Title: Consumer Surveillance and Data Mining
Author: Ben Cawkwell
Course: BA (Hons) Interaction Design
Year of Graduation: 2004
PDF copy: http://www.dread.thewonderyears.org/dissertation.pdf
Licence: This work is licensed under a Creative Commons License.

contents

Acknowledgements

Much of the material in this dissertation is based on books, online publications and government or company publications. I would like to thank Paul Money for buying a withdrawn library book “Privacy in the Computer Age” by G.L. Simons which opened my mind to a whole new way of approaching the subject.

I am also particularly grateful two both my dissertation tutors. Stephen Buckle, for helping during the research stage to broaden the scope of my research, and Ruth Catlow for aiding the task of focusing to a specific subject.

I would also like to thank Bjornar Oiestad and Tom Thostensen, employees at Felles Data, for giving me an insight to the way financial data is processed and the security measures that are undertaken. Also the three employees at the Nectar Helpline for answering questions of a very different nature to their usual daily routine.

Thanks also to Kevin Blank, for arranging a computer that I could borrow during the month of the research phase while I was in Norway. And again, thanks to Sara Oiestad for checking the material during the various stages of writing.

Introduction

Increasingly companies and governments are using technology to collect information about its customers, employees, or citizens. There are many reasons why they are doing this, some are legitimate reasons, others are not. However the boundary between what is “acceptable” collection of information and what is “unacceptable” is unclear. And as the technology for collecting and analysing personal information becomes faster, cheaper to deploy, and more efficient designers who design these systems have a moral obligation to consider for what purposes the information collected is going to be used, who should have access to this information, and whether certain information is entirely necessary for the required task.

The first aim of this dissertation is to familiarize the reader with the very nature of the problem. This is done by giving a description of the tools that are used to not just carry out surveillance, but the tools for storing and analysing the information it collects. An example, the Nectar Card, is then used to demonstrate how these methods are used in practise, and to highlight the current dangers these schemes have to the individuals right of privacy. The overall aim of this dissertation is to highlight the importance of privacy, and to propose how legislation may need to be changed to protect the privacy of citizens. Although other areas of surveillance and privacy are touched upon briefly, the main subject of this dissertation is how companies are infringing upon the privacy of its customers, mainly by using loyalty schemes such as the Nectar Card.

Although there have been many definitions (discussed in section 4.3) on the term “privacy”, for the reading of this dissertation it may be helpful to assume privacy, or “Data Privacy” as the control of information about oneself (Simons, 1982 p.66). Other terms such as surveillance and data banks are discussed in chapter 1, while data mining is discussed in chapter 3.

1 Background

1.1 What is Surveillance

(extract taken from UK Internet Rights website: www.internetrights.org.uk)

Surveillance is the monitoring of activities of an individual, group or groups of people. New opportunities for mass surveillance are opening up daily with high-speed, networked computers facilitating many of our everyday activities. Surveillance today may be carried out via the Internet, via telephone networks or via the data profiling of individuals. It is carried out for a variety of reasons - by the private sector for commercial ones (such as the protection of intellectual property rights), or by states for security reasons.

Surveillance may be:

passive - This analyses the trails of information generated by people's everyday activities. It usually focuses on patterns of activity and includes techniques such as:

Directed - This can usually only be used in certain circumstances relating to serious crime. It directly targets and monitors specific individuals. It includes techniques such as

1.2 What are Data Banks

Data Banks are the main power behind passive surveillance. There are various kinds of devices and software that can collect information, but until this information is stored in some kind of Data bank the information will just disappear. A data bank is merely a storage device used to store information of any kind. The PNC (Police National Computer) for example stores information about vehicles, such as their registration number, the colour, make, and owner. It also may contain other information such as whether the vehicle is stolen or suspicious (Simons 1982).

Although The idea of hidden cameras and phone tapping may seem creepy, they are in fact not very efficient on their own. Data Banks on the other hand can carry every bit of information held about a person, and over a network can share this information with other data banks around the world. The real issue effecting our private lives is not the cameras we see installed in streets and public buildings, but the data banks that are sharing information about us without us knowing.

1.3 History of legislation

The UK was one of the last developed countries to take action on legislation to protect the individuals privacy. It was not until 1984 that the Data Protection Act was released, but the government has been under pressure to legislate since the 1960s, when concerns about individuals privacy began (Simons 1982 p.55).

1.3.1 Reasons for legislation

"The reason why we need privacy legislation is that the rights of the individual should be respected and given protection in law. That is reason enough. Other arguments only serve to cloud the issue"

(Graham Bunting & Sean Hallahan,as quoted Simons 1982)

Commercial reasons also call for legislation. As already discussed data banks have the distinct advantage of sharing information, but when business needs to share information across borders, different legislation of those countries creates difficulties in what information they are allowed to possess. An example, when a British firm lost the contract for the production of 80,000 health cards for Sweden in August 1974, it showed government how crucial it is for business to be compliant with a foreign market (Simons 1982 p.101). Some companies in fact have created their own policies in an effort to stay in the international market.

1.3.2 The Lindop Report, the European Convention and legislation

Most of the information in this chapter has been taken from “privacy in the computer age” (Simons 1982, ch.3)

in a NNC (National Computing Centre) publication titled “Privacy, computer, and You”, Joseph Jacob from the law department in the London School of Economics, suggested that an effective surveillance act should aim to do the following:

In 1975, the government in the UK appointed a Data Protection Committee to advise on legislation. Sir Norman Lindop was appointed Chairman of the committee, thus naming the report “the Lindop Report”

The Report gives recommendations a proposed Data protection Authority (DPA). The proposed DPA would be responsible for drafting Codes of Practice, which would take form of subsidiary legislation, and acquire the force of law. The DPA would be responsible for ensuring that the data was registered, and that all information held was necessary, and ensuring the register (particulars of the application, the codes of practice that applies, etc.) was accessible to the public (with the exception of information regarding crime detection at the DPA´s discretion, and national security) .

