British Airways made headlines in Britain last week with reports that it is planning to do internet searches on customers in order to provide them with a “personal touch.” As a BA spokesperson explained,
We’re essentially trying to recreate the feeling of recognition you get in a favourite restaurant when you’re welcomed there, but in our case it will be delivered by thousands of staff to millions of customers. This is just the start—the system has a myriad of possibilities for the future.
Under this “Know Me” program, the airline will use Google Images to obtain photographs of business class passengers and combine that with other data on the customer’s history with the airline.
This is a very interesting case study for privacy because it definitely “Borders on Creepy,” as one headline put it, but it is also to some extent an attractive proposition.
In one respect it’s hard to complain when anyone accesses information about you that is on the internet and available to the whole world. Yet… despite the fact that search results are indisputably public, many people do find the prospect of strange individuals or institutions poking around their online profiles to be unsettling. Here we enter the muddy world of expectations and social norms (which I’ve discussed before in the context of email spam and speeding tickets). Having a company compile publicly available information about us may not violate any privacy laws, but it’s something that could be described as rude.
At the same time, if we’re honest, in many situations it is very nice when a company evinces some memory of our past interactions. One of the frustrations of dealing with a large organization is that typically, whenever we are transferred from one branch to another, the new branch has no knowledge of what we’ve already been through. Think about getting exasperated as you say to the latest person to come on the line, “listen, this is the third time I’ve been transferred, and the fourth time I’ve had to call about this problem. “ Perhaps you want to add, “Do you have any idea what a good customer I am? I should be getting some special treatment here!”
This is what Jeff Jonas of IBM calls “enterprise amnesia.” Curing such amnesia is seen in the corporate world as important to provide better customer service—and also by some to manipulate customers, squeeze maximum profits out of them, score their financial value or “riskiness,” or provide security. (Strangely enough, these are also many of the same motivations for data mining, as I discussed in this post.)
But if you’ve been through hell on a trip, delayed on multiple segments, maybe the victim of some bureaucratic screwup—who would not want to have flight attendants on your last segment recognize your pain (even that can be enough) and maybe take some steps to make up for it? The pleasure we get from simple recognition and the feeling that we have a relationship with an institution (to put it in good terms), or the cheap status thrill from being treated as “special” (to be more cynical), is one engine driving the increased collection and retention of data today. Enterprise amnesia is something that businesses hate—but we need to recognize that often, customers also hate it. This is one driver of the explosion of loyalty programs, and this British Airlines effort is in some ways a logical psychological extension of that explosion. We are also seeing rising expectations that companies DO recognize us and our history of interactions with them.
So where does that leave privacy?
First of all, it’s important to keep in mind that while customers often hate enterprise amnesia—sometimes they might want it. Kashmir Hill of Forbes asked the right question in this regard:
I asked [BA spokesperson] Talling-Smith about possible downsides for fliers, such as the system remembering that they got soused last time they flew and insulted an attendant. “It’s not intended to record something like that,” he says.
That’s great—but take a look back up to the top of this post where I quote another British Airways spokesperson, who declares that the current program “is just the start” and has “a myriad of possibilities for the future.” Sometimes we want a relationship, but sometimes we don’t. Sometimes we just want to be anonymous. While we can no longer be truly anonymous while flying, we can in most other contexts—and even on an airplane might not want our flight attendant to know a bunch of things about us. Especially if, as British Airways suggests, what we’re talking about grows and grows.
Which is why we must return as always to a few touchstone privacy principles:
• First, individuals should have control. They shouldn’t be subject to information collection like this without giving permission. That doesn’t mean that a company shouldn’t reveal their data collection without permission, it means they shouldn’t collect the data without permission. As The Register points out, it doesn’t do much good if a customer opt-out just results in their not being approached—rather than the data not being collected.
• Second, companies should not be compiling data beyond what they use for specific purposes that customers have opted in to.
• Finally, customers now expect that companies that they have relationships with will in many cases know something about them, and remember their past interactions. What they most definitely do not expect is that other, third parties, will be collecting cross-relationship information about them. On the internet, for example, when they log in to a site they may expect the site will remember what they do—but they do not expect that a third party advertiser will be tracking their behavior there, and across numerous sites. That practice is of course widespread and is what the “Do Not Track” battle is all about.