Retail managers’ sociotechnical imaginaries of customer data and the privacy-personalisation tension Open Access

Personalisation can be defined as the process of delivering the right product or service to the right customer at the right time and place (Sunikka and Bragge, 2012), which hinges on the ability to collect, store and analyse customer data. Data-driven personalisation has become a core competitive strategy in retail (Scholdra et al., 2023; Canhoto et al., 2024), promising benefits to both customers and firms. For customers, these benefits include reduced cognitive overload, increased satisfaction and loyalty, while for firms they include enhanced relationships, increased purchase intent and data monetisation (Ansari and Mela, 2003; Rust and Chung, 2006; Pappas et al., 2016; Bartholomew and Williamson, 2022).

Although improvements in data collection and analysis have enabled retailers to enhance their personalisation capabilities and boost sales (Kumar et al., 2021), these capabilities have raised concerns about consumer privacy in recent years. These concerns have given rise to a complex and ever-changing legal framework that restricts the collection and use of data (Quach et al., 2022). Thus, personalisation and privacy are in tension with each other–resulting in the much discussed personalisation–privacy paradox (Aguirre et al., 2016).

How do managers address this paradox? Previous research shows that, driven by “performance expectancy” (Martin et al., 2020), managers often have optimistic views of personalisation’s impact (Strycharz et al., 2019), but experience difficulties when trying to act in accordance with these visions as issues connected to risk, operational complexities, knowledge gaps and consumer reactance stand in the way (Martin et al., 2020; Moliner-Tena and Tortosa-Edo, 2025; Đurđević et al., 2025).

In this research, managers are predominantly portrayed as rational actors with static worldviews. Their mission is simple – to maximise personalisation – and in order to accomplish this mission, they have to overcome several “barriers”. While this research is valuable in providing us with a first understanding of the problems that managers face when trying to address personalisation and privacy issues in today’s customer data-intensive markets, the image it provides is oversimplified. Managers who work with personalisation in today’s complex data landscape have to deal with and navigate both competing views of personalisation and privacy, complex technical issues and increasingly demanding legal requirements. Consequently, it is unlikely that managers have a single view or approach to the personalisation-privacy paradox. Nor could we expect the approach they take to be the result of individual disposition.

Against this background, this paper aims to explore and conceptualise how retail managers navigate the personalisation-privacy paradox and how their work is impacted by these different approaches to and understandings of personalisation-privacy. We address the following questions: How do retail managers understand personalisation and privacy in their daily work? How do they envisage the future development of privacy and personalisation? How do these understandings and future visions shape what actions are considered possible or legitimate? By learning how managers view and approach the combination of promises, regulations and paradoxes, we can gain insight into how they navigate current tensions. This includes how they handle complex legal requirements while meeting internal expectations and consumer demand for relevant, timely communication and offers.

More specifically, adopting the lens of sociotechnical imaginaries (Jasanoff and Kim, 2009), this study enhances our understanding of how retail managers’ views and strategic ideals influence their daily operations by facilitating certain actions and restricting others, thereby illuminating the role of sociotechnical imaginaries in navigating the tensions between personalisation and privacy.

Based on 21 semi-structured interviews with Swedish retail managers, the study identifies four sociotechnical imaginaries that legitimise and frame operations: value-exchange maximisation; compliance-focused risk mitigation; privacy-as-advantage; and pragmatic market realism. The study illustrates that tensions exist between day-to-day perspectives and strategic work, which ultimately stem from different considerations of data as either a risk or a potential source of value. This paper contributes to research on privacy and personalisation in retail, as well as to broader debates on privacy and emerging marketing technologies.

The paper is structured as follows: First, it provides an overview of relevant literature on personalisation and privacy. This is followed by an introduction to the theoretical framework of sociotechnical imaginaries. Next, the qualitative, interview-based data collection method and thematic analysis are described. The study’s findings then follow, providing an account of the four identified imaginaries. Finally, the findings are discussed alongside conclusions and managerial implications.

Previous literature has emphasised the increased focus on customer data-driven personalisation in the retail market. Personalisation has emerged as a core strategy for companies seeking a competitive edge (Scholdra et al., 2023; Smith, 2011; Canhoto et al., 2024; Eggers et al., 2023). Previous research indicates that the promised benefits are significant. For customers, these include reduced cognitive overload (Ansari and Mela, 2003), increased content relevance (Ho and Bodoff, 2014) and greater satisfaction and loyalty (Rust and Chung, 2006). For firms, the benefits include purchase intent (Pappas et al., 2016), fewer product returns (Cui et al., 2021) and monetising customer data (Bartholomew and Williamson, 2022).

