Your Personal Data Is Not Sold, Just Used

I put several hotel rooms on my credit card one month. The next month, I get a “30% OFF” coupon from AirBnB for staying at one of its properties the next time.

My first reaction is that my credit card company has “sold” my personal data to AirBnb.

Ditto when I

  • Talk about a brand and see that brand’s ad on my Instagram / Facebook / Twitter feed
  • Mention a company and see its recruitment ad on my LinkedIn profile page.

In all these situations, some personal information about me was used to target ads and offers (herewith “targeted ads”) at me.

But it does not mean that one party has sold my personal data to another party.


The way modern advertising and customer engagement management technologies work, one entity creates a targeted ad, another entity decides whom to display / deliver it to and another entity actually displays / delivers it. Data is not necessarily shared between these entities.

In the context of the above example, AirBnB approaches the Bank and says, we want to offer 30% discount on our properties to attract people who frequently stay in hotels. Bank knows from its credit card transaction database who frequent hotel stayers are, and tells AirBnB, okay, give us your creative and copy and we’ll send out emails on your behalf to people who stay in hotels frequently. AirBnb submits the required data to the Bank, the Bank runs the email campaign and I, as a frequent user of hotels during the previous month, get AirBnB’s email. (Email is just one channel used to communicate the 30% discount – the same targeted ad could equally well be displayed on top of Google search results or embedded within Instagram feed.)

Ad-tech providers like Cardlytics and Customer Engagement Management (CEM) platforms like Birdvision enable banks design, develop and execute data-based campaigns like the one described above.

As we can see, in the above example, the Bank has enabled AirBnB to reach its (i.e. Bank’s) customers who belong to AirBnB’s target market. But it (i.e. Bank) has done so without selling its customer’s data to AirBnB.


While I’ve taken the case of a bank in the above example, this is how all modern day digital advertising works in all industries. Facebook, Google, Instagram, LinkedIn and other major digital advertising platforms let advertisers across diverse sectors target customers based on the personal information available with them (i.e. digital ad platforms). The nature of targeting depends on the type of personal information possessed by a given platform. For example, Facebook has demographics and psychographics data; and Google has purchase intent data.

I strongly doubt if any reputed bank – or social network or search engine – outrightly sells its customer’s personal data to advertisers. If you don’t believe me, you can always follow through with @kshashi’s advice below.


I’ve discovered a number of useful products and services and deals via targeted ads. Therefore, I’m happy to receive the occasional targeted ad (as long as it’s targeted correctly, that is).

I know a few others like me. See Two Secrets Of Driving More Sales To Existing Customers and Are Digital Natives Losing Their Data Chops? for more details.

But many customers of banks or users of social networks don’t like targeted ads. If they don’t wish to receive targeted ads, their options depend on their domicile.

 

Some countries (e.g. India, USA) have no data protection and privacy laws yet, so people in those jurisdictions have very limited legal recourse if they receive a targeted ad.

European Union has recently enforced GDPR, a regulation that gives its citizens and residents certain rights to data protection and privacy including the “right to be forgotten”, which means, an EU citizen / resident can ask the Bank to forget their transaction history, thus depriving the advertiser with the ability to make a targeted ad to them.

Data is the new oil only for those who run targeted ads on top of it. For the guy from whom the data originates and to whom it belongs, data is not even worth peanuts. https://t.co/1QAFDdGZPK via @WIRED @GregoryJBarber . #Datum #Doc.ai #Wibson

It’s still early days of GDPR but, based on my study of consumer behavior over a lifetime, I can readily foresee the day when a person who has exercised her “right to be forgotten” finds out that her friend got a 30% discount for a hotel room whereas she’d paid full fare for the same room. When she complains that the hotel fleeced her, she’ll be politely reminded that, because she’d exercised her “right to be forgotten”, they couldn’t make the 30% discount offer to her that they could offer to her friend. They’d also gently suggest that, to avoid losing out on such juicy offers going forward, she might want to sign up for their targeted ads forthwith.

She will.

And the “opt-in, opt-out” perpetual motion machine will go through another turn.