How Tesco and co are testing the limits of customer data exploitation

Customers expect companies and organisations to gather data to target services and products at them, by the use of cookies on their websites, for example, or by retrieving data from loyalty cards, or monitoring the use of smartphone applications. In turn, this has raised customers’ expectations for improved service levels and a better relationship with their chosen suppliers.

Meanwhile, the government is fostering a culture of dynamic data sharing and it is clear from a range of recent policy announcements – the Open Data Institute, the NHS information strategy, and so on – that it sees enormous commercial potential in this for kickstarting UK growth.

But as large companies diversify – for example, as supermarkets sell insurance, offer banking or legal services, and even, in some cases, in-store pharmacies, surgeries and post offices – some organisations must be tempted to connect this data up in ways that might save them money, but at the same time risk intruding into the customer’s privacy, health, finances or lifestyle choices.

Rumours sometimes circulate of retailers gathering data about unhealthy eating, smoking, or excessive alcohol consumption from a customer’s purchases and using it to increase their insurance premiums, for example. Other, perhaps apocryphal, stories circulate too – such as the customer who injured himself after slipping on a wet floor in an American supermarket. According to industry lore, he tried to sue the store only to be told that the company’s records of his shopping habits suggested he was a heavy drinker and this, claimed the store, was the real reason he had fallen over.

In fact, such ideas are not too far beneath the surface of day-to-day political discourse. Last week, The Daily Telegraph reported that a Whitehall unit dubbed the “Behavioural Insight Team” was in talks with supermarkets over using their databases of customers’ shopping habits in a bid to improve the nation’s health – with the suggestion being that customers deemed to have “unhealthy” shopping habits (in terms of food, alcohol or tobacco, for example), might be contacted directly by the government in a form of social control via the checkout.

Health Secretary Andrew Lansley swiftly ruled out any government involvement, but perhaps only because ministers are thought to be wary of “big brother” accusations – in spite of the government drafting its controversial Communications Data Bill earlier this month, which has given rise to similar accusations.

So what strategies are currently being deployed by retailers and other organisations?

At IBM’s Smarter Commerce Global Summit in May, Boots’ director of customer loyalty, Ruth Spencer, said that the high-street pharmacy chain’s customers now expect it to use their data to target them. “Customers now believe [the company] uses its insight. They think ‘you’ve got my data, I expect you use it’,” she said.

How Tesco and co are testing the limits of customer data exploitation

Companies such as Boots, Betfair and Iceland are using campaign management tools from the likes of Teradata and IBM-owned Unica to analyse consumer data to better understand customers’ preferences and target them with personalised offers – and, of course, loyalty cards and store cards are now part of consumers’ everyday experience of countless major brands.

Mike McNamara, CIO of Tesco, said recently: “We used to know what people buy, now with the website we know what they want to buy.” In a recent public speech, Tesco boss Philip Clarke admitted that the retailer also uses Clubcard data to target consumers according to their wealth.

“We’re now making changes to our UK website to highlight promotions that are relevant to the customer who is browsing the site. Using Clubcard data, we would show, for example, offers of our Everyday Value range to price-sensitive customers, and offers of our ‘Finest’ range to more upmarket customers.

“The power of this approach was borne out by a test we did to sell mattresses. When a customer visited our website, we would use Clubcard data to tell us if the customer was more swayed by price or quality. We’d then display the type of mattress that best reflected that shopper’s characteristic. Sales grew by 10 per cent.”

A spokesman from Dunnhumby, which provides the analytics for Tesco’s Clubcard, suggested that Tesco Bank could target a customer depending on their shopping habits. “If a customer has given us permission to send them offers from our partners, then they may get an offer from the bank or another part of the business which their shopping habits suggest they may find interesting,” he said.

However, although Boots’ Spencer believes that consumers expect retailers to use the data, it is not always the case that they want them to. According to a survey of 2,000 UK consumers commissioned by data integration company Informatica, only 35 per cent of UK adults trust businesses to use their personal data and 46 per cent of the respondents said they believed that sharing their personal data would give businesses the opportunity to invade their privacy.