The Lindop Report claimed that the DPA, or similar body, would ensure that the privacy of individuals could be protected on a flexible basis without burdening the data users. However the government rejected the report, much to the dismay of many lobbyists at the time.

”the fact is [Lindop´s] Codes of Practice were in reality major extensions of the criminal law, creating a whole new host of new offences. We do not believe it is desirable to enlarge the criminal law in this way. . .”

Timothy Raison, Minister of State (quoted in Computing, 22/10/1981)

In May 1981, the UK finally signed the council of Europe adopted Convention on Data Protection. The convention had two important requirements:

To limit the effect the proposed Council of Europe Convention may have on business, the UK government decided to finally introduce the data protection bill, which later became the the data protection act 1984. There were many concerns about the level of protection the data act offered to citizens, but it was not until 1998 that it was updated. Key elements of the Data Protection Act 1998 are summarized (But, Matthew, 2003) as follows:

1.4 Reasons for the increase of surveillance

Within a society there will always be some form of surveillance. During the early period of mankind a watchman looking out for any threat to his small community was a simple form of surveillance. In many ways surveillance is a good thing for the average citizen. It protects them from crime, fraud, gives them access to their money or special services that otherwise would not be available if there was no way of checking the legitimacy of that person. To live within society and not have any information about yourself passed on to someone would be near impossible.

But from some form of surveillance there are clear victims. Surveillance by authorities is often carried out on those already disadvantaged. Examples include the use of CCTV in poorer areas, ID cards for asylum seekers, and those on income benefit induce more surveillance from government authorities than other sections in society in what the government call “to combat benefit fraud”. But what this dissertation aims to point out is the danger that business may also tend to discriminate against its poorer customers by marketing and offering special offers towards its richer customers, or refusing services altogether to a minority few.

1.4.1 Changes in technology

Advances in technology is the biggest reason why surveillance has increased, especially where business is concerned. As technology becomes cheaper to harvest and can store vast amounts of information, it is only natural that business will use it, for whatever purpose. It gives them the ability to better understand their market, and how to target its customers with marketing more efficiently.

1.4.2 Changes in society

In a more mobile society ways of keeping track of people needs to become more sophisticated in order to keep up. Authorities now deal with increasingly more national or global issues rather than local ones with the increase in Internet crime, drug crime and global terrorism. Even the country people belong to is becoming more complicated with joint passports, overseas students, and asylum seekers. Globalisation means bigger companies trading in a world market rather than in one town, giving rise to more customers, and more competition. To survive companies need to target specific people within a bigger population, requiring better sorting techniques. The days of dividend stamps are over, as the business world becomes competitive.

1.4.3 Specific events

Events marked as “attacks on society” such as September 11th, mean people turn to government to to something. And often they are more susceptible to give up their rights of privacy if convinced this would help prevent other terrorist attacks. The common answer governments look adopt is stepping up surveillance by installing extra surveillance systems (CCTV, Bank checks, Internet surveillance etc.) in the hope to identify and detain possible terrorists. Shortly after September 11th an extra 100 CCTV cameras were installed in Times square (Nothing Has Changed, Therefore Everything Must Change 2001), and serious consideration to introduce ID cards, something American citizens have always been reluctant to accept, were back on the drawing board for future consideration (Lyon 2003, p.77).

In this country security within schools were stepped up after the Dunblain incident in 1996. Not only did we see a change in the law on firearms, but schools themselves began to take on a more fortress like appearance, with high fences, security officers, and the installation of CCTV cameras. Something thirty years ago would have seemed unnecessary in a place of learning.

1.5 Summary

Currently the public is generally more concerned with the type of surveillance they can see such as CCTV cameras, or the introduction of ID cards. If current trends persist, it is expected there will over 25 billion CCTV cameras installed in streets and shops in the UK alone (Wakefield 2002). This is because government favour this method of crime prevention and fighting terrorism. And increasingly over the next ten years as the technology becomes cheaper and more powerful we can expect more personal information being held on databases for commercial reasons.

To protect an individuals privacy, the individual needs to know what is going to happen with the information they provide to an organisation. The right to this information needs to be protected by law, and when this information is not or has not be provided, someone needs to be accountable. In 1982, the book, “Privacy in the Computer Age” by G L Simons (p.28) summarised what a citizen needs to know about the information they provide as follows:

The amount of information held on an individual and weather that information is accurate by business is often very difficult to calculate as often a company will have a record without that individual even knowing about it. For example many companies like U.S.News & World Report routinely rents out the names of its 2.2 million subscribers to other companies (Garfinkel 2000 p.225). This shows that currently there is not enough protection provided by law to protect an individuals privacy. How can a citizen check the accuracy of the information held on them, how its being used and why, if they do not know where it is or who owns it?

But despite this the public tend to show little protest to the invasion of their privacy. Although there does seem to be some concern about privacy, most people have focused on government authorities, or employers reading employees emails. Either people do not know that business are collecting information on consumers, which is highly likely due to the way it is collected, or this kind of conduct has become acceptable practices of business.

2 The Nectar Card

2.1 Introduction

Already there has been plenty material written about the use of surveillance by government authorities (police, secret service, local government etc.), employers on employees, and the gradual appearance of CCTV cameras in nearly every public space. But there appears to be little written on the introduction of reward schemes, which in themselves are more infringing than most other forms of surveillance. Loyalty cards collect a customers eating or drinking habits, what medication they are buying, or how much petrol they consume on a weekly or monthly basis, and store this information on a database where it can be shared with other databases, and then analysed. To the average consumer, loyalty cards could be one of the most revealing things about you.

