British Airways made headlines in Britain last week with reports that it is in order to provide them with a 鈥減ersonal touch.鈥 As a BA spokesperson explained,
We鈥檙e essentially trying to recreate the feeling of recognition you get in a favourite restaurant when you鈥檙e welcomed there, but in our case it will be delivered by thousands of staff to millions of customers. This is just the start鈥攖he system has a myriad of possibilities for the future.
Under this 鈥淜now Me鈥 program, the airline will use Google Images to obtain photographs of business class passengers and combine that with other data on the customer鈥檚 history with the airline.
This is a very interesting case study for privacy because it definitely 鈥淏orders on Creepy,鈥 as put it, but it is also to some extent an attractive proposition.
In one respect it鈥檚 hard to complain when anyone accesses information about you that is on the internet and available to the whole world. Yet鈥 despite the fact that search results are indisputably public, many people do find the prospect of strange individuals or institutions poking around their online profiles to be unsettling. Here we enter the muddy world of expectations and social norms (which I鈥檝e discussed before in the context of email spam and speeding tickets). Having a company compile publicly available information about us may not violate any privacy laws, but it鈥檚 something that could be described as rude.
At the same time, if we鈥檙e honest, in many situations it is very nice when a company evinces some memory of our past interactions. One of the frustrations of dealing with a large organization is that typically, whenever we are transferred from one branch to another, the new branch has no knowledge of what we鈥檝e already been through. Think about getting exasperated as you say to the latest person to come on the line, 鈥渓isten, this is the third time I鈥檝e been transferred, and the fourth time I鈥檝e had to call about this problem. 鈥 Perhaps you want to add, 鈥淒o you have any idea what a good customer I am? I should be getting some special treatment here!鈥
This is what Jeff Jonas of IBM calls 鈥.鈥 Curing such amnesia is seen in the corporate world as important to provide better customer service鈥攁nd also by some to manipulate customers, squeeze maximum profits out of them, score their financial value or 鈥渞iskiness,鈥 or provide security. (Strangely enough, these are also many of the same motivations for data mining, as I discussed in this post.)
But if you鈥檝e been through hell on a trip, delayed on multiple segments, maybe the victim of some bureaucratic screwup鈥攚ho would not want to have flight attendants on your last segment recognize your pain (even that can be enough) and maybe take some steps to make up for it? The pleasure we get from simple recognition and the feeling that we have a relationship with an institution (to put it in good terms), or the cheap status thrill from being treated as 鈥渟pecial鈥 (to be more cynical), is one engine driving the increased collection and retention of data today. Enterprise amnesia is something that businesses hate鈥攂ut we need to recognize that often, customers also hate it. This is one driver of the explosion of loyalty programs, and this British Airlines effort is in some ways a logical psychological extension of that explosion. We are also seeing rising expectations that companies DO recognize us and our history of interactions with them.
So where does that leave privacy?
First of all, it鈥檚 important to keep in mind that while customers often hate enterprise amnesia鈥攕ometimes they might want it. Kashmir Hill of Forbes the right question in this regard:
I asked [BA spokesperson] Talling-Smith about possible downsides for fliers, such as the system remembering that they got soused last time they flew and insulted an attendant. 鈥淚t鈥檚 not intended to record something like that,鈥 he says.
That鈥檚 great鈥攂ut take a look back up to the top of this post where I quote another British Airways spokesperson, who declares that the current program 鈥渋s just the start鈥 and has 鈥渁 myriad of possibilities for the future.鈥 Sometimes we want a relationship, but sometimes we don鈥檛. Sometimes we just want to be anonymous. While we can no longer be truly anonymous while flying, we can in most other contexts鈥攁nd even on an airplane might not want our flight attendant to know a bunch of things about us. Especially if, as British Airways suggests, what we鈥檙e talking about grows and grows.
Which is why we must return as always to a few touchstone privacy principles:
鈥 First, individuals should have control. They shouldn鈥檛 be subject to information collection like this without giving permission. That doesn鈥檛 mean that a company shouldn鈥檛 reveal their data collection without permission, it means they shouldn鈥檛 collect the data without permission. As The Register , it doesn鈥檛 do much good if a customer opt-out just results in their not being approached鈥攔ather than the data not being collected.
鈥 Second, companies should not be compiling data beyond what they use for specific purposes that customers have opted in to.
鈥 Finally, customers now expect that companies that they have relationships with will in many cases know something about them, and remember their past interactions. What they most definitely do not expect is that other, third parties, will be collecting cross-relationship information about them. On the internet, for example, when they log in to a site they may expect the site will remember what they do鈥攂ut they do not expect that a third party advertiser will be tracking their behavior there, and across numerous sites. That practice is of course widespread and is what the 鈥Do Not Track鈥 battle is all about.