The relationship between privacy and personalisation is often described as a paradox (e.g. Aguirre et al., 2016). The personalisation-privacy paradox describes the tension between the value that customers gain from personalisation and the privacy concerns that are generated by data collection (Cloarec, 2020; Zeng et al., 2021). This paradox often manifests as a discrepancy between consumers’ stated privacy concerns and their actual disclosure behaviours (Norberg et al., 2007). Despite expressing high levels of concern, customers often disclose personal information in exchange for the perceived benefits of personalisation (Karwatzki et al., 2017; Whelan et al., 2023).

Retail managers are primarily driven to adopt personalisation technologies by a widespread “performance expectancy”, or the belief that these systems will enhance product differentiation and increase profit margins (Li and Unger, 2012; Đurđević et al., 2025). Frequently described as the “Amazon effect”, this tendency is driven by market forces and reflects the need to use data to create personal experiences in order to remain competitive (Martin et al., 2020).

However, efforts to adopt personalisation technologies are not unproblematic. Privacy concerns are treated as strategic priorities, with managers rejecting techniques that could undermine brand trust (Martin et al., 2020). Operational challenges also hinder progress, including difficulties in synchronising data across channels (Moliner-Tena and Tortosa-Edo, 2025) and substantial knowledge gaps in digital solutions (Đurđević et al., 2025). Retailers further recognise the risks of consumer reactance when hyper-personalisation feels intrusive (Martin et al., 2020; Strycharz et al., 2019), including “freedom-related privacy risk,” where algorithms are seen as manipulating decisions by limiting choice (Karwatzki et al., 2017; Riegger et al., 2021).

In the face of legal ambiguities such as the General Data Protection Regulation (Strycharz et al., 2019; Martin et al., 2020) and the breakdown of traditional disclosure mechanisms, organisations are moving towards a model of valuable surveillance in their governance strategies. This involves investing in transparent algorithms (Riegger et al., 2021) and user-friendly interfaces to mitigate privacy concerns (Moliner-Tena and Tortosa-Edo, 2025). Central to this evolving perspective is the belief that high-quality personalisation can reduce customer resistance directly (Cai and Mardani, 2023), with some executives exploring the possibility of compensating consumers directly in the future (Martin et al., 2020).

In summary, the literature reveals that personalisation and privacy have evolved from a paradox to a multilevel challenge for retailers, necessitating strategic measures (Cheruku, 2025). While prior managerial studies have examined technology adoption barriers (Đurđević et al., 2025), retail managers’ views on personalisation effectiveness (Smith, 2011) and omnichannel privacy concerns (Moliner-Tena and Tortosa-Edo, 2025), these typically treat managers as decision-makers with stable preferences. Our study extends this work by showing the competing collective visions that shape how managers interpret and approach the personalisation–privacy landscape.

This paper employs the concept of sociotechnical imaginaries, introduced by Jasanoff and Kim (2009), to explore how collectively held and circulated views of personalisation and privacy shape how retail managers interpret and approach this issue in their daily work. Sociotechnical imaginaries are “collectively held, institutionally stabilized, and publicly performed visions of desirable futures, animated by shared understandings of forms of social life and social order attainable through, and supportive of, advances in science and technology” (Jasanoff, 2015, p. 4).

Sociotechnical imaginaries extend beyond individuals as collectively shared and reproduced understandings of reality and belonging. They emerge through the co-production of science, technology and society (Jasanoff, 2015). The concept also highlights the hybridity of social and material elements–human and non-human–transcending the divide between agency and structure (Jasanoff, 2015).

Sociotechnical imaginaries are inherently future-oriented, encompassing visions of desirable futures made possible through technology (e.g. AI-driven prosperity). These visions of the future are not merely descriptive, but also prescriptive in that they imply what is legitimate and worth striving for (Bajde, 2012). However, they also contain visions of the present and past (Jasanoff, 2015). Sociotechnical imaginaries are not static; they evolve, transforming in tandem with shifting spatio-temporal conditions (Jasanoff and Kim, 2009).

