Even the most cursory examination of profile-driven
personalization exposes a concept laden with data privacy challenges,
especially in heavily regulated territories such as the European Union.
Personally identifiable information, the very data oil which
fuels personalization, carries additional protection responsibilities, but
that’s just the beginning. Add in geolocation data and links to travelers’
social media profiles plus, potentially, medical records, and the potential for
misuse (especially if stolen) becomes significant.
“As we’ve all experienced with personalization, there is a
fine line between a magical offer and a creeping suspicion that someone is
watching,” said Will Pinnell of BCD Travel. “Increasingly, TMCs will need to
provide transparency in how that personalization is generated. The service and
recommendations should delight, not frighten, the traveler.”
Complex ethical issues also arise over the creation of
personas: predicting what travelers may like because of a demographic group to
which they belong. That may be innocuous if they are identified as, say, a road
warrior, but profiles also provide insights into, for example, religious
identity based on stated meal preferences, or sexuality based on who is listed
as next of kin. “We start to push ourselves into areas of discrimination and
bias if that data is in the wrong hands,” said Samantha Simms, CEO for The
Information Collective, which advises on data privacy matters for travel and
other companies.
One potential solution gaining increased attention is for
corporate clients to own an independent profile management system, instead of
it belonging to their TMC or booking tool provider. Midoco has started
marketing exactly such a piece of kit, called Umbrella Faces.
Simms has mixed views about this idea. “Profile management
systems are inherently very good because they reduce the risk of data breaches
when we have data being held in lots of independent, fragmented locations,” she
said. But she has some unease about employers assuming direct ownership of so
much revealing information about their employees. “It leads to age-old
questions around consent,” Simms said. “The reason business travel is
complicated [in this respect] is that there is an imbalance in the
employer/employee relationship. It is challenging for an employee to give
consent to the employer’s use of their personal data. Just because I am
required to travel does not mean my employer needs to know about my personal
preferences.”
Midoco’s David Chappell said his company overcomes this
objection by giving travelers “direct access to their data and therefore they
can edit, remove or add as they see fit. It allows a lot of the regulation
around GDPR to be satisfied.”
Katharina Navarro of Capgemini goes even further. She
believes profile-driven personalization is only likely to be GDPR-compatible,
and indeed practicable, if the profile management tool is owned by the employer
and accessible by the employees. “There needs to be an access point into what
information the machine has collected and whether it is still valid,” she said.
“There should be a right to forget. You can have regular questioning back and
forth to the traveler, saying ‘here’s what we know about you. Do you agree or
shall we delete?’ It can also really help in streamlining the right content to
travelers and remove the frustration of seeing too many things where we only
want to see what’s relevant.”
A new generation of business travel microservice providers
like Grapevine and Spotnana are strong advocates of minimizing their own
retention of data, preferring to access travellers’ information held elsewhere
via APIs. “I’m a believer that people should own their own data,” said
Grapevine CEO Jack Dow. “We’ve built our architecture to only take the data we
need when we need it.”
But while Simms applauds the concept, she is less convinced
about the feasibility of different providers tapping into a central,
independent profile tool on a needs-must basis. “That sounds very complex in an
industry that has so many different players,” she said. “It sounds like travel
and data security Utopia, and I’d love to see us get there. I just think there
are so many different issues to overcome that we may be a good few years off
actually seeing this work in practice.”