1. Introduction
The emergence of digital technologies has brought forth the rise of big data. Capturing and transmitting data has been facilitated by information technologies and the growth of internet capacity in recent years (Mani, 2015). The magnitude, rapidity and diversity of the data produced has revolutionized business decision making (Erevelles et al., 2016). More specifically, however, these advances have aided marketers in identifying various patterns, insights, and relationships that, in turn, has allowed them to capitalise on this new asset. The problemitization of big data begins to surface when approached from an ethical point of view and when addressing privacy and security, especially in areas like consumer data (Ekbia et al., 2015).
Customer analytics is at the epicentre of the big data revolution; and the study of consumer analytics is the marriage of big data and consumer behaviour (Erevelles et al., 2016). Customer analytics is deriving and exploiting hidden insight about consumer behaviour through the interpretation of data (Erevelles et al., 2016). The influx of companies shifting to digital marketing activities has enabled them to further develop their relationship marketing strategies facilitated by various types of data (Davenport et al., 2007). Capturing, generating and analysing customer data has intensified with the rise of the internet and has allowed marketers to study customer habits, understand them on an intimate level, and know what they want before they do (New York Times, 2012)(Davenport et al., 2007). Recent technologies have enabled a plethora of rich data to be collected on each consumer, which provides behavioural insights that can then be translated into a market advantage (Erevelles et al., 2016).
New technologies have encouraged policymakers to reconsider the definition and role of privacy, especially in terms of customer data (Ekbia et al., 2015). Ethical implications surface when considering the sources, methods, and uses of the data obtained (Mani, 2015). The recurring issues of privacy, security, and integrity are highlighted when considering the use of customer data (Kallinikos & Constantiou, 2015). The ultimate privacy challenge and underlying ethical dilemma that firms face is the use of customer data that is being generated and analysed without consumers’ knowledge or in ways not apparent to the consumer (Ekbia et al., 2015). Seemingly, inadequate data protection solutions exist that don’t give equal weighting of best interest to individuals and businesses (Ekbia et al., 2015). In this paper, the author will argue that when considering the use of customer analytics, a two-sided dilemma exists with regard to businesses and consumers. The paper examines various data management solutions and concludes with prospects for future privacy improvements.
Types of Customer Data
Data is continuously growing due to the constant generation and aggregation of data from various devices and sources (Mai Le & Liaw, 2017). With the aid of multiple channels both online and offline, large corporations (i.e. Target, eBay, Amazon) process more than a million customer transactions per hour (Brown et al., 2011). Customer data can be collected from a wide range of sources and devices including transactional data (i.e. mobile and e-commerce transactions, loyalty cards), behavioural data (i.e. internet clicks, purchase behaviour), social data (i.e. user-generated content, social media), and mobile data (i.e. sensors, geolocation data) (Kallinikos & Constantiou, 2015; Erevelles et al., 2016; Ekbia et al., 2015).
Traditionally, customer data involved structured transactional data (scanner, record files), now, however, unstructured behavioural data (blogs, texts, videos, images) are collected as new technologies have become more prominent (Erevelles et al., 2016). Third parties tend to track and aggregate consumers’ viewing and shopping habits on websites through the use of tracking cookies to collect transaction and browsing data (Krishnamurthy & Wills, 2010). Similarly, advertisers can send targeted marketing messages to consumers by using online social networks to identify their geographic locations and private information (Ekbia et al., 2015). Online retailers are now able to modify e-commerce websites in real-time based on internet click streams and consumer preferences (Brown et al., 2011). For example, when a customer is close to making an online purchase, retailers can nudge the transaction by offering various promotional techniques like bundled products and offers.
