Last week the world was rocked by the discovery that Apple iPhone users were being tracked. Apparently a users co-ordinates were being stored along with a date/time stamp on both the users phone and their desktop when synced. Even worse, it was then reported that this information was being sent back to Apple. Like something from a Bond novel, Apple was tracking the activities of millions of people, just waiting for when it could... well therein lies the question.
What exactly was Apple doing with this data and why were they collecting it? In fact, why do we care so much when we're all giving away our data every day. Was this just a slow news day or is there really an issue here?
Data privacy is a strange beast. On the one hand people are getting all worked up about Apple collecting location data (despite indicating this within it's terms and conditions) and on the other people are using the very same devices to check into Facebook Places, Foursquare or Color providing a wealth of location information (and photos) for all the world to see.
It seems that people don't have a problem with the data itself being collected or shared, its the fact that they didn't seem to know about it that is at issue and that they don't know why.
Google had the same issue when it was mapping it's Street View product. As well as collecting images of the streets it was mapping, it was also collecting WiFi information on the networks it came across. This has caused outrage at a national level with governments (and the EU) clamouring for an explanation, yet as F-Securereported, Skyhook has been doing this for years and nobody bats an eyelid. Indeed, it was recently reported that Google has stopped collecting WiFi data from Street View as it can now do this via the handsets (just like Apple)
BT also fell foul of this public feeling when its "service" Phorm started tracking users web visits (initially secretly) to provide better targeted advertising. There was an online privacy backlash which resulted in a European commission investigation and the service being pulled. At almost the same time however, Nectar was announcing a new service which seemed to do a similar thing, targeting advertising to people based on their behaviour. Called Consumer Connect, it serves up online adverts through Yahoo to opted in customers based on their offline shopping habits with Nectar. There was however no consumer backlash and it was reported positively in the media.
It seems then that our reaction to data privacy is based on the context of how the data is obtained and used, not just the data itself:-
- Value Exchange - Do we understand why the data is being collected and what we get from it. Skyhook collect data to provide location based services which work in tandem with other technologies to map your location - thats useful. Both Google and Apple may have had the same intention but this isn't obvious. Increasingly consumers understand the value of their information and are willing to "trade" it in order to receive other benefits.
- Clear Boundaries - With BT Phorm all web usage would be tracked to serve up better ads. This feels a little too broad and unecessarily intrusive. With Nectar Consumer Connect, users are clear about what data is being utilised, it's their shopping details, something most people realise is already being used for offline targeting of offers already.
- Permission - Consumers like to do things on their terms. I can choose to share that dodgy photo on Facebook (although I may regret it later), I can choose to share my location when I check-in and increasingly I can choose to share this through services like Facebook Connect. However, when this information is simply taken without permission we feel aggrieved.
With data increasingly being monetised across many organisations, whether it is credit card transactions, loyalty programme transactions, web visits or phone calls, all of this information says something about us and has real-world value to many others.
This also means that increasingly companies may be collecting or using information in a way which consumers didn't expect. It doesn't matter if this usage is buried in your terms and conditions (Apple clearly stated they were collecting GPS information) - if it's not obvious to your customers then you risk a backlash from them when they find out.
This isn't hard though; just take a look at the Tesco Clubcard Customer Charter and Privacy Policy. This isn't pages of small print. Instead it's a plain English explanation of what Tesco will do with your data, how this benefits you and what to do if you don't want it.
If we want the benefits that come from increased usage of customer data we need to remember that ultimately it's the customer's data. Always ask permission as begging forgiveness rarely works.