Furthermore, whereas the original studies focused on a single dominant national sociotechnical imaginary, there is now a broad consensus that sociotechnical imaginaries are always multiple. Consequently, multiple sociotechnical imaginaries are in circulation at any given time, though some are more durable and widespread than others (Jasanoff and Kim, 2009; Mager and Katzenbach, 2021). Additionally, these imaginaries are often contested and may contradict each other (Jasanoff and Kim, 2013; Kuchler and Stigson, 2024).

Importantly, sociotechnical imaginaries do not exist outside the practices and material realities they describe (Mager and Katzenbach, 2021). While early theorising overlooked their interaction with practices (Jasanoff, 2015), recent studies demonstrate that imaginaries both shape and are shaped by everyday practices (Sörum and Fuentes, 2023), co-producing subjectivities and agency through recursive relationships with individuals’ actions (Kuchler and Stigson, 2024). Although imaginaries can be identified in individual accounts, they are not individual properties; rather, individuals subscribe to, reproduce and spread them through practice.

These properties of co-production, collective stabilisation and prescriptive performativity distinguish sociotechnical imaginaries from two other frameworks that might appear equally suited to the phenomenon under study. Paradox theory (Smith and Lewis, 2011) captures the simultaneity of opposing demands but treats actors as rational decision-makers navigating discrete tensions. Temporal sensemaking (Kaplan and Orlikowski, 2013) illuminates how actors reconcile past, present and future orientations, yet remains anchored in individual cognition. Neither framework accounts for the dimension that is central here: that visions of technology and society are institutionally stabilised before individual decisions are made, legitimising certain actions and foreclosing others as a precondition of choice. In the context of retail data practices, managers do not simply “choose” between personalisation and privacy, as their choices are already framed by shared visions of what technology can and should do.

In what follows, we analyse sociotechnical imaginaries of privacy and personalisation among retail managers.

This paper is based on a qualitative study examining how retail managers understand and approach the complex interplay between data, technology, privacy and personalisation. Participants were selected through purposive sampling to ensure diverse experiences and responsibilities in data-driven marketing, personalisation strategies and privacy compliance. Recruitment involved scanning LinkedIn for relevant professionals and reconnecting with individuals from previous studies. Following initial interviews, snowball sampling was employed, whereby participants were asked to recommend colleagues with either similar or contrasting viewpoints on data utilisation. To capture a broad range of perspectives within the Swedish retail sector, the participants represented various categories including sporting goods, fashion, Do-It-Yourself (DIY), pharmacy, grocery, alcoholic beverages, consumer electronics, the motor industry and interior design. Roles included Data Protection Officers, E-commerce Managers, Chief Marketing Officers, Chief Technology Officers and Legal Counsels (see Table 1).

Twenty-one retail managers from twelve companies participated in semi-structured video interviews, which averaged one hour in length, on Microsoft Teams. Each interview was conducted by one of five researchers who had collectively developed an interview guide. Drawing on themes identified in prior research, including privacy as strategic risk (Martin et al., 2020), the personalisation–privacy paradox (Aguirre et al., 2016) and performance expectancy (Li and Unger, 2012; Đurđević et al., 2025), the guide explored operational practices, regulatory compliance, technology adoption, value creation and consumer expectations. The responses were analysed as manifestations of collectively held sociotechnical imaginaries regarding the role of customer data in retail management. All interviews were recorded and transcribed verbatim.

To ensure ethical conduct, all participants were given detailed information about the purpose of the study and how the data would be used. Informed consent was obtained prior to each interview. To protect confidentiality, all names of individuals and their respective companies have been anonymised in the transcripts and this analysis. Due to the size of the Swedish retail industry, the pseudonyms have not been connected to the firms’ categories, as this could enable others to infer the participants’ identities. Participants were informed of their right to withdraw from the study at any time.

The analysis aimed to identify the underlying logic and shared assumptions that managers use when navigating their professional environment. As previously mentioned, the primary analytical lens was the concept of sociotechnical imaginaries. The research team conducted a thematic analysis of the transcribed interviews. Following an inductive-abductive process (Timmermans and Tavory, 2012), each researcher open-coded the transcripts to identify themes related to privacy (e.g. data collection, regulations, competitive pressures, compliance) and personalisation (e.g. customer experience, value creation, targeting, loyalty) (Saldaña, 2015). After generating initial codes, we collectively identified patterns from which four distinct sociotechnical imaginaries emerged. Where coding disagreements arose, they were resolved through iterative discussion among the five researchers until consensus was reached, with contested codes revisited against the original transcripts to ensure interpretive consistency. Across the interview series, later interviews reinforced rather than introduced new imaginaries, suggesting thematic saturation within the scope of the sample (Table 2). The analysis was guided by questions such as: How do managers reason about current customer data use? What are their convictions regarding privacy and personalisation? What actions do they consider necessary for future competitiveness? How do future visions guide current decisions? Each imaginary was developed to specify its core narrative, the positioning of the actors involved (company, customers and competitors) and the inherent tensions. We assume that these imaginaries frame what futures managers perceive as legitimate and desirable, thereby shaping both current operations and future preparation.