The Nectar card is a loyalty card that was launched on the 16th September 2002, but unlike most loyalty cards it works over a number of different companies ranging from supermarkets, electricity suppliers, mobile phone companies and even a credit card company. Because of the range of different companies that operate the scheme, it means that the potential to gather information for market analysis is much bigger than normal loyalty cards. It also gives more accurate information for building customer profiles since things like what they eat, what car they drive and how much they use it, and how much they talk on the phone are all submitted to a database through this one card.

2.2 About Nectar

Extract taken from the Nectar Card website at http://www.nectar.com/html/AboutHomeCSI.htm

“Nectar is an exciting reward programme which lets you collect points at more than one place, rather than using lots of cards in different shops. So now it's easier for you to earn more points than ever before. And the more points you have, the more of our fantastic rewards you'll be able to enjoy.

Once you've registered with Nectar you'll be able to earn points with our sponsors. These include Sainsbury's, Debenhams, participating BP service stations, participating Thresher Group stores, Vodafone retailers, participating Adams outlets, participating Ford dealerships, and all:sports stores. Customers of London Energy, Seeboard Energy and SWEB Energy can earn Nectar points from 1 December 2003.

If you live in Northern Ireland you can also earn points at your local Winemark store.

All Nectar collectors can also earn Nectar points every time they use their Barclaycard.

Once you've collected enough points for the rewards you want, you can redeem them for free meals, great days out, flights abroad, cinema tickets - the choice is yours. You can even use your points to save money off your shopping at Sainsbury's or Argos. Click here for more great rewards from our fantastic range.”

2.3 How it works

When we consider the Nectar Card in terms of an individuals privacy, we need to examine what information is available regarding the records held on nectars customers. The questions summarised in chapter 1(Simons, 1983, p.28) should serve as adequate questions concerning these records

2.3.1 What information about that citizen is held;

Currently Nectar gather very little specific information about its customers. But from the little information they do collect it is possible to build up a reasonable accurate profile of a customer. To illustrate this an example of a fictionalised character called Barry Smith will be used.

From the mandatory section of the registration form that Barry filled out he supplied his name, address, and phone number, and weather he has access to the Internet depending on weather he supplies an email address. Marked under the security section he provided his date of birth.

In the optional sections of the form, which he probably filled out anyway since they are not marked optional, he discloses weather he owns a Barclaycard. He is given the option of receiving an application if he does not already own one. The next section he supplies enough information to ascertain weather he is a student or single (a household full of adults), a father (by including the number of and age of children), and weather he could be either in employment or running his own business. The questions concerning cars and air miles could be used to ascertain what kind of income Barry Smith may have.

In an interview with a representative from Nectar it was reviled that the only information they were permitted to receive, is where the Nectar cards are used, the number of points the customer is entitled to, and the date they were collected. However every time Barry Smith uses his card the amount he spends on grocery, petrol, mobile phone calls, clothes, and sports gear is collected and stored on a database. From the size of the gas and electric bill it is possible to ascertain the size of the house he lives in, which then will also be stored on the database.

All this information put together it is possible to build a specific profile of the character Barry Smith, in particular his dispensable income and financial commitments, revealing what he is most likely to spend his money on. However the accuracy of this information has large margins for error. If Barry´s nearest supermarket is not Sainsbury´s then there will be a large chunk of information missing, or if he prefers to buy his petrol from ESSO because they are cheaper than BP, those two cars he said he owned on the registration form will seem to never get used.

2.3.2 Why this information is held;

Nectars advertise the scheme as a method of gaining loyalty from customers. This is done by rewarding the customer with vouchers that can be exchanged for goods, like money off shopping, or a trip to Legoland. But when compared to other reward schemes like the Tesco Club Card or the Goldfish Credit Card, what Nectar offer in rewards do not compete very well.

If Nectar do not offer the best rewards compared to its competitors, than it is unlikely that customers will be guaranteed to use it. This undermines the potential of nectar increasing customer loyalty, making the scheme seem unprofitable. However there is another way nectar profit. Nectar can profit from the information that they gather from the individual customer. The type of information that they collect from customers like the example Barry Smith, is very valuable to the companies that sponsor the scheme. This information is used for targeted marketing. By dividing consumers into different consumer categories, companies can save money by only targeting to particular type of people, rather than trying to market randomly at a large population.

2.3.3 Where this information is held;

Nectar is run by Loyalty management UK Limited. In Nectars “Policy on Data Protection and Privacy” it gives the following details about how information such as names and address´s, and information about how a customer uses their nectar card ,would be available:

“It would be available on the nectar database, and possibly on any one of the participating companies databases also.”

This statement works like a blanket authorization (Garfinkel 2000 p.329), giving nectar the permission to distribute the information as much as they like without being held accountable.

2.3.4 Who has access to the information

This question can be split into the following:

In order to access the information held on a customer, you need their nectar card number, the date of birth, and a memorable name that was chosen when filling out the registration form. The memorable name is most likely to be the mothers maiden name, since this is suggested on the form. This type of information in most cases should not be very difficult to collect if you know the person reasonable well, or if you are that persons employer. Like most forms of security, it is only as secure as the password, if Barry Smith chose the name of his first girlfriends cat, the probability of guessing his security details would be pretty remote.

However whatever security measures are placed on the front door, the security of any back doors will ultimately decide the security of the entire system. If people working within Nectar or one of the participating companies have access to the information, There is a risk that they will disclose specific details on an individual. Security cannot rely on preventing only outside attacks, it needs to encompass the entire process of collecting, storing, and processing of information both within nectar and outside.

The relevance of boundaries is concerned with how that information might be treated where laws in other countries are more lenient or non existent. The laws of the UK are there to protect the privacy of its citizens, but if records are exported to other countries, those laws can no longer protect the citizens who's information is in those records.