So might retailers overstep the mark and exploit their customers’ trust by using their data for reasons other than those they disclose? Could a company such as a Tesco (or a Marks & Spencer, which plans to offer banking services), use the data gathered from shopping choices to increase the price of services like life insurance, for example?

Kim Walker, partner at law firm Thomas Egger, said that the use of all such data is governed by the Data Protection Act (DPA) and the basic principle of the Act is transparency and fairness.

“Even though [society] has moved on in great leaps since 1998 [when the Act was passed] – because retailers use more forms of information such as social data – the principles remain the same. Retailers have to be fair in the way they use the data and can only use data in the way they say they are going to use it,” she said.

However, Walker said that, within the law, retailers can alter their privacy policies as they like, and this means that the onus rests with the customer to stay informed of the details. For example, on the Tesco Clubcard website it states that “the [current] privacy policy replaces all previous versions... Tesco reserves the right to change the policy at any time”.

How Tesco and co are testing the limits of customer data exploitation

Walker added: “If Tesco could point to a particular section of the policy for its loyalty card to show that the data could be used from a consumer for different provision [to the campaign management tools], then that would be interesting.”

The current Tesco Clubcard data protection statement says that the company uses the data it gathers to “understand [customers’] shopping habits to improve its service and unless [the consumer] indicates otherwise, contact them with offers and information about products and services of interest to [the consumer and his/her] family.

“[Tesco Clubcard] will share your details among Tesco companies at home and abroad (eg Tesco Personal Finance), and businesses that process Clubcard information on our behalf (eg printers who need certain details to print our mailings).”

Walker said that if a policy states that a company uses a customer’s data across all of its operations, then that is something that consumers need to consider the implications of. “There is nothing to suggest they can’t do that, but then you would have the public relations angle, which is: Do customers think this is fair?” she said.

According to the Informatica survey, 30 per cent of respondents felt that they have had their data exploited by firms in the past, either by it being passed to a third party without their permission, or by information being used to discriminate against them.

If some diversified retailers are using data in this way - or are tempted to, to gain the fabled “single view of the customer” (which is the goal of CRM technologies) – then it would not be the first time, according to Andrew Jennings, chief analytics officer at analytics provider FICO.

Jennings gave the example of US retailer Target, which, according to a recent New York Times article, was found to have predicted a high school girl’s pregnancy. It did so by analysing the girl’s shopping habits, and then with the use of predictive analytics, identified a pattern of products that are typically bought in early pregnancy. The retailer reportedly sent out coupons for other products that she might have needed for her new baby. The girl’s father, meanwhile, had not been aware of his daughter’s situation.

Jennings said that if a retailer decides to use such methods, then it must ensure that it does so appropriately, and apply the same analytical logic to what the repercussions of that decision might be. “You’ve got to be able to do that really well, because if you send the coupons to the wrong people, then the customer will ask ‘How and why am I getting all of this?’” he said.

In the UK, Tesco has risen to dominance across several areas of the retail sector. According to a spokesman from consumer data protection agency ALLOW: “It is no coincidence Tesco’s recent retail dominance has coincided with its takeover of Dunn-humby in 2011. Dunnhumby provides the skills to understand customers better than anyone else.”

In fact, the reverse is true: Tesco has recently been losing ground to its rivals and in June 2012 posted its sixth consecutive quarter of falling sales. In April, the chain reported its first drop in domestic profits for 20 years, prompting CEO Clarke to announce a £1bn makeover of the company. So the clear connection between analytics and profits is not so easily stated.

The use of loyalty cards to collect custo-mer data is both an opportunity and a challenge, according to Gareth Herschel, research director at Gartner.

“There is a distinction between personally identifiable data and anonymised data. So, for example, if the people who shop at a particular store tend to buy unhealthy foods and the retailer offers all its customer base private health insurance, then this kind of data usage is not illegal as it is not information that concentrates on specific people.

“But with a loyalty card all of these transactions can relate back to a particular customer, as opposed to just broad buying patterns,” he said.