We then compiled our findings into descriptions of the four different imaginaries, outlining their central components and providing illustrative quotes. The sociotechnical imaginaries are categories comprising quotes from several informants. In practice, these categories overlap and the interviewed managers may draw on several different imaginaries, sometimes even conflicting ones. The existence of conflicting imaginaries from the same individual is to be expected. Such inter-imaginary tensions are part of the process by which collective sociotechnical imaginaries are negotiated. Large Language Model (LLM) tools (Claude Opus 4.6 (Adaptive), Gemini 2.5, GPT-5 and DeepL) were used for translation and copy-editing during the writing process to improve clarity of language and grammar.

Addressing how retail managers understand personalisation and privacy (RQ1), how they envisage their future development (RQ2) and how these understandings shape legitimate action (RQ3), the analysis identifies four collective managerial imaginaries structured along two dimensions (see Figure 1). Firstly, managers conceptualise customer data as either a problem to mitigate or an opportunity to maximise, which relates to prior implementation-focused literature (cf. Bartholomew and Williamson, 2022). Secondly, the imaginaries diverge temporally, between present orientation and future vision. The imaginaries are: (1) value-exchange maximisation, (2) compliance-focused risk mitigation, (3) privacy-as-advantage and (4) pragmatic market realism. These imaginaries are presented and exemplified below.

In this imaginary, data collection is not viewed as an intrusion, but as a fair and necessary exchange that creates value for both firm and customer (Sunikka and Bragge, 2012). Marketing should be personalised and relevant (Ansari and Mela, 2003) and customers willingly share data to enjoy superior experiences. Personalisation creates a “win-win” that drives business value through conversion (Pappas et al., 2016). Managers who work closely with technology use this to justify data practices such as collecting and analysing customer data using marketing technology (cf. Mellet, 2025). This aligns with Sörum and Fuentes’ (2023) “good data” imaginary, which portrays data collection as beneficial and routine.

The imaginary incorporates factual elements (Sörum and Fuentes, 2023), with participants describing personalisation as a baseline requirement rather than a strategic objective: “Customers today expect it to be adapted on the site or in the interaction … ” (I1). The choice to withhold data is framed with known consequences: “It affects the site’s relevance already today … I think that most people understand that it can have consequences” (H3).

Managers also described the ideal state they were striving to create. The vision is one of perfect convenience, where the company must “ … help the customer to make it as smooth as possible” (H3). Technology is the means to achieve this; one manager views an app as the key: “The app provides greater opportunities for personalisation” (E1). Technology eliminates friction and delivers inspiration: “You want to find inspiration to find new things” (E1), making the value exchange desirable and embedding the imaginary in the technological setup.

Within this imaginary, customers are framed as rational actors with “expectations” (I1) who make conscious trade-offs–empowered participants rather than passive targets. The company is a value creator, with managers using technology to “build audiences” (I1) and “adapt the message” (E1). When a customer chooses not to be tracked, this “of course affect[s] the customer experience a little bit” and results in a “worse customer journey” (H3). Rather than being positioned as a right, privacy is a choice that reduces service quality, reinforcing the idea that sharing data is inherently beneficial.

However, achieving this desirable future requires infrastructural improvement. The focus on building a better personalisation project (H3), using an app to enable data collection (E1) and leveraging behavioural and weather data (I1) demonstrates belief in technology’s power. Yet tensions persist: one informant confided that, although they advocated for data collection professionally, sharing their own data was not obvious. This manager’s desire to “enlighten” customers about data use suggests awareness of a critical stance that questions the win-win narrative, illustrating internal conflict. Even when data is viewed as an opportunity, alternative imaginaries of risk persist.