“If for any reason we need to transfer personal information outside the European Union for a specific purpose, we will ensure that it is treated to UK standards.”

extract taken from the nectar collector rules that can be found at http://www.nectar.com/html/rules.htm

The question here is what safeguards do they offer that guarantee this statement. When asked about the export of information across national boundries, the reply given was a repeat of the above statement.

2.3.5 What codes or laws exist to protect the information held in the organisation in question;

In Nectars privacy policy (see appendix 3) it stresses that “Information regarding the specific goods or services you buy from a particular participating company will not be passed to us or any other participating company except where required to operate the Nectar programme”. This does not however extend to the individual companies, who are permitted to collect this information, even if the consumer leaves the Nectar scheme.

This information that includes which shop you were in, how much you spent, and when is available on the nectar database, and possibly on any one of the participating companies databases for analysis.

2.3.6 Unanswered Criteria

The following questions do not seem to have been answered by Nectars publicised material.

In Simons opinion these questions were crucial for citizens to ensure that the information held on them was fair, by first, the system being adequately capable of securing personal information, and second, that someone could be held accountable and punished, making all companies insuring the adequacy of their own safeguards.

3 How Successful is the Nectar Card

3.1 Nectar as a Data mine

Data mining is a powerful new technology with great potential to help companies focus on the most important information in the data they have collected about the behaviour of their customers and potential customers. It discovers information within the data that queries and reports can't effectively reveal.”

extract taken from “Data Mining” by Doug Alexander found at http://www.eco.utexas.edu/~norman/BUS.FOR/course.mat/Alex/

With 11 million households already signed up for the nectar scheme (Shabi, 2003), the pool of information on consumers must be staggering, even considering the possible innacuracy of the records for building customer profiles. With such a large population taking part the power in sheer numbers means that nectar can build one of the most accurate analysis of the consumer market in the UK.

The way this information is extracted, is through using computer programs that search for patterns in a set of data, that normally would not be anticipated. For example, in the US grocery chains found that when men go to a supermarket to buy diaper s, it was common for them to walk out with beer. This information would unlikely have been found without using data mining techniques.

Data mining can also be used to predict the outcome of future company decisions, by modelling. Modelling is where a model of consumers is created with set variables, which the model then predicts the outcomes of these variables. It is mostly used by companies to predict the outcomes of business deciesions, (like changing the price of an item) before actually implementing it.

3.2 The benefits for participating companies

The reasons why business carry out these kind of schemes has already been discussed in section 2.3.2. But those objectives are not always met. A study by NOP found half of consumers shop at whichever store is most convenient, not depending on which loyalty card they owned. And now with many shops offering the scheme people will sign up for multiple cards and continue to shop wherever is convenient.

”The high proportion of loyalty scheme 'junkies' is also underlined by the research, with membership of multiple loyalty schemes prevalent. This suggests that joint ventures such as Nectar will generate further transactional data on the same customers rather than leads to target as new customers. And what of those consumers not attracted by any loyalty scheme? Over a third (35%) of those interviewed by NOP Financial showed no inclination to collect 'reward' points at all.”

extract taken from “NOP Financial survey on UK loyalty schemes” from www.nop.co.uk/news/news_press_nectar_loyalty_JF.shtml

But despite research showing little evidence of customers being loyal to those shops with reward schemes,and despite the huge cost of running such schemes, most retailers still seem to profit.

"Most retailers who have launched a loyalty scheme experience a 1-4% sales uplift. The more common ones... are around 2%,"

Crawford Davidson, marketing director of Tesco Personal Finance.

Once again this highlights that where companies have profited is improving the efficiency of their marketing campaigns. Where before companies have had to spend large sums of money on advertising, mass marketing and special offers, now they can target those loyalty card holders with promotional offers that from an individuals spending habits, is likely to buy. By knowing their customers better a retailer can ascertain what to sell and who to advertise it to.

3.3 The real benefits and downfalls for customers

There are both clear advantages and disadvantages for the customer. Some reward schemes give good return for using their card, and the advantage is consumers are marketed with products that are of interest to them, cutting down on the amount of information to digest. On the other hand the information that companies can gather, are designed to make the most out if their customers, which means consumers are likely to spend more, whether they like it or not.

3.3.1 Value for money

“You should not necessarily change your spending habits to use the schemes. They do tend to be poor value in what they give as rewards.”

Mike Naylor, Consumers' Association

As mentioned in chapter 2, the Nectar Card generally do not compete well with other loyalty schemes. Depending on where the nectar card is used, the average return in value is between 0.6% and 0.8% return per transaction1, compared with 1% with a Tesco loyalty card, or a goldfish credit card. Boots give a 4% return when using its Advantage card.

“Loyalty schemes are expensive to run and these costs are passed on to customers. The costs of setting them up are high, running them is expensive and the price of abandoning them is high.”

Research firm Datamonitor

By looking at the cost of running loyalty schemes, the money involved is staggering. Nectars advertising campaign alone was a reported £40m. February 2003 Nectar had signed a total of 11 million households in the UK (out of 22 million), giving out an average of two cards per household costing approximately 11 pence each (Wakefield, 200. It is not surprising then that in the Nectar collector rules it states there may be a small fee for any additional cards issued.

Tesco send out vouchers worth Tesco £200 million each year, and sends out statements to 10 million households four times a year, without any subsidies from the Royal Mail (Shabi 2003).

Those that do not run any form of reward scheme, such as Asda, Safeway and Somerfield, claim to be cheaper than those companies that do run them, for these very reasons (Shabi 2003).

3.3.2 Shopper discrimination.

"In every sector, the top 20% of customers give 80% of the profit."

