Ever bought something in a supermarket that you’d rather keep secret – condoms, stacks of booze or certain private medication, maybe? Tough – your secret’s safe with no one and it’s likely to be passed on.
If you have a loyalty card, you expect some loyalty – usually in the form of air miles or money-off vouchers.
What you probably don’t expect is for your shopping list to be scrutinised, married to your spending habits, postcode and other preferences to produce an eerily accurate profile of you.
Who can you trust?
You didn’t tick the box allowing your details to be sold to ‘trusted partner companies’ (i.e. anyone who’ll buy it) and therefore assumed that your relationship with your loyalty card provider would be kept in-house.
But you’d be wrong. Under the Data Protection Act, companies require consent to pass your personal details on to other firms, unless the information is anonymised, in which case it’s fine. And there’s the catch – take your name out of the equation and the rest of your information is fair game.
I think this is wrong, outdated and potentially detrimental. And here’s why.
Companies can produce a profile that is seriously accurate without knowing your name. Let’s face it, if they know where you live (specifically your post code), what you eat, drink, drive, how old you are and so on – who needs a name?
Anonymised information is still personal
They can sell this ‘non-personal’ (albeit extremely detailed) information to target retailers who want your business. And these firms will then base their pricing structures on this information.
So, say you’re a 25 year-old male, living in York city centre. You like a glass of Pinot Grigio with your ready meals and smoke a pack a day.
Sure, you may get a few quid off your shopping bill. But if your information, and others’ with similar profiles, was passed to a private medical insurer (PMI), they may conclude that all 25 year-old males living in York present a higher risk.
Consequently, PMI premiums for these people will rocket. The cost to our York man will probably outstrip the money he gets off his next shop.
Perhaps it’s time to re-think our privacy laws? Maybe the Data Protection Act needs a bit of a tweak to protect anonymised customer data more effectively – or at least require banks and retailers to spell out in greater detail how their data is collected and used. What do you think?