I remember - back in the days (1996 or so) - while working for a large retail company, the introduction of a loyalty card and the fierce public discussion regarding privacy. On average people seemed to be reluctant to give up their personal information, some were even outraged.
I remember - back in those days - that one of the shops of this retail company did a large restructuring. The shop was even closed for 2 weeks. The supermarket manager had the brilliant idea to reward its loyal customers with a pie in the opening week. So he wrote to his loyalty card members that they would receive a pie if they came to visit the new store in the first week of opening and showed their loyalty card.
So far, so good.
But people are strange. The customers with no loyalty card took notice of other customers leaving with a free pie. Guess what happened? In this first week of opening the number of loyal card holders doubled (!). People filled out their application form, activated their card and rushed to the ‘free-pie counter’.
In the decades that followed ‘we the people’ seem to be rather generous in giving our personal information to the public, or to be more precise, giving it to some company which business model consists of using this information for profit. I especially am weary of those companies I actually pay for a service (like a bank) and the company is using my data to increase revenues/profit for profit-sake, not increasing my customer delight IN ANY WAY. I already hear these companies saying; ‘well, you did agree with our 40-page-Terms-of-Use’.
Yeah right.
I consider myself a kind of a liberal, so I believe the individual is responsible for his own actions, but I increasingly find myself taking a non-liberal standpoint on the issue regarding privacy. One of the prime objectives of Government is to protect its citizens. And with privacy I think we need laws and institutions that guard our privacy.
The European union is responding with a new regulation that - when approved - does not need national law to enact on it. It will be considered law in 28 European countries instantly. This regulation, according to expert Daragh O Brien is the ‘single most heavily lobbied against piece of legislation EVER in the history of the European Union’. It will affect a lot of shady business models and it will have a MAJOR impact on companies collecting personalized data.
Companies will - by law - need Data Governance- and Data Protection protocols, officers, frameworks, etc.. This is a good thing in my opinion, but not good enough.
Companies will need to respond in order for them to comply to the laws and avoid legislation. But I find that a rather poor incentive. Laws and regulations will always drag after-the-fact, by definition they can not keep up with the acceleration-rate of technology and the ingenuity of people to game the system for their own personal benefit. If organizations will only comply to laws and regulations I kinda fear for the future of my kids..
Shouldn’t the incentive be: ‘I want my customers to regard me as trustworthy, reliable & honest’?
Shouldn’t the incentive be: ‘I want my customers to be delighted with my company, services and products’?
In the prelude of a world where we tend to 'datafi' everything (whether it be a car, an airplane, your heartrate, steps, calls, payments, bloodpressure, etc.) this becomes even more pressing. It might be an idea if organizations recognize that the ownership of data always remains to sit with the individual. Regard it as a property that is temporarily borrowed. A 'landmower' you borrow from your neighbour that you treat with the most utter respect, not because the law says so, but because 'that is the way we conduct ourselves'.
Ethics and morality come into play. We as a society need to establish ethical boundaries. Crossing these boundaries should be punished by the people. It will be the ‘moral of men’ that decide whether or not we act. By either not buying or using your products and services or by leaving a company that you do not want to work for.
Although I remain somewhat skeptical/cynical (see pie-example), I do think 'we' (working in the data industry) have the obligation to inform people, the organizations and ourselves as much as we can and to discuss this topic transparently.
In the afternoon of February 12 I will host a round-table organized by BI-Podium, ‘Information, Ethics and Privacy’ with amazing experts from various backgrounds: law, research, education, consultancy, security, government.
I invite everyone to come and join me in this discussion! Limited seating so be quick!
Hi Ronald,
Great that this important topic is on the agenda and the speakers for the round-table promises a lively and thorough discussion.
Just to add to the discussion, a few remarks:
* A good opinion article was published today in Het Financieele Dagblad about Big Data, its use and privacy issues. It actually takes a moderate stand against the upcoming EU data protection laws, or at least tries to nuance it a little. The point is made that simply analysing data should not be intrusive and subject to stringent protection laws. Rather, the debate should be about is being done with the analysis results. An example is given of a hospital. If a hospital uses patiënt data to analyse readmissions, with the objective of improving health care this should be OK. Still, in this case data must be anonymised, secured, and used in aggregated form. But if that patient data is used for profiling and submitted to insurance companies, in order to differentiate policy rates a line is crossed. This example illustrates different ways in which personal data is used.
* To draw a comparison, using personal data to improve *current* customer experience should be ok (also, in this example provided that customer have given consent). It becomes different when such data and its analysis is used for new incentives and promotions; especially events or proposals customers didn't ask for. Then it may become intrusive.
* finally, the discussion about data ownership. It find this troublesome. In the case of a retailer, who owns the data seems to me a difficult question. There's a tendency to say that data remains the customer's. But didn't the customer engage in a transaction with the retail company? Goods were exchanged for - at least money. I think the (legal) question in this case, is whether the personal information the customer provided in the transaction was also legally exchanged, i.e. the ownership of that data / information was exchanged. I'm not a lawyer so I don't know the answer. But for governance purposes privacy debates, getting some clarification on this point is most welcome.
Great and important topic. Hope my contribution helps.
Wouter
Posted by: Woutervanaerle | Tuesday, January 20, 2015 at 01:20 PM
When I first signed up for a grocery store loyalty card (so I would qualify for the sale prices I previously got), I signed up as "Fred Flintstone." Eventually they enhanced their system to show the name to the cashier, and my wife got embarrassed to be called "Mrs. Flintstone." So, she got her own card. At least they didn't call her "Wilma."
I realize that they could track me as easily by the credit card I use. It irritates me to no end that my need for groceries makes them feel they have the right to keep a dossier on my purchases.
Posted by: George Dinwiddie | Monday, February 23, 2015 at 05:18 PM