significant reputational, financial, and legal risks.
Kroger already complies with state laws that provide protections and consumer rights for sensitive data sets, like
health information.2 There is a strong brand benefit to increasing long standing consumer privacy expectations.
Supporting statement
Shareholders recommend, at board discretion, input from reproductive rights and
civil liberties organizations be solicited and reflected in the report, and the report contain:
(1) An assessment of the implementation of a nationwide data privacy policy wherein consumers would have
“deletion rights;”
(2) An evaluation of the benefits of notifying consumers about law enforcement information requests regarding
their data prior to, and with sufficient time for consumer response, before complying with any such
request.”

DISCLAIMER: By including a shareholder resolution or management proposal in this database, neither the PRI nor the sponsor of the resolution or proposal is seeking authority to act as proxy for any shareholder; shareholders should vote their proxies in accordance with their own policies and requirements.

Any voting recommendations set forth in the descriptions of the resolutions and management proposals included in this database are made by the sponsors of those resolutions and proposals, and do not represent the views of the PRI.

Information on the shareholder resolutions, management proposals and votes in this database have been obtained from sources that are believed to be reliable, but the PRI does not represent that it is accurate, complete, or up-to-date, including information relating to resolutions and management proposals, other signatories’ vote pre-declarations (including voting rationales), or the current status of a resolution or proposal. You should consult companies’ proxy statements for complete information on all matters to be voted on at a meeting.