Furthermore, a distinction between personal data and sensitive personal data is essential when referring to customer data. Personal data refers to data that relates to an individual and can be traced back to them (ICO, 2018). Personally Identifiable Information (PII), more commonly referred to as sensitive data, is defined as information that can distinguish an individual’s identity (Krishnamurthy & Wills, 2010) For example, racial or ethnic origin, political opinions, religious beliefs, health conditions or sexual life of an individual (ICO, 2018). Vast amounts of sensitive customer data, like credit card information, address details and shopping behaviour, are aggregated and analysed to enforce real-time customization and adjustments (Barton & Court, 2012). This paper takes into account all types of customer data collected by firms for marketing purposes and considers “customer data” to include both personal and sensitive data.
2. Business Perspective
Intensified competition has placed a great deal of pressure on firms to devise new means of adding value to their customers (Mani, 2015). The ability and capacity for a firm to adapt to changing environments allows them to successfully compete in the market. Big data has provided firms with the information needed to make current, accurate and evidence-based decisions that increases their adaptive capacity, which in turn, allows them to beat competitors (Erevelles et al., 2016). Academic research found that organizations that utilize customer analytics to guide their decision-making saw higher returns on equity than their competitors (Brown et al., 2011). Analytics is an important tool that allows organizations to formulate strategies and tactics to gain a much-needed competitive advantage and ultimately to becoming market leaders (Mani, 2015). Brown et al. (2011) add that data usage transforms a company’s processes and facilitates innovation. As firms capture and analyse the huge volume and variety of data available, product and service customization and novel business models will emerge, providing them with new means of competing in the market (Brown et al., 2011).
Germann et al. (2014) claim that a positive relationship exists between the utilization of customer analytics and overall firm performance. The use of customer analytics enables firms to obtain meaningful insights, engage and connect with customers, and benefit financially (Germann et al., 2014). Additionally, marketers seek to study customer habits in order to predict demand and service customers more accurately in a customized and personalized process. This is accomplished by using data to segment and target customers and making real-time personalization possible on various platforms (Brown et al., 2011). The ability to analyse data has become increasingly more fine-grained (New York Times, 2012). Tracking individual user behaviour and attempting to convert first-time customers into regular customers is further enhanced by the use of data (Mai Le & Liaw, 2017). Data mining and predictive analysis provides firms with not just consumers’ shopping habits, but also their personal habits and preferences in order to more accurately market to them (New York Times, 2012). Data is commonly leveraged from loyalty programs which allows firms to reap greater profits by promoting the purchase of higher-margin products from its most lucrative consumers (Brown et al., 2011).
While examining the impact of big data on marketing activities, Erevelles et al. (2016) suggest that the three resources; physical, human and organizational capital, enable firms to better exploit the benefits. Data has become a new form of corporate asset that can be capitalized by firms and serve as a key basis for competition (Brown et al., 2011) Since data improves a firm’s competitive advantage and creates value to the customer, it is considered a valuable resource (Brown et al., 2011). A firm’s dynamic capability is enhanced when they use innovative consumer insight that is extracted from big data which further allows a firm to enhance its dynamic and adaptive capability (Erevelles et al., 2016). Data collected allows a firm to improve its performance and modify its strategy to better meet consumer demand (Erevelles et al., 2016).
This is exemplified in Kroger, an American supermarket chain, where customers are tracked based on the purchases they make using the shopper’s loyalty card. The data obtained allows Kroger to gain customer insights and opportunities to engage with them in a meaningful, personalized manner (Germann et al., 2014). Similarly, Target uses consumer insights to predict consumer behaviour (Watson, 2014). Utilizing predictive data allows firms like Target to regulate customers’ purchases in order to capture sales before competitors, as well as strengthening a deeper customer relationship (Erevelles et al., 2016). For example, Target used customer data and algorithms to predict the due dates of expectant mothers in order to send personalized coupons for baby items (Watson, 2014).
3. Customer Perspective
The use of consumer data by firms provides customers with a more tailored shopping experience, personalized offers and recommendations, as well as improved customer service (Watson, 2014). When customers shop online, they are met with an overwhelming amount of product information. The use of customer analytics enables firms to filter out irrelevant products online and provide customers with an individualized selection of offers. As a result, customers experience a faster and more efficient means of gathering information online whilst shopping (Mai Le & Liaw, 2017).