Merlin Stone, business research leader at IBM

Shopper discrimination is naturally what all retail companies deny is the incentive of loyalty schemes. But with retailers knowing more about its customers, it is easy to decipher which people are in the top 20% group, and which of those are not. But more crucially, loyalty schemes give retailers the ability to find out what the top 20% buy, and then focus on marketing to those top few.

Here in the UK it is still early days to see the effects of loyalty schemes, but in the US, signs of shopper discrimination are already emerging. One US store decided to reduce the shelf space for sweets and chocolate, despite it being sold well. This was due to card data showing that these goods were purchased primarily by low profit customers(Albrecht & Vanderlippe 2002). Other ways this data can be used is working out the highest price an item can be sold for, based on what the top 20% will pay, rather than the population at large. An item originally sold for 99 pence, could be risen if card data shows that the top 20% are still willing to buy it. Prevously, the shops were forced to use the amount of sales of an item to determine weather it was the right price, not the information on who was buying it.

4 The effect of Nectar and similar schemes now and in the future

4.1 Introduction

There are many ways loyalty cards will effect society, targeted marketing, increased prices, and shopper discrimination are those that have already been discussed. But loyalty cards will have other major consequences, they will effect the way society perceives information held in data banks, the power of the individual over his own identity, and how people will be judged in the future. Loyalty cards are not just bad value, they have a psychological effect on the consumer. As they start to be introduced as a compulsory item for shopping they are directly effecting the individuals right to privacy.

4.2 Effects on Society

There are two sides to the argument of loyalty cards. One is the the argument of the individual, the other business. Loyalty cards are having an effect on the relationship between companies and its customers, but to who's advantage is still to be decided. At the present moment, both sides think they are benefiting, consumers receive free goods, money off shopping and special deals, business receive information on the consumer that they can use to increase sales and get the most out of each customer. But currently consumers are unaware of the amount of information they are giving in return for rewards, It has been clouded by the justification of the schemes as increasing “Customer Loyalty”. But this is likely to change as the effect of loyalty cards will soon be prevalent enough for consumers to notice. How the public will react will depend on what will be considered an infringement of their privacy in terms of what society deem acceptable, how the information is used, and to who's benefit.

4.3 What is Privacy

"The right to be let alone"

Cooley (torts, 1888) an American Judge as quoted Simons 1982 p.14

"Invasion of privacy as a legal term is in reality nothing more than a canopy under which four distinct wrongs are gathered"

TL Yang (1966) as quoted Simons 1982 p.14

grouped by Professor Prosser (law of Torts, 1955) as quoted Simons 1982 p.14

There has been many definitions if the word “privacy”, or what is the meaning of “infringement of privacy”. The definition has a big impact on how issues like loyalty cards are treated by legislation or in a court of law. Some definitions give little help to the issue (to be left alone in today's society is an unrealistic request). Some definitions relate only to the specific medium that is in question. For example in the Lindop report they defined the term “Data Privacy” to mean “the individuals claim to control the circulation of data about himself “ (Simons 1982 p.66).

It is in this context that the nectar card (and other reward schemes) clearly do breach the individuals right to “Data Privacy”. The nature of the scheme takes direct control of the information from the individual and gives it to the organisations. Although there are options not to be contacted by nectar or its participating companies, these options do not control the circulation of information held on individuals.

While these schemes are currently optional, it is inevitable that if current trends persist consumers that do not take part will be increasingly penalised. Some membership cards such as the MVC Card have two tier pricing in their retail outlets. A CD costing £16:99 can be purchased at £12:99 if a membership card is presented in a MVC store. In the US this has become very prevalent, with grocery stores like Albertson’s, and QFC all using the two tier pricing system. If no action is taken it will only be a matter of time before stores start to refuse to serve customers unless they own the company loyalty card.

4.3.1 Misunderstanding of Information (the dangers of Data Banks)

A number of problems arise when relying on data banks, particularly those in a network. One of the biggest problems is the accuracy of the information held within them. As discussed in 2.3.1 (What information about that citizen is held) the accuracy of data is only as accurate as the data entered. If Barry Smith lends his nectar card to his neighbour a completely inaccurate set of data will be contained in his profile. If his neighbour uses Barry Smith´s nectar card while carrying out a robbery in a Sainsbury´s supermarket, our friend Barry Smith would initially be the primary suspect. An unlikely story this may seem, but there already have been court cases where card records have been used as evidence.

But the very nature of networked databases, mean they lead to inaccurate data that cannot be rectified. This is particularly common in data banks that contain financial data, that help lenders determine the credit worthiness of an individual. If a false piece of data is submitted (for example a late payment that was at the companies fault), so that the company then has to rectify its own records, the false information will have already been spread throughout the entire system. This false information will then make its way into the corrected record and incorrect it again. The false information spreads like a computer virus (Garfinkel 2000 p.42). In the US, privacy activists claim 50% of consumer files have errors (Garfinkel 2000 p.43)

Unfortunately the level of inaccuracy is not often fully understood, but we are approaching an age were we are increasingly relying on technology. Databases give a clouded judgement of real society, where statistical information is quickly replacing value judgements. (Simons 1982 p.57) Technology is often seen as infallible, so a record on a database is more often believed than the person own statement. This opens a whole host of new problems for society. Steps need to be taken to ensure that information is either accurate and complete, or people are made fully aware of the potential inaccuracy of the information held within databases. In either case, information held within databases should never be used to as sole evidence, for the very reason that any data can not be 100% accurate.