This sociotechnical imaginary is rooted in a defensive mindset that views retail data as rife with legal and reputational risks (Kawaf et al., 2024). The narrative is that value can be created by protecting customers and companies from harm. While data is an asset for personalisation, strict processes must be in place to avoid penalties and maintain trust (Cloarec, 2022). The goal is to build an organisation that can withstand regulatory pressures and technical failures.

Managers describe the current environment as complex and hostile. The rules are difficult to master: “The more I learn about GDPR [General Data Protection Regulation] the harder I think it gets, because it is so complex” (H1). External actors, particularly Big Tech companies and regulators, dictate the terms of engagement: “Everything that has to do with Google. It hits us. All their changes … Europe-directives … It affects us very hard” (K1). This is the “playing field” (H2) on which they operate, with regulators and Big Tech setting the “rules of the game” (H2). Data breaches are not abstract risks but factual events: “a supplier … had a data breach” (D2), and legacy technology poses a tangible threat: “We have an old technical platform … We don’t really trust it” (H3).

The imaginary is also one of impeccable compliance and responsibility. The company should be a “responsible actor” (H2) that actively works to “stay as far away as possible from a potential grey zone” (D1). The relationship with the customer is built on transparency and fairness, because any other way “doesn’t feel fair” (D2). The goal is a future in which robust processes and technology minimise risk, pursued through projects such as replacing entire platforms.

Managers shaped by this imaginary act as guardians–process-oriented, risk-averse and focused on governance: “Make an assessment of how serious this is. Also, assess how we document it” (D2). Customers are stakeholders whose trust is vital–’Ensure our customers’ trust’ (D1)—but also potential victims whose data represents a liability. A breach is “very serious” (D2) because it violates that trust.

This imaginary is characterised by resignation and a focus on mitigating negative consequences. It reflects an interplay of imaginaries (Lehtiniemi and Ruckenstein, 2019): problems are framed socio-critically, acknowledging datafication’s risks, yet solutions are articulated through technological advancement–’When we have moved to the new platform then … it will become safer’ (H3). This provides a counterpoint to consumer-centric research (Lupton, 2021). While consumers view their data persona as superficial (“not the real me”), managers recognise data as liability; even innocuous information like employee names requires formal risk assessment (D2), demonstrating data’s “real” potential for harm.

This sociotechnical imaginary represents a future vision in which privacy is framed as a core brand asset and competitive advantage (Martin and Murphy, 2017). The narrative is that a sustainable and ethical business must proactively champion user trust and control, actively constructing a “desirable future” (cf. Gümüsay and Reinecke, 2024) in which a company’s ethical stance drives loyalty and success.

Managers depart from a pragmatic assessment of the current landscape: old methods are ineffective; customers have shorter attention spans and generic marketing leads to disengagement: :If you just send a generic newsletter … people will unsubscribe” (I1). They believe that “people [will] become more and more aware that they shouldn’t share data” (I1) and contrast their approach with the “dark pattern[s] that many use” (H3). This perception–impatient consumers, rising privacy awareness and unethical competitors–creates a strategic opening.

In the desired future, ethics align with commerce. Companies should be “more serious actors” and “more strictly and restrictively [work] with privacy issues” (I1). Personalisation is a “competitive tool”, but only when carried out fairly, making customers feel “included and not persecuted” (D2). The goal is proactive integrity: “be as compliant as possible” and “fully transparent”, rather than “luring the customer” (H3). Fair data collection requires minimising data and robust internal structures such as proactive reviews, training and clear chains of command.

Customers are portrayed as informed individuals who will reward ethical commerce–given “the opportunity to understand what you are doing” (H3). The company should act as a proactive ethical steward: “be proactive so that things don’t go wrong” (E1), embedding an “honest” value system throughout the organisation (H3). This requires creating “an internal structure for different early warning functions” to ensure ethical conduct from the top down (H1). Unlike in the risk-mitigation imaginary, regulations are seen as created with the “consumer’s best in mind”, and the company should have “nothing against” them (H2). Privacy transforms from a hurdle into a “competitive tool” (D2) that enhances the brand’s reputation for “seriousness” (D2).

This imaginary challenges the dominant data economy, proposing a model based on trust over extraction. However, execution relies on technological capacity to ensure the right “internal structure” (H1), processes and safeguards. By rejecting manipulation and emphasising transparency (H3), managers shaped by this imaginary treat customers as more than data points. Their refusal to “lure” or “persecute” customers acknowledges their agency and worlds–their “real me” (Lupton, 2021)—which exist beyond data.