The essence of marketing involves offering the right product or service to the right consumer for the right price via the right channel at the right time to reap the greatest benefit (Mai Le & Liaw, 2017). Taking an affirmative view, Mai Le & Liaw (2017) praise customer analytics for its ability to ensure that accuracy and relevant data is offered, constantly and in real-time throughout the process. Amazon, for example, offers different homepages for each individual based on data collected from various sources (Nadler & Mcguigan, 2017). This ensures that the products shown are useful, detailed, and accurate for the consumer. Offering customization on e-commerce sites further enhances a shopper’s experience and will stimulate a customer’s desire to buy products, which increases customer satisfaction (Mai Le & Liaw, 2017). This is also translated offline when a customer receives personalized coupons and offers. For example, a customer who has just purchased a coffee maker might highly value a coupon for ground coffee beans.
Popular e-commerce sites use algorithms and collaborative filtering to further customize websites to each individual customer (Konstan & Reidl, 2012). Automated recommender systems utilize a range of algorithmic techniques (i.e. cold start, association rules, clustering etc.) and customer data (i.e. past purchase behaviour, browsing history, demographic) to suggest the most relevant information to users (Mai Le & Liaw, 2017). The accuracy of recommendations requires customers to provide personal information on their hobbies, preferences and demographic data. In return, the system can then identify products that might interest the customer and filter the webpage accordingly (Konstan & Reidl, 2012).
Borders, for example, stresses on the importance of being customer-centric and utilizing customer data to better serve their customers (Davenport et al., 2007). David Norton states, “it is not just about what the information can do for you, it’s about what you can do for the customer with the information” (Davenport et al., 2007).
Dynamic pricing refers to altering prices according to a customers’ location and willingness to pay (Hiltbrand, 2013). Dynamic pricing models are often associated with customer data as e-commerce sites attempt to maximize their profits while still attempting to attract customers (Mai Le & Liaw, 2017). This pricing strategy incorporates economic concepts of supply and demand, such as “increasing the price of a good would decrease a customers’ demand for the product” (Hiltbrand, 2013). This is typically achieved by using algorithms that determine the ideal price point of each individual and their willingness to pay to ensure that a transaction occurs (Hiltbrand, 2013). According to Mai Le and Liaw (2017), customers benefit from this method as it allows customers from different economic backgrounds to locate products in their price range, in turn, maximizing consumer value. This is further reinforced by Brown et al. (2011) who believe that both consumers and businesses benefit from the economic surplus that big data can generate as it lowers prices for consumers, and allows for a better alignment of products and consumer needs. For example, an insurer can use customer data (i.e. profiles of customer risk, changes in wealth, home asset value etc.) to tailor insurance policies for each consumer.
4. The Dilemma
Despite the abundance of benefits, customer analytics presents a variety of drawbacks that are just as adverse to both businesses and consumers. The emergence of social media networks has expanded the amount of personal information on the internet (Krishnamurthy & Wills, 2010).Collecting large amounts of sensitive customer data intensifies privacy and security challenges that firms must consider (Jagadish et al., 2014). The risk lies in the misuse of customer data where consent is not directly given and customers are unaware of how their data is being utilized by firms. The line between ethical and unethical use of customer data is thin and abusing this advantage is not only detrimental to a firm’s reputation but, also critically damages the relationship between the firm and customer (Jagadish et al., 2014). Neglecting customer privacy emits a “profit-hungry corporation” image to customers that directly implies; “we don’t care about you”.
Krishnamurthy and Wills (2010) state that there has been an increase of targeted advertisements on first-party servers from third-party servers. Large scale data breaches, where external parties gain unauthorized access to customer data, have become more apparent and severely affect a firm’s image (Kude et al., 2017). As firms increasingly use individually targeted marketing messages to reach their consumers, information practices may conflict with the information privacy rights of consumers (Son & Kim, 2008). A recent example includes allegations against Cambridge Analytica, a data analytics firm, which used personal information from more than 50 million Facebook profiles without user permission (Greenfield, 2018). The data was used to create personalized political advertisements targeted at US votes based on their social media profile (Greenfield, 2018). Another example is exemplified in the widely known Home Depot data breach where infected registers in-store extracted data from swiped credit cards (Kude et al., 2017).