4.3.2 Abuse of Information

There is plenty of cases where information has been abused, even cases that pre-date computers. In some cases however, the border between rightfully disclosing information and the wrongful disclosure can be shaded. In one scenario, a man was threatened by a southern Californian store, of using his shopping history against him in court. His history showed he had bought large amounts of alcohol. He was trying to sue the store because he had fallen in one of their aisles (Pierce 2002). This example, and similar other cases demonstrate the shaded area of what is acceptable disclosure. It raises questions such as:

Currently, there are few guidelines that give answers to these questions. When it comes to a court case it is crucial for there to be as much relevant evidence as possible for a jury to come to a fair verdict. But in cases like this the relevance of an individuals shopping history is has yet to be decided.

4.3.3 The psychological effects of Loyalty Schemes

It has already been discussed that loyalty schemes do not increase customer loyalty. They do however tend to encourage consumers to spend more, by offering extra points on more expensive products, or money off vouchers for items or services that normally the customer would not buy or use. But the effect of having your shopping habits scrutinised could have more adverse effects.

The nature of collecting and sharing vast amounts of personal data about subjects means that people will begin to act for the record, rather than from ones own volition(Simons 1982 p.57). Put into the context of loyalty schemes, people will begin buying items not on necessity or desire, but on what image they want their shopping profile to represent. People may begin to fear buying certain items, for instance “excessive alcohol”, “unhealthy food”, or contraception, for fear that information of these purchases will be used against them.

The feeling of being discriminated against by companies for buying the “wrong items” may become a reality, and the segregation between the top 20% and the other 80% could become wider, creating new classes of consumers within society.

5 Conclusion

5.1 General

Loyalty Cards such as the Nectar Card are evidence that show there is a large gap in current UK legislation. The way the gap will be filled depends on who's interests, the consumers or businesses, will be put first. But under current legislation the laws are not specific enough to protect the right of privacy for the individual. Because of the growing concern regarding privacy, business too is likely to suffer, unless adequate legislation is put into place. Companies themselves do not want to be seen to be infringing peoples privacy in the eye of the public, but the necessity to compete means that companies will use all tools necessary to stay on top. If legislation controls the level at which companies can gather personal information, it would eliminate the fear of privacy invasion in this area completely.

5.2 Government, legislation, and money

There are a number of reasons why government seem to show reluctance to legislate. One of the major factors is public opinion. Despite the vast increase of surveillance in the last forty years, privacy is still a concern to a small amount of the population. The high publicity of crime and terrorism are key reasons why this is. It has become the general belief that surveillance (CCTV, phone monitoring etc.) are fundamental to the task of cutting crime or preventing terrorist attacks. This has legitimized the use of surveillance by government authorities. However any change in legislation effecting commercial surveillance, might arise questions concerning the governments own practises.

The other reason privacy is of small concern, is because the way surveillance tools used by commerce are sold to the consumer as a direct benefit for them. The Loyalty Cards are a good example. They have been packaged in such a way that the consumer has only recognised the benefits, and not the downfalls. Most criticisms made about nectar from customers is the poor value compared to other reward schemes (Stringer 2002), or the poor service (“Nectar hasn't kept me sweet”, 2003).

Government are also reluctant to pass legislation that may effect commerce. Currently the UK is running on a artificial economy of consumerism. The high amount of spending in the country has avoided a recession, which, in the interests of everyone, the government are keen for this to continue. To much financial pressure on retailers might tip the balance and bring the country into recession.

5.3 The Future

Currently the future does not bod well for consumers. In a Cambridge Tesco store a trial has begun an attempt at cutting down the theft of Gillette Mach3 razorblades using RFID tags2 (Shabi 2003). The government is also backing another RFID tag trial were the Tesco in Berkshire has tagged its DVD range, two Asda stores in Nottingham have tagged CDs, and five other similar trials with the attempt at cutting crime (Shabi 2003). If instances in the US are examples of what is to come, we can expect companies will use more sophisticated information gathering techniques collecting more personal information that the consumer will be unable to control.

On the other hand privacy groups are putting more pressure on government to do something. And unless companies are very careful with how they use personal information, it is likely the general public will begin putting pressure for legislation also. It is most likely that the government will be forced to update legislation in the not too far future, in order to keep up with technological change.

Appendix 1 Bibliography

Books

Simson, Garfinkel (2000) Database Nation: The Death of Privacy in the 21st Century, Sebastopol, O'Reilly &Associates,Inc.

Simons, G L. (1982) Privacy in the computer age, Manchester, NCC publications

Thomas, Douglas & Loader, Bryan D. () Cybercrime: law enforcment, security and surveillance in the infomation age,

Packard, Vance (),The Naked Society,

Lyon, David (2003) Surveillance as Social Sorting: Privacy, risk and digital discrimination, London, Routledge

Levin, Thomas Y, Fohne, Ursula & Weibel, Peter (2002)CTRL [SPACE]: Rhetorics of Surveillance from Bentham to Big Brother, Austria, Universitatsdruckererei Klampfer GmbH.

Periodicals

Fox, Barry (2003) “wireless cameras raise privacy fears”, New Scientist, 17 may 2003 :p.11

Archives

"National evaluation of CCTV: early findings on scheme implementation from the Scarman Centre National CCTV Evaluation Team"

"Home Office Research Study 252: Crime prevention effects of closed circuit television: a systematic review" August 2002

Brandon C. Welsh and David P. Farrington, Research, Development and Statistics Directorate August 2002

Crime in England and Wales 2001/2002, Jon Simmons and colleagues, July 2002

Powers to Combat Serious Tax Fraud, A Technical Note by the Inland Revenue

Online Publications

“Sustainable Development -the UK Government’s approach”, 11 June 2003, Available HTTP: http://www.sustainable-development.gov.uk/indicators/headline/h8.htm (accessed 01/08/03)

“GCHQ – Government Communications Headquarters”. Available HTTP: http://www.bbc.co.uk/crime/fighters/gchq.shtml (accessed 12/06/03)

