What do I do?

I’ve been quiet for a while — adjusting to a new role and set of issues to think about. Last night, Gina and I were invited to a dinner party, and the inevitable “so what do you do?” question came up. I haven’t had a good answer to that question since the 80’s. Maybe the 70’s. Maybe ever. Last night, this is what I came up with:

I’m going to set up a thought experiment. Imagine if you will…

Costco collects consumer preference information about their customers (things like their purchase histories). So does Walmart. Let’s say that Costco, in order to provide a better customer experience, wishes to purchase and analyze the consumer data (say, purchase history) from Walmart. (You should feel free to substitute Barnes & Noble and Amazon or any other pair of competitive retailers that you patronize to personalize this example). What should happen?

In order to answer that question, let us magically remove any technical barriers to any possible desired outcome, and imagine that all of the data (both Costco’s and Walmart’s) are stored in one big computer system, with the right levels of security so that Costco can only see their data, and Walmart can only see their data — but it would be simple for Walmart to give Costco access to a specified subset of the data. What should happen?

The initial reaction is that Walmart should/would say “No” because

  1. they are competitors and don’t want to share the information, and
  2. their privacy policy should forbid it to protect consumer rights

The way I see it, those two reasons are mutually contradictory. Because it centers around the issue of who should control access to that data. Given that the information is about a particular individual, shouldn’t that individual have some say in the decision about transferring (selling) the information about him or her? If it’s the customer’s decision, then Walmart can’t say “No” — the customer has to.

So, let us give all those individuals user accounts on the aforementioned theoretical computer system housing Costco’s and Walmart’s data. Each individual has access to the information about them from both companies. The first benefit of this arrangement is that the individual gets access to view *all* of the data collected about them — and who collected it. That seems like a value to the individual.

Let’s say that there are a million individuals involved. Instead of asking Walmart if Walmart is willing to sell the customer preference data to Costco, Costco asks the individual customers. (Perhaps they don’t need to ask — perhaps the individuals have expressed their preferences about this kind of question so that their preference information can be checked to see if they are interested in participating.) One hundred thousand of the million customers say “sure — I don’t mind if you analyze my total purchase history across both companies in order to provide me better service”. The other nine hundred thousand, concerned about their privacy, say “No.” (It is unclear how much such a decision protects their privacy, since Walmart is still free to analyze the Walmart data, and Costco is still free to analyze the Costco data — but it is a decision that they certainly should have the right to make.)

Presumably, then, Costco should now get access to that 10% of Walmart’s database, since they (Costco) have permission from the consumers about whom this data was collected. Shouldn’t they? That is to say, if the consumer should have the ultimate decision about who has access to their purchase histories (or gambling histories, or reading preferences, etc.), and the consumer wants to say “Yes”, then Walmart (or Harrah’s or Albertsons) couldn’t very well say “No”, could they? Or could they?

Who owns the data? Given that, in the case of purchase histories, each data item contains information about both the seller (Walmart) and the buyer (the costumer). Sounds like they both have a claim on the data.

That’s the political/legal dilemma. And, of course, who should own the data is not necessarily who does own the data. Today, for this example, Walmart and Costco own the data. I think it would be fair to say that it would be difficult to find anyone who would assert that the customers owned that data. But I’m not a political guy (my brother is — ask him about that).

Assuming the legalities can be worked out to inject the individual into this transaction, then we confront the financial question. When Costco offers to buy the consumer data — who gets the money? Is it Walmart? or the 100,000 consumers who said “Yes”? After all, Walmart actually went to the trouble of collecting it, storing it, and making it available, so they are certainly entitled to some compensation. In fact, the data wouldn’t exist at all if Walmart didn’t collect it, so perhaps Walmart is entitled to the money, but the consumer is entitled to the decision. Or vice versa. Or somewhere in between. It looks like it’s shaping up to be a multi-party transaction — with the need to protect the anonymity of some/most/all of the participants. In the financial world, that role is called a “broker” — who takes a commission for facilitating the transaction.

So far, this has been a two-company example, but of course, one can easily see extending this idea to hundreds of retailers. Costco could potentially look at some subset of Target’s database, and Amazon’s, and Best Buy’s. The consumer would have access to a very detailed profile about his or her purchases, returns, preferences, payment history and so forth. Many people would want to participate to get access to that information. As well as control access to it. Companies would want to participate for the same reason.

Finally, there is the technical question. Assuming the questions of ownership and privacy can be worked out, and a financial model around how the money should be divvied up can be worked out, somebody would have to build the aforementioned computer system that houses all that data, and provides the appropriate access to the appropriate parties at the appropriate times.

What do I do? I’m building that system.