Research shows that many consumers have little understanding of how companies are using their data (Clemons et al., 2014). When agreeing to certain terms and conditions, customers unknowingly give permission for businesses to track their buying behaviour and transactional data in order to generate highly accurate profiles of them, both online and in-store (Davenport et al., 2007). Initially, consumers are hardly concerned about their data, however, as they begin understanding the potential uses of the data, their concerns are heightened (Clemons et al., 2014). On the other hand, however, a study conducted by SAS revealed that 60% of 1,260 respondents still expect businesses to understand their needs and preferences (SAS, 2013). Furthermore, Mai Le and Liaw’s (2017) findings showed that personalized sites, recommendation systems and dynamic pricing has a significant positive effect on customers’ responses.
Although critics argue that in some instances customers voluntarily give their data, Davenport et al. (2007) argue that it does not signify that customers have agreed for their data to be used in unintended and unexpected ways. Rather humorously, Wheaton (2015) compares this concept equivalent to looking into someone’s trash to figure out what to buy them for Christmas, and then claiming that they put their trash out voluntarily. It appears to be an unspoken agreement that customers consent to organizations using their data with the assumption that firms would use it to enhance their experience ethically and transparently.
Privacy remains a concern for active users on digital platforms, however, they still voluntarily reveal personal information (Kokolakis, 2017). The “privacy paradox” refers to users’ inconsistency in privacy attitude and privacy behaviour (Kokolakis, 2017). Carrascal et al.’s (2013) study found that online users consider their online browsing history to be of equal value to a Big Mac meal. In contrast, other research has shown that online consumers highly value their privacy and security and are concerned with the collection and use of their personal data (TRUSTe, 2014). Consumers tend to perform a cost-benefit analysis when considering their personal data. Most users are willing to sacrifice their personal information (cost) in order to gain a wide range of services online (benefit) (Carrascal et al., 2013). It is clear, however, that most users are not fully aware of the value of the data they are trading away, let alone the methods and processes that it undergoes (Carrascal et al., 2013). Similarly, Wheaton (2015) claims that although marketers can now target consumers with high precision, consumers do realize this yet they still log on to Facebook and share all their personal information or click “approve” when a mobile app asks if it can track their location.
Adopting a more cynical approach, Nadler and Mcguigan (2017) argue that while marketers claim that the collection of customer data is beneficial for the consumer due to increased customization and rewards, their genuine intentions are not in the right place. Various authors raise the issue of customer surveillance and its ability to pose serious threats pertaining to market discrimination and social control through the use of skewed power over customer data (Turow, 2006; Stole, 2014; Nadler & Mcguigan, 2017). Using economic assumptions that consumers are perfectly informed and rational, it is argued that consumers trade their personal information for the added benefits (Turow, 2011). Stole (2014) rests on behaviour science theories to argue that the collection of customer data enables marketers to manipulate customers and targeting their vulnerabilities to nudge the decision-making process. Furthermore, Nadler and Mcguigan (2017) augment this argument by claiming that marketers apply behaviour science techniques to identify cognitive and affective vulnerabilities in consumers to further target them. The conversion of conscious and unconscious consumer patterns into data sets and alogorithms exemplifies how accurately marketers know their consumers (New York Times, 2012).
5. Data Management Solutions
Patterns emerged when researcher Watson (2014) reached out to various companies that utilize big data or provide big data analytic service in order to understand how they deal with privacy and ethical issues pertaining to their customers. His research concluded that privacy issues concerning big data are becoming increasingly more significant and companies are becoming more cautious about how they use big data analytics (Watson, 2014).