Wakefield, Jane (1999) “Government accused of suppressing software”, 8th September 1999. Available HTTP: http://news.zdnet.co.uk/story/0,,t269-s2073548,00.html (accessed 12/06/03)

Wakefield, J. (2002) BBC News Online, 7 February, 2002, Available HTTP: http://news.bbc.co.uk/1/hi/sci/tech/1789157.stm (accessed 21/05.2003)

“A brief history of the Service (MI5)”. Available HTTP: http://www.mi5.gov.uk./history/history_1.htm (accessed 01/09/03)

Mohammed, Emir A, “An Examination of Surveillance Technology and Their Implications for Privacy and Related Issues - The Philosophical Legal Perspective”. Available HTTP: http://elj.warwick.ac.uk/jilt/99-2/mohammed.html (accessed 01/09/03)

Schulman, Andrew, “Computer and Internet Surveillance Technologies and their application in the workplace: Rough Notes”. Available HTTP: www.pco.org.hk/english/infocentre/files/schulman.doc (accessed 01/09/03)

“Closed Circuit Television (CCTV) - Research on Closed Circuit Television Surveillance”. Available HTTP: http://www.homeoffice.gov.uk/rds/cctv2.html (accessed 01/09/03)

“Nothing Has Changed, Therefore Everything Must Change” 28 September 2001. Available HTTP: http://www.notbored.org/change.html (accessed 26/07/03)

Williamsburg, Brooklyn”. Available HTTP: http://www.notbored.org/williamsburg-map.html (accessed 26/07/03)

“Departments & agencies” http://www.homeoffice.gov.uk/terrorism/govprotect/depts/index.html (accessed 26/07/03)

Patch, Kimberly (2003) “Sensors guard privacy” 16/23, July, 2003. Available HTTP: www.trnmag.com/stories/2003/071603/sensors_guard_privacy_071603.html (accessed 01/09/03)

Terrorism Act 2000 (TACT), Anti-Terrorism, Crime and Security Act 2001 (ATCSA). Available HTTP: http://www.homeoffice.gov.uk/terrorism/govprotect/legislation/index.html (accessed 26/07/03)

Adams, Sage J. (2003) “A History of Privacy”,March 09, 2003, Available HTTP: http://www.sageadams.com/writing/hop.pdf (accessed 26/07/03)

Shabi, Rachel (2003) “The card up their sleeve” Saturday July 19, 2003, The Guardian Available HTTP: http://www.guardian.co.uk/weekend/story/0,3605,999932,00.html (accessed 11/11/03)

Alexander, Doug “Data Mining” Available HTTP: http://www.eco.utexas.edu/~norman/bus.for/course.mat/alex/ (accessed 10/10/03)

“Nectar hasn't kept me sweet” 06 may 2003. Available HTTP: www.dooyoo.co.uk/banking_finance/credit_cards/nectar_card/_review/416811/ (accessed 10/10/03)

Stringer, Dave (2002) “Nectar: Loyalty rewarded or exploited?”. 24 September 2002 Available HTTP: http://www.dooyoo.co.uk/internet/internet_sites/reward_loyalty_schemes_in_general/_review/395146/ (accessed 10/11/03)

Mobbs, Paul (2003) “Privacy and Surveillance - How and when organisations and the state can monitor your actions” Revision 1, April 2003. Available HTTP: http://www.internetrights.org.uk/ (accessed 15/06/03)

“What is Surveillance” Available HTTP: http://www.internetrights.org.uk/factsheets_surv.shtml (accessed 15/06/03)

But, Matthew (2003) Data Protection—A brief history (last updated 1 August, 2003). Available HTTP: http://www.ucl.ac.uk/constitution-unit/foidp/dp_history.htm (accessed 16/06/03)

Albrecht, Katherine & Vanderlippe, John (2002) Supermarket “loyalty” programs: Rewards for the wealthy, publication on 12 June, 2002 Available HTTP: http://www.nocards.org/essays/discrimination.shtml (accessed 10/11/03)

Audiovisual Media

"The Mark Thomas Comedy Product" on Channel 4.

"Video showing how CCTV can help fight crime" from the Crime Reduction Website.

"Gattaca" by Andrew Niccol.

Sources

Interview about the use of computers in bank systems with Bjornar Oiestad and Tom Thostensen, employees at Felles Data (private firm specialised in running accounting systems for Norwegian Banks)

The Nectars Registration pack which includes:

Three interviews with staff at the nectar helpline (0870 4 100 100)

Appendix 2 Registration Form for joining the Nectar Card Scheme

the necter card application form

Appendix 3 Nectar Card Policy on Data Protection and Privacy

When you register with Nectar you can choose between various options as to the use of information collected through the Nectar Programme. Your options can be checked and changed at any time by using "my nectar" or calling Nectar on 0870 4 100 100.

These options do not affect any other data, such as data participating companies may collect from other sources e.g. from an account with them. If you have concerns about the use of such data, please contact the relevant participating company directly.

This is Loyalty Management UK Limited's policy on information collected through the Nectar programme. It is part of the Collector Rules and Primary Collectors are responsible for ensuring that Additional Collectors on their accounts are aware of its terms. Primary Collectors and Additional Collectors ('you') will provide information on a registration form or other communication with us and when you use your card or give details to earn or redeem points, the participating company in question will record in its database the details of the transaction on which those points are earned or redeemed. If you transfer points from a participating company's old loyalty scheme into Nectar, associated information will also transfer to Nectar. Any of this information may be used by, and shared between us and participating companies* where necessary to operate the Nectar programme (for example, so that you can redeem your points or to help prevent abuse of the programme).

Information regarding the specific goods or services you buy from a particular participating company will not be passed to us or any other participating company except where required to operate the Nectar programme. A participating company with whom you use your card or redeem an offer may use information about the specific goods or services which you purchase from it to market to you or to update a database on which you already appear and will be entitled to do this even if you leave Nectar.

