Commentary

A Privacy Step Too Far For Google?

Google has always skating on pretty thin ice with the EU, and its latest project is almost guaranteed to provoke the ire of privacy campaigners across the continent. At the very least, its latest proposed project will almost certainly need revision by next May when new privacy and data processing regulations are introduced across the trading bloc.

The project? Well, Google already looks at credit and debit card payments in-store in the US and circles that back to browsing behaviours to better understand customer journeys. Now, the tech giant has revealed it has run a similar pilot with an undisclosed UK retailer and plans to roll out the service toward the end of the year. 

The UK in-store data comes from loyalty card holders, which it is planning to combine with its own search and web-browsing history to better understand what online activity may have prompted a person to convert in-store. It's easy to see the worth in this. An in-store retailer has no real idea why someone decided to buy a particular product on a particular day from them, and not someone else. Being able to look at the customer journey could surely only help.

The type of patterns they will be looking for are certainly notable events, such as being exposed to the retailer's digital display, even clicking on a display ad (as if!) and searching web pages for similar items. What search terms were used? Was the retailer considered in the search process? Was it PPC or SEO that earned them the click and the research time, which may well have led to the purchase? Or had the person simply opened an email promotion for the item that was sent to their Gmail account?

These are very obvious questions which, if answered, would help shine a light on the dark area in brands' understanding of how what they do online impacts what happens in-store. I would raise the question that presumably a lot of this could be done by the brand itself. It would certainly know whether a person, identified by their loyalty card, is on its email list and received a relevant promotion, or if they have recently been running a display campaign for the item. Google would obviously know more, but the retailer could make some assumptions.

The issue with this project, however, is that it all seems a little Big Brother, doesn't it? When I hand over my loyalty card for points and savings I am likely to be unaware that I have agreed to third parties sifting through the data. Going back and comparing it to the wealth of data Google knows about me is a little spooky.

Now, Google does claim that this is all anonymised, so the findings are generic. You can imagine a report that tells a clothing store that sales of a little black dress soared x% the weekend after the item headlined a weekly fashion email or people who searched for "little black dress" were 10x more likely to buy as those looking for a blue outfit. The internet giant is not claiming granularity down to the point of reporting on individuals, just the general findings that people who bought x were most likely to have been exposed to y. 

The trouble is, I am identified when I hand over my loyalty card and the email stored for me by the shop is likely to be my Google ID. After all, that's how it works -- that's how Google knows the rest of the story behind my in-store visit. It may well get anonymised, but at some point Google has to know who I am for any of this to make sense and for the results to mean anything.

How you feel about that will vary. I'm never too upset about retailers probing my behaviour to find out which marketing works best. Mind you, I'm a part of the adland scene. There will be plenty of shoppers out there, not to mention privacy campaigners, who will find this a step too far. When you show your loyalty card, you don't expect the details to prompt Google to check up on what you've been doing online recently. There's something that doesn't quite sit right about it.

Which brings us to the introduction of new privacy and data protection regulations coming in within the EU next May with massive fines. I suspect their introduction is what is prompting Google to get in ahead of time to act in a grey area of permission whereby a retailer will have said data might be shared with third parties, which it does not need to disclose. 

I'm no lawyer, but from next May what Google is proposing, to my mind, will need to be far more transparently flagged up with a tick box for consumers to offer their consent. It will be interesting to see how this pans out. A couple of years ago I listened to a lawyer speak not so much about these specific new laws, which were not formally written down at the time, but of personal information. Her advice to the internet giants is that if there is anything you hold that identifies a person, it's personal information, no matter whether you allow it to be interpreted as personal information or randomised in some way. It was, she admitted, a tough interpretation of the law -- but it would be one the authorities might choose to adopt if the tech giants continue to gather personal data and then anonymise to avoid legal challenge. 

It could yet come to pass that the EU says if you've taken data from a loyalty card ID and matched it to a Google ID to make some in-depth data discoveries, you can't later claim it was not personal information.

Regardless, I think this will get a lot of privacy campaigners very hot under the collar and will mean retailers are loathe to progress unless they have explicit permission from consumers to do so. It's an interesting project but I suspect the noise it creates might mean brands duck away. 

Next story loading loading..