Data is one of the most critical assets thriving companies of all sizes possess. Unfortunately, that doesn’t always translate into good practices, especially for the users who can be subject to an outrageous abuse of their personal data without being able to do much about it.

That’s one of the many reasons users regard online companies that are using AI systems to personalize their experiences as disingenuous. However, this is not always the case, and it certainly isn’t the rule of thumb for companies across the board, mainly because there are a few essential forces at play that are preventing them from doing it: 

• General Data Protection Regulation (GDPR) 
• The AI Act in Europe
• California Consumer Privacy Act (CCPA)
• Google ‘phasing out’ third-party cookies
• Apple advances its privacy policy

Just recently (Jan, 2022) Austria’s data regulator has found that the use of Google Analytics is a breach of GDPR. While half of the solution might be in the form of a new EU-US data transfer pact, it does bring attention to the other half: how can end-users have more control over their data?

Yes, 83% of consumers indeed expect personalization within moments and hours. At the same time, up to 80% of consumers are sensitive to companies’ security and privacy practices regarding their online data. 

At first sight, this might seem like a paradox: personalizing users’ experiences while protecting their data privacy? 

In our experience, as long as we’re carefully executing to provide value and convenience to users and do not become intrusive, AI-based personalization is a practice that can be encouraged and widely adopted.

When we measure the effectiveness of these personalization techniques, there are a few aspects to take into consideration:

1. The technical component, which, for the most intelligent recommendation systems, involves machine learning;
2. The evolution of the business KPIs (conversions, average order value, revenue growth, etc.).
3. User satisfaction, which is often considered implicit: if the users convert, it means that they are satisfied.

The inconvenient truth is that, in the online realm, the effectiveness of personalization techniques is mostly correlated with the bottom line: “The recommendation engine must be a hit for our users because our revenues skyrocketed!” That logic is partially valid, as it doesn’t paint the whole picture. An increase in revenue doesn’t necessarily mean an increase in user happiness and metrics that are difficult to gauge, such as user satisfaction, often fall to the bottom of the priorities list.

Plus, it reveals a vital blind spot – the answer to the question: is our user-centric AI system privacy-aware? 

What is a privacy-aware AI system?

Privacy-aware AI systems understand that an individual has her personal data scattered across various accounts, which can be accessed only by the individuals themselves. 

Hence, to get value from personal data in interacting with a third-party AI system, the individual must “activate” that personal data. In other words, the individual should decide the conditions for how their user data profile can be used by third parties, including AI systems.

Inspired by two papers that go deep into the topic, each having their own approach, but ultimately attempting to solve the same problems (My data, my Terms: a Proposal for Personal Data Use Licenses and Solid: A Platform for Decentralized Social Applications Based on Linked Data) and in the light of existing data usage practices by consumer-facing companies, we’re envisioning that when it comes to third-party AI systems, individuals should be able to set the following conditions for access to their user data profile:

1. Full or limited anonymity. For example, an online shopper may choose to remain anonymous and not disclose any personal information about themselves to the online retailer. 
2. Permission to track. By granting access to their user data profile, an individual can impose an obligation on the service provider to not follow that particular user (i.e., not to track an individual’s activities during or after a particular session).
3. Permission to store data. This means that, even if the service provider is given access to the user data profile of a particular individual, the service provider is not entitled to retain the user data profile in its system.
   
4. Permission to bundle data. Individuals should also have the right to prevent service providers from aggregating that particular individual’s user data profile with user data profiles of other individuals.
   
5. Permission to share data. Individuals should be able to impose a requirement that the service provider does not share that individual’s personal data with other third parties.
   
6. Permission to sell data. One of the most controversial issues currently relates to the fact that personal customer data is sold among companies without customer consent. 

Understanding the implications of such user data profiles today can give companies a substantial competitive advantage tomorrow by becoming early adopters, leading this wave of change rather than falling behind and resisting it. 

Our vision for adopting user data profiles (which can be integrated by online retailers, marketplaces, or even media companies) consists of a 3-layer implementation strategy in a user-centric AI ecosystem.

1. User Data Types

There are at least 3 user data types that most online businesses deal with:

• Personal Data. Details such as age, name, gender, location, identification document numbers, and others.
  