This sociotechnical imaginary–while less widespread–is rooted in the perception of an unfair, constrained market. It centres on pragmatic survival, with managers balancing compliance aims against resource limitations and competitors’ rule breaking. Focusing on present realities rather than distant visions, it thrives amid frustration and cynicism.

This imaginary leans heavily towards the descriptive, framing the world as a set of unchangeable constraints. Firstly, the most powerful element is the existence of non-compliant competitors who succeed: “It becomes a competitive advantage for those who choose not to follow the regulations” (H1). This is particularly pertinent in relation to foreign actors, such as the “Chinese players” who “don’t adhere to the Swedish regulations at all” and are simply “vacuuming up Europe” (E1). Secondly, technology is a limiting factor: “We have an old technical platform that is not especially good. We don’t really trust it” (H3), forcing managers to work with anonymised data despite knowing this yields suboptimal results. Thirdly, managers observe the “privacy paradox” (Norberg et al., 2007) as a market reality, reinforced by “cookie fatigue”: users click “Yes, yes, yes, yes”, rendering consent meaningless (E1). Lastly, external platform changes constrain further: “we get less and less data … Apple is difficult and leaves less and less data” (H3), leaving managers with “fewer tools in the toolbox” (E1).

This imaginary harbours a distant vision of a fair playing field with “competition on equal terms” where everyone follows the “same regulations” (E1). Ethics justifies their own compliance: “It builds … value in the company itself to be compliant. It is the reputation that wins in the long run” (H1). Aggressive data collection by competitors is expected to eventually result in “bad will” (E1). There is also a desire for a more educated consumer who “understands what it means to make those choices” (H3), though achieving this is not necessarily the retailer’s responsibility.

Managers shaped by this imaginary are frustrated yet compliant “realists”. Customers are viewed with a pragmatic, almost cynical, eye–embodying the privacy paradox yet increasingly “aware” of privacy issues, leaving “less room for mistakes” (H2). Regulators and platforms are powerful external forces and the reason for the shrinking “toolbox” (E1). Managers feel trapped in a market that punishes compliance and rewards rule-breaking, wanting to be a “responsible actor” where responsibility is a competitive disadvantage. They frame technology as the primary solution, hoping a new platform will resolve constraints: “When we have moved to the new platform … it becomes safer” (H3).

Overall, we have presented the four managerial imaginaries regarding privacy in retail. As outlined in this section and summarised in Figure 1, these imaginaries are based on how customer data is viewed, and whether the focus is on the present or the future. Together, these dimensions create a complex, multi-layered matrix of tensions that goes beyond the personalisation–privacy paradox identified in consumer research (Zeng et al., 2021; Kawaf et al., 2024).

Although existing managerial research has emphasised the strategic importance of personalisation (Kumar et al., 2021) and the potential of using privacy as a competitive advantage (Martin and Murphy, 2017), these studies typically treat data strategies as distinct, rational choices available to the firm. Our study challenges this view by employing sociotechnical imaginaries as a conceptual lens. This reveals that these strategies are experienced as both competing with and coexisting alongside one another within the same organisation or marketplace. By mapping these imaginaries, we have identified two critical dimensions. First, the differing views on customer data–viewing it as either a challenge or an opportunity–can be considered a paradox (Smith and Lewis, 2011), reflecting a tension between performing (the drive for personalisation and financial goals) and organising (the need for control and compliance). This paradox requires constant negotiation because these demands are simultaneous rather than sequential: managers cannot prioritise sales over safety without risking regulatory penalties, nor can they enforce strict control without sacrificing the customer experience. Secondly, conflicting time horizons resonate with research on temporal sensemaking (Kaplan and Orlikowski, 2013) as managers struggle to reconcile the “pragmatic present” with an “idealized future”.

Thus, rather than a singular tension between privacy and personalisation, our analysis revealed a multilayered matrix of tensions. What is considered a paradox in consumer research (Zeng et al., 2021; Kawaf et al., 2024) is far more complex and layered from a managerial perspective. The forward-looking “Privacy-as-Advantage” imaginary, for instance, is in direct conflict with both the defensive “Compliance-Focused” approach and the cynical “Pragmatic Market Realism” vision, which posits that the battle for ethical data handling has already been lost to non-compliant competitors. In other words, the tensions are far more intricate, layered and complex than initially expected. Notably, paradox theory would likely frame Value-Exchange Maximisation and Compliance-Focused Risk Mitigation as opposing poles requiring balance. Sociotechnical imaginaries, however, reveal that these are not merely tensions to be managed but collectively stabilised visions that prescribe what counts as legitimate action–foreclosing alternatives before any deliberate “choice” occurs.