Customer analytics is essential for businesses to understand the needs of their consumers, however, firms need to be cautious when approaching intrusive user data. Although considered outdated, Son & Kim’s (2008) definition of information privacy emphasizes the importance of an individual having the ability to control when, how, and to what extent their personal information is used and shared, which still applies today. Consumers continue to seek new ways of protecting their privacy, while still enjoying the benefits offered to them which appears to be one or the other. In order to gain access to services offered, both online and offline, consumers are compelled to disclose their personal information (Whitley, 2009).
Various data management mechanisms need to be implemented to protect the privacy of individuals and to adhere to the lawful processing of customer data. Firms, especially marketers, should embrace and adopt new technological opportunities in order to adapt to changing environments. Promoting ethical behaviour that is transparent and honest with consumers will reap more sustainable benefits for businesses than imposing their way into consumers’ lives.
Organizations need sufficient safeguards in place to limit what data is allowed to be collected and used (Watson, 2014). Technology can play an important role in helping companies adhere to code of ethics and strict regulations for protecting consumer data. As data grows and becomes increasingly more complex and varied, technology can help to decipher and interpret the data in order to attain useful insights (Erevelles et al., 2016). As a consequence, the GDPR, the new data protection law coming into force on May 2018, presents stricter regulations pertaining to the collection, aggregation and analysis of customer data (EU GDPR, 2018).
Ensuring the protection and privacy of consumer data requires a team effort (Watson, 2014). For example, legal departments ensure the adherence to regulations, the IT staff maintain a secure infrastructure, senior management understand the objectives for projects that require analytics etc. (Watson, 2014). Research shows that legal departments in companies are gradually becoming more involved in the decision-making process pertaining to big data analytics (Watson, 2014). However, areas for continued development and improvement still exist. The main purpose for strengthening measures of consumer privacy is the need to enhance trust in a society that is heavily technologically dependent. Methods typically taken to increase data protection include technological measures like anonymization and encryption as well as adhering to laws and regulations that emphasize the importance of consent and restricted unauthorized access.
Anonymization & Encryption
Businesses have become more attentive and cautious when using personally identifiable information (PII), especially with the approaching GDPR regulations (Watson, 2014). Anonymization and encryption are widely used to ensure that customer data is fully protected and safeguarded.
A common solution is anonymizing the data and instead, utilizing mass data to locate patterns and insights (Watson, 2014). Anonymization includes deleting certain information of individuals in databases so it could not be traced back to the individual (Ohm, 2010). The most troubling issue with anonymization, however, is that it does not guarantee nor ensure that the ability to still identify an individual is eliminated (Watson, 2014). Gross and Acquisti’s (2005) research has shown that identifying an individual merely requires knowing the date and city of birth as well as the last four digits of the social security number. Similarly, Ohm (2010) declares the ease in which computer scientists can reidentify and deanonymize individuals in anonymized data. Taking a more cynical approach, Wheaton (2015) views data anonymization as merely a gesture used by marketers and IT employees to ward off regulators. The ease in which data controllers can reidentify individuals, without the use of personally identifiable information, is still possible (Wheaton, 2015).
Encryption, on the other hand, is the process of converting data into unreadable code to prevent unauthorised access. Complex encryption techniques are often used to protect personal and sensitive information while still attempting to maintain the usefulness of the data, however, this leaves customers vulnerable to reidentification (Ekbia, 2015). More recently, the use of tokenisation, the distribution of a fake credit card number when an online transaction occurs, further protects the privacy of online users (Retail Week, 2011). PR Newswire (2014) announced the distribution of Customer Managed Keys (CMK), allowing consumers to control and manage the encryption keys that protects their data in the cloud. This ensures that no data can be shared without the consent of the customer and ensures that data assets are stored safely allowing only authorized users access (PR Newswire, 2014).
Laws and Regulations
Seemingly, inadequate laws and regulations are currently put in place that specifically seek to protect privacy of consumers and businesses that utilize big data analytics (Kude et al., 2017). Likewise, in the US, few laws exist that govern the collection, analysis and use of big data (Watson, 2014). Companies need to continually review privacy policies to fully understand what data is allowed to be collected, and how it is stored, analysed, and used (Watson, 2014). Laws need to specifically address consumers and must be consistent, reasonable, easy to understand and transparent (Clemons et al., 2014). Furthermore, data privacy policies must integrate thoughtful data management strategies to ensure the protection of consumers whilst not hindering effective marketing techniques (Mani, 2015).