• Generated User Data (Explicit; Internal). In addition to the default personal data that every user possesses, other data points are also collected through order forms, contact forms, feedback forms, interacting with chat agents, email messaging, etc. The user explicitly gives this information when interacting with websites or apps, and it’s mostly considered internal data since online businesses usually store that information in their data warehouses.
• Behavioral User Data (Implicit; External). Behavioral user data is the most shallow type of data stored since it’s anonymized or at least semi-anonymized most of the time. Think of all the online businesses that use 3rd party analytics platforms (such as Google Analytics) to track visitors on their website/apps – hence its external nature. Because visitors interact with the website in a “guest” mode without disclosing any personal information, this behavioral user data can be characterized as being implicit.

2. User Intent Profiles

A classic ecommerce funnel is composed of the following steps:

1. Homepage/Categories
2. Product Views/Details
3. Add to Cart
4. Check-out/Transaction.

If a user manifests a certain intent at each step of the funnel, we can imagine that certain permissions to the individual data profile can be granted:

1. View Profile – for users that have no intention of buying and are only there to browse. This means the online retailer won’t have access to the consumer’s personal data (age, gender, occupation and more) when they view the homepage, product categories or even product details. Does this mean that the user won’t benefit from a high level of personalization? Yes, if the user chooses to remain semi-anonymous and grants access only to his view profile. Under this profile, the data type we’re operating with is behavioral and the level of personalization that can be offered is minimum.
2. Interest Profile – this kicks in when the user’s intention shifts and decides to add one or more items to their cart. Why? Well, they might need to choose the t-shirt size (or gender), if that’s what they’re buying, disclosing not only the interest to purchase that item, but also a generated type of data. Or they might start using the live chat feature on the website. At this point, users can receive more personalized (and relevant) recommendations due to the new data points that have been shared with the online platform.
3. Shopper Profile. Once the user is ready to purchase, they will inevitably add in their credit card information. When a user reaches this point, chances are their level of trust in the online business operating his data is close to 100%.
   

3. Human-AI Privacy Handshake

If we put it all together, the image we uncover is quite different from the current status quo. This image can be disruptive for both online businesses and users alike. User-centric and potentially user-held data models liberate service providers from collecting data from third parties (data brokers) and give them tools to get the most accurate data directly from their customers (with customer consent).

Such new data models would also help companies create more personalized experiences for their customers and increase competition among companies trying to offer more customer value. Moreover, individuals will benefit from having better control of how their personal information is used and receiving better, more relevant products and services.

If we look at the core concept we’re proposing in this article and analyze how users will manage their identity in a user-centric paradigm we quickly realize that each website or application can be granted different permissions.

The potential for automatically identifying and managing permissions based on the customer’s e-commerce preferences is shaping up. Say the user lands on an online furniture store to look for an office chair – just to browse and get some inspiration as she’s not yet ready to purchase. In that case, the “view profile” can be switched on, which means that the store’s AI system can track and use only the data profile that’s being granted access to. 

Or, if they’re a heavy online fashion buyer and set their “interest profile” on, they allow the website or app to prompt a more personalized experience.

We can call this the Human-AI privacy handshake! Think about it, with minimum human intervention and in a seamless way, third-party AI systems can be more aware of users’ privacy settings and act accordingly, even emphatically. 

How to enable user data profiles?

One way online retailers could enable user data profiles is in the “My Account” section of their website/app. From there, end-users can grant access to their user data profile, depending on their specific intents: view, interest or shopper.

While navigating on the website/app, the AI system would ingest and process only the data that it has been given access to. If we’re talking about personalized search results, it will return a list of items ranked by the relevancy score that can be inferred from the shared profile.

In the case of recommended products, those can be displayed in different formats across multiple pages, sometimes associated with a personalized message, depending on the transaction probability of the user.

There is no doubt that technology is a powerful drive for better customer experiences, no matter which side of the fence we’re on. The proposed user data profiles can be an elegant solution to the privacy-aware personalization problem. Still, the most crucial distinction is that the user grants an AI system access to a certain level of personalization, which is deemed comfortable by the user. For that to happen, the number one aspect that needs to be true is trust. What it takes to get there is an open mind and a willingness to experiment with new ways of looking at the data.

What’s your take on it? Are you willing to take the leap and prepare for using user data profiles in your organization? Contact us and let’s start discussing the possibilities.