Any information (including your name and address) that does not relate to specific goods or services that you buy (for example, the number of points you earn every month) may be used by us to analyse where and how you use your Nectar card. We may also use that information, and share it with participating companies so they can use it to select and send you offers (which may include bonus offers) which we or they believe are likely to interest you. Participating companies may use and analyse that information to market their services to you outside the Nectar programme.

Nectar allows Additional Collectors (for example, family members) to earn points on a Primary Collector's account and will pool all information regarding that account (including that transferred from other programmes). The Primary Collector is primarily responsible for an account so will have access to information on all transactions on the account (including those by Additional Collectors) whilst Additional Collectors will be able to check the total balance on the account and details of Points earned by them. Offers and marketing may be sent to Primary Collectors and/or Additional Collectors.

One of the benefits of participating in Nectar is that, on the basis referred to above, we and participating companies* may use information collected through the Nectar programme about you to send you details of offers, promotions and products. Please email us via helpline@nectar.com, or ring the Nectar hotline on 0870 4 100 100 or write to us at Nectar, Freepost SWB 2231, Bristol BS38 7FS if you:

Do not want to receive through Nectar information on offers and promotions (including special points offers) from us or participating companies*

Appendix 4 Companies participating in the Nectar Card scheme

Nectar is centrally managed by Loyalty Management International of the Netherlands, which runs similar schemes there and in Canada.

Trading Names

Full Corporate Name

Adams

Adams Childrenswear Limited

Air Europa

Flight Directors Scheduled Services Limited

all:sports

all:sports (Retail) Limited

Alton Towers, Madame Tussauds / The London Planetarium, Chessington World of Adventures, Thorpe Park, Warwick Castle

The Tussauds Group Limited

American Airlines

AMR Corporation

AquaXcite

AquaXcite Ltd

Argos

Argos Limited

Avro

Avro PLC

Barclaycard

Barclays Bank PLC

Bath Racecourse, Brighton Racecourse, Chepstow Racecourse, Fontwell Park, Gt Yarmouth Racecourse, Hereford Racecourse, Newcastle Racecourse, Sdgefield Racecourse, Uttoxeter Racecourse

Northern Racing Limited

Best Western

Interchange and Consort Hotels Ltd

Blockbuster

Blockbuster Entertainment Ltd

BMI

British Midland Airways Ltd

BP

BP Oil UK Limited

Brewsters, Brewers Fayre, TGI Fridays

Whitbread Group PLC

British European Airways / Flybe

Jersey European Airways (UK) ltd

Cadbury World

Cadbury Schweppes plc

Caffe Uno, Est Est Est, Garfunkels

City Centre Restaurants (UK) Limited

Debenhams

Debenhams Retail PLC

DFDS Seaways

DFDS Seaways Limited

Dundonald International Ice Bowl

Dundonald International Ice bowl Ltd

Dynamic Earth

Dynamic Earth Enterprises Limited

Eden Project

Eden Project Limited

England Rugby

England Rugby Ltd

English Heritage

English Heritage Trading Limited

Eurostar

Eurostar (U.K.) Limited

Eurotunnel

Eurotunnel PLC

Executive Golf Club

Incentive International Limited

Exhilaration

Exhilaration Incentive Management Limited

Ford

Ford Motor Company Ltd

Future Forests

Future Forests Limited

Gatwick Express

Gatwick Express Limited

Heathrow Express

Heathrow Express Operating Company Limited

Historic Royal Palaces

Historic Royal Palaces

Hoverspeed

Hoverspeed Limited

Jorvik

York Archaeological Trust for Excavation & Research Ltd

Kempton Park, Sandown Park

United Racecourses Limited

Kew Gardens

Royal Botanic Gardens, Kew

KLM

KLM Royal Dutch Airlines

Kodak Express

Kodak Limited

Laithwaites

Direct Wines Limited

Legoland Windsor

Legoland Windsor Park Limited

LivingWell

Living Well Health and Leisure Limited

London Energy, Seeboard Energy, SWEB Energy

EDF Energy

London Zoo

The Zoological Society of London

Lunn Poly

Lunn Poly Limited

Macdonald Hotels

Macdonald Hotels

McDonalds

McDonald's Restaurants Limited

Medieval Banquet

The Beefeater of St. Katharine's Dock Ltd

Megabowl

Megabowl Limited

Odeon

Odeon Limited

Planet Hollywood

Planet Hollywood (Trocadero), L.C.

Sainsbury's

Sainsbury's Supermarkets Limited

Sealife

Merlin Entertainments (Sealife) Limited

Stansted Express

Western Anglia Great Northern Railway Limited

Stena Line

Stena Line Ltd

TAP Air Portugal

Transportes Aereos Portugueses SA

The Deep

Deep Running Ltd

Thresher Group

First Quench Retailing Ltd

Twenty20 Cricket Tournament

England & Wales Cricket Board Ltd

Ulster Folk & Transport Museum

Ulster Folk & Transport Museum

Virgin / Virgin Atlantic Airways

Virgin Atlantic Airways Limited

Vodafone

Vodafone Group Plc

VSOE / Orient Express

VSOE / Orient Express

Venice Simplon-Orient-Express Limited

Whipsnade Animal Park

The Zoological Society of London

Winemark

Winemark The Winemerchant Ltd



1Calculated by taking an average value of return of every company offering nectar points.

2RFID (Radio Frequency Identification) are the size of a speck of dust and transmit a unique code (usally to a hand held device) at a distance of about 20 feet.

Valid XHTML 1.0! Valid CSS! Creative Commons License
This work is licensed under a Creative Commons License Ben Cawkwell 2004.