Consent refers to giving consumers a real choice and control over their data (ISO, 2018). The use of customer data should be articulated and shared openly and transparently with customers (Davenport et al., 2007). Enabling user-centric data management techniques restores the control of individual privacy back to consumers. The EU regulation attempts to fortify consent requirements by making them more explicit, which is further reinforced by the newest GDPR regulations (Whitley, 2013). Whitley (2013) suggests that a more dynamic form of consent is needed as the issue becomes more prevalent in data protection and privacy. Although the UK’s Data Protection Act features consent regulations, it remains an ambiguous topic that is often disregarded (Whitley, 2013). The GDPR stresses on the importance of freely given, specific and informed consent that signifies agreement that their personal data is being processed (ISO, 2018). Son and Kim (2008) emphasize the concept of giving control over personal data back to consumers and the choice of being included in databases for targeted marketing and personalized services.
A great threat is the process by which the data travels (Mani, 2015). Customer analytics provides a variety of benefits and opportunities for firms, however, it also increase the threat of sensitive customer data being shared with external parties (Kude et al., 2017). Unauthorized use of customer data is common when an organization has not set up enough safeguards in place and database owners should be obligated to prevent any unapproved access (Mani, 2015). Data controllers must ensure that the collection, analysis and the sharing of data is protected and permission is granted by consumers (Mani, 2015).
Google recently informed their users how they are preparing to adhere to the GDPR requirements (Google, 2018). Changes include an updated EU User Consent Policy that emphasizes the importance of obtaining consent forms and making disclosures to end users Google, 2018). Google states, “You must obtain end users’ legally valid consent to the use of cookies” as well as “the collection, sharing, and use of personal data for personalization of ads” (Google, 2018). Most relevant to users, however, is the launch of new controls for Google Analytics where customers are now able to manage the retention and deletion of their own data. Among other changes is informing users of parties that have access to their data as well as easily accessible information about the use of the personal data.
6. Conclusion
Watson (2014) takes an optimistic approach regarding the future of big data privacy as research shows that more companies are taking precautions when using customer data. Taking on an ethical approach, Mani (2015) suggests a need of ethical alignment between individuals, organizations and the government. Accordingly, a clash of values results in ethical conflicts where one party breaches the rights of another (Mani, 2015). Ethics come into play when considering privacy, security and confidentiality. Ethical frameworks suggested by Mani (2015) propose a duty to do what is good for the majority instead of focusing merely on what is attained or achieved as an outcome.
Having read the literature, the researcher believes that although it is essential for firms to be proactive and adjust to changing external environments, firms have a duty to prioritize consumers and protect their data while using analytics. Consumers are faced with the decision between access to benefits offered to them or protecting their personal information. The perplexing matter remains that consumers are obligated to decide between one or the other, leaving them with two equally undesirable alternatives. The introduction of the GDPR in the following months is a call for reform concerning consumers and their privacy.
When should businesses draw the line? It seems like a simple answer. when the use of data benefits one party but puts the other in a deficit. When there is ethical misalignment. When an individual’s data no longer belongs to the individual. When a firm feels the need to conceal the real uses of the data or who the data is shared with. That is where the line should be drawn. Using data openly and with prior consent is a win-win scenario for all players in the field.
After reviewing the vast amount of literature on this topic, it appears that limited research addresses consumers and their views pertaining to the use of their data. More research should be conducted to fully understand the implications of utilizing customer analytics on consumers themselves. Further research would consider the quality and accuracy of the data collected and its implications on consumers. A look at the improvements of data protection after the introduction of the GDPR is essential in order to assess the changes being made in favour of stricter regulations. More research should be conducted on the success of encryption and anonymization, and the ability to reidentify an individual.