By applying sociotechnical imaginaries to managerial perspectives on personalisation and privacy in retail, our findings contribute to both sociotechnical imaginaries (STI) scholarship and the understanding of retail data strategy. First, while STI research has predominantly operated at the macro level–examining national policies (Jasanoff and Kim, 2009), corporate visions (Mager and Katzenbach, 2021), or sectoral narratives–our study demonstrates that competing imaginaries coexist within retail organisations and across professional roles. This supports Kuchler and Stigson’s (2024) argument that individuals subscribe to and contest imaginaries through practice, extending it by showing that such contestation is structurally embedded across organisational functions. This implies that strategic misalignment around data practices is not primarily a coordination failure (Đurđević et al., 2025; Kumar et al., 2021) but a consequence of competing collectively held visions about what technology should do and for whom. Second, our analysis shows that the co-production of sociotechnical imaginaries (Jasanoff, 2015) operates differently across market roles, challenging research framing the personalisation–privacy as a single paradox (Aguirre et al., 2016; Zeng et al., 2021). From the managerial side, the tension consists of four competing visions, each with its own logic of legitimacy. Third, by mapping these imaginaries along two dimensions, the study offers a heuristic moving beyond the observation that imaginaries are multiple and contested (Jasanoff and Kim, 2013; Mager and Katzenbach, 2021) towards specifying the axes along which they diverge, providing a diagnostic vocabulary for identifying dominant visions and emerging strategic tensions.

This study has several limitations that suggest avenues for further research. First, the findings are situated within the Swedish retail sector, where regulatory culture, market structure and consumer expectations may differ from other contexts. Comparative studies across regulatory regimes–for example contrasting EU and United States markets–could reveal how institutional environments shape which imaginaries dominate. Second, while the 21 interviews across 12 firms captured diverse roles and retail categories, and each imaginary drew on accounts spanning multiple organisations and professional positions, the sample remains limited in scale. Larger studies incorporating additional sectors and markets would strengthen the generalisability of the identified imaginaries. Third, as with all qualitative research employing sociotechnical imaginaries as an analytical lens, the study relies on individual accounts as sites where collective constructs surface (Kuchler and Stigson, 2024). Although the consistency of narratives across firms and roles supports their collective character, ethnographic or longitudinal approaches could more directly trace how these imaginaries circulate and stabilise within organisations over time. Finally, the imaginaries were captured at a single point in time. Given the rapidly evolving regulatory and technological landscape, future research should examine how these imaginaries shift in response to developments such as AI-driven personalisation and emerging privacy legislation.

This study shows that retail managers navigate personalisation–privacy tensions through four conflicting sociotechnical imaginaries whose coexistence impedes coherent strategy – not because of coordination failure, but because each vision carries its own collectively sustained logic of legitimacy. Shifting these collectively reproduced imaginaries requires addressing shared assumptions, not simply issuing directives. Leaders could begin by using the two-dimensional heuristic developed in this study–data as problem or opportunity, present versus future orientation–to map which imaginaries dominate across teams. Workshops structured around this mapping can surface underlying assumptions and foster shared understanding of the pressures faced by each function.

We recommend driving Privacy-as-Advantage as the guiding vision. This reflects both a normative stance and an empirical observation: Privacy-as-Advantage appeared across the broadest range of firms, suggesting latent organisational resonance and is the only imaginary aligning long-term value creation with ethical data use. In practice, this means building trust through transparency, rejecting dark patterns and ensuring customers understand why data is collected. However, this vision will falter if it ignores operational realities voiced in other imaginaries. Solutions include replacing legacy systems with secure platforms and establishing structures, routines and roadmaps for reliable execution.

Sustainable change requires embedding this direction in organisational culture through cross-functional training that educates teams on the motives behind data policies, moving beyond regulatory checklists. Crucially, performance metrics must be realigned: rewarding only short-term data acquisition defaults teams to value-maximising behaviour. Incentives must instead reward long-term trust, brand integrity and sustainable customer value.

LLM-tools (Claude Opus 4.6 (adaptive), Gemini 2.5, GPT5 and DeepL) have been used for copy-editing. This has been done for improving clarity of language and grammar.