Data privacy issues have been at the forefront of our reporting of late: Whether it’s the impending General Data Protection Regulation (GDPR) legislation soon to become EU law, or the backlash over consumer privacy violations facilitated by connected devices in the home, the clash between marketers’ desire to understand our behavior and consumers desire to protect their privacy seems to be coming to an early head. Now the latest news out of the UK finds search giant Google leveraging shopper loyalty card data to link purchase behavior to search advertising effectiveness. Google doesn’t believe they need your permission to do so. Are they correct? The debate rages on.
By Rick Ferguson
In the United States, where consumer privacy concerns generally go to die, Google has already come under fire for similar practices via a lawsuit from the Electronic Privacy Information Center (EPIC). In this case, Google collects billions of transactions from credit and debit card purchases and uses proprietary algorithms to link those purchases to the company’s own search advertisements. Long considered the “holy grail” of marketing measurement, the ability to link online browsing to offline purchases would both transform marketing effectiveness and, not coincidentally, send Google profits into the stratosphere.
The only problem: the pesky question of consumer privacy rights. Maybe you don’t care whether Google tracks your online habits and then links that behavior to your in-store purchases; EPIC does, and they aim to bring Google to account over all this spying.
Money quote from the Washington Post:
“‘What’s really fascinating to me is that as the companies become increasingly intrusive in terms of their data collection, they also become more secretive,’ said Marc Rotenberg, executive director of the Electronic Privacy Information Center. He urged government regulators and Congress to demand answers about how Google and other technology companies are collecting and using data from their users.”
In the UK, Google is launching a similar program. Thanks to stricter privacy laws, Google is limited to leveraging loyalty card data, which both Google and Facebook have leveraged in the US prior to Google’s new credit and debit card initiative. Even though loyalty program members are typically aware that their purchases are being tracked, the outcry in the UK is similar to that in the US.
Money quote from the Telegraph:
“A spokesman for Big Brother Watch said: ‘It is all well and good for customers to be told that their data will be shared with third parties but what does that actually mean? We rarely have any idea that a third party could mean a multinational behemoth like Google.
“‘Next May new data protection regulations will be enforced. Companies will need to be transparent with people about how their data is used. Those that share our shopping transaction data with Google would be wise make that clear rather than allowing them to hide behind “third party” status. We should know who is analysing our data and be given the control to deny access without a denial of service.'”
Rotenberg is correct in this analysis; part of the impetus for the EPIC lawsuit is Google’s obstinant secrecy: They decline to reveal how merchants obtain consent to pass along credit card information, which third parties have access to it, or how they can link consumer purchases to online behavior. Instead, they issue blanket statements assuring consumers that they only aggregate the data, and do not reveal nor share the data on any individual consumer. The secrecy, rather than the program itself, leads to the backlash.
Of course, organizations such as EPIC in the US and Big Brother Watch in the UK also have an agenda; their continued existence depends on them uncovering and then filing expensive lawsuits against perceived ethical and privacy violations. Still, the concerns are real. As consumers, we have nothing but Google’s word that they’re protecting our data, which, in addition to our shopping habits, also may reveal information about our financial health, our medical conditions, or aspects of our personal behavior that we’d rather not any party have access to via the cloud.
There is another way, one that would allay privacy concerns and fend off criticism: make the whole endeavor transparent. Google could brand the program, invite consumers to opt in, and then work with merchants and issuers to reward them for their participation. What is currently a secretive, shady program of spying on consumers becomes instantly a virtuous cycle in which Google provides a demonstration of clear value to merchants, rewards and recognizes consumers, and mints money for itself in the process.
So why don’t they? Because it’s easier for Google to settle lawsuits, pay fines, and then go about their merry way. That leaves real change in the hands of lawmakers – and even as GDPR may force that transparency in Europe, there is no such incentive forthcoming in the US. The company whose mission statement was once “Do no evil” may not being doing evil in this case – but they have little incentive to focus on doing good.
Rick Ferguson is Editor in Chief of the Wise Marketer Group.