How Tesco and co are testing the limits of customer data exploitation

This means that it is not just a matter of data protection, but of consumer protection, according to Sally Annereau, data protection analyst at law firm Taylor Wessing.

“The DPA and associated regulations apply to the processing of customer data and will be relevant where data processing is connected to targeted pricing.

“However, consumer protection regulations will be equally important here and it is likely that data and consumer watchdogs would act together if there was evidence that, for example, targeted prices were based on browsing behaviour and customer monitoring,” she explained.

When Computing asked the Information Commissioner’s Office (ICO) about this, it said: “When signing up for the loyalty card scheme the individual should be informed about how their information will be used. The information should allow the individual to make an informed decision about whether they are happy for their information to be used in the manner that the organisation intends.

“If an individual believes that an organisation is using their information in a manner that they have not been told about and they do not agree with, then they can make a complaint to the ICO.”

Of course, it is not just loyalty cards that hold personal information. Cookies can also be used to track users’ interactions with an organisation, often across multiple services.

On Twitter, a disgruntled Ryanair customer recently claimed that he looked up a fare on a particular day, which was £123. The next day he checked the fare again and it had risen to £237. Once he had “flushed cookies” the fare returned to £123, he said.

The ICO spokesperson said that, just like the rules regarding loyalty cards, if an organisation was using cookies to track a user’s online activity with a view to targeting them with a price for a product based on their browsing habits, then it would need to provide sufficient information about how cookies are used in that process.

Gartner’s Herschel explained that certain categories of products incur legal restrictions, which mean that a retailer cannot sell a product to two people for different prices. But insurance policies, on the other hand, are usually based on a number of factors relating to personal information, and each person is given a price depending on their circumstances.

“If you apply to take out life insurance, the insurer asks you questions about the activities you do - ‘Do you do sky diving?’ for example. If you say yes to those questions, they charge you more, so this already happens,” said Herschel.

The difference, Herschel explained, is that if a retailer uses customer data from its stores to quote a consumer a price for an insurance package, then the consumer’s general attitude to data privacy is the deciding factor. “Some people are extremely private and do not like their personal information used for any reason whatsoever. Other people think the use of their information will make their life more convenient.

“The logical step for retailers would be to ask customers what privacy level they would like first,” he added.

Thomas Egger’s Walker argued that consumers want to be part of a multichannel environment and to understand why their data is being collected. “Customers are not worried about the use of their data as long as there is no breach of security or third-party use of that data.

“The main thing is, if a retailer keeps adding ways of using the data and updating the policy then the business has to give the customer an option to opt out. They have to do that very quickly and responsively, as stipulated by EU privacy regulations,” she said.

So would a data analytics firm agree to do analysis that might be illegal, or controversial, or fall into a legal grey area? “We don’t do anything illegal,” said Jennings of retail and bank analytics provider FICO. “But you get into a grey area of what is a legitimate use of information.

“FICO’s principle is to use data analytics for something that is mutually beneficial for bank, retailer, insurer and the consumer. So, for example, understanding credit risk is mutually beneficial because banks can make better lending decisions and more people could get access to cheap credit.

“If a retailer can increase their sales in a way that can provide offers that are relevant to the consumer, that is mutually beneficial,” he said.

• Additional reporting Chris Middleton

How Tesco and co are testing the limits of customer data exploitation

If a consumer agrees to share information with retailers, can they complain when data about their shopping habits and lifestyle choices are used to milk them for more money?

How Tesco and co are testing the limits of customer data exploitation

If a consumer agrees to share information with retailers, can they complain when data about their shopping habits and lifestyle choices are used to milk them for more money?

How Tesco and co are testing the limits of customer data exploitation

If a consumer agrees to share information with retailers, can they complain when data about their shopping habits and lifestyle choices are used to milk them for more money?

How Tesco and co are testing the limits of customer data exploitation

If a consumer agrees to share information with retailers, can they complain when data about their shopping habits and lifestyle choices are used to milk them for more money?