Who Has my Data?! How can you protect yourself from Data collection in Loyalty Programs?


By  Sarah Ghobar , Guest Contributor.

Recently, the General Data Protection Regulation (GDPR) and its influence on policies of personal data collection have been a highlight in the international business news, the rise of these regulations increased customers’ awareness about the management of their personal data. In fact, a study from IBM (2018) revealed that nearly 60% of organizations surveyed accepted the General Data Protection Regulation (GDPR) and by it improved their privacy, security, and data management process. In the Middle East and GCC, UAE is one of the first countries to issue Privacy and Data Collection regulations; however, the extent to which they are similar to the GDPR regulations is still not accurate. 

Nevertheless, online threats exist in the Middle East as well, so how can users protect their privacy?


Be aware of the information shared 



Upon signing up for loyalty programs, users might notice that not all fields are mandatory and it is okay to leave fields such as address empty if they are uncomfortable with sharing that. When shared with third parties, this information can make the user part of many targeted advertising schemes. Keep a note of those websites or loyalty programs where critical information was added as that will make it easy to opt-out when it feels overwhelming.  

Scan through the company’s privacy policy 



Reading pages of policies and regulations might not sound too appealing. However, before signing up to any subscription scan through the company’s privacy policy to find out what it does with your data, how long does it retain the information, and with whom it might share it. This applies specially for apps downloaded on personal phones; users should make sure they understand why the app requires access to location, gallery or contacts. Knowing that many companies are not honest with what kind of data they collect and for what purpose, instead they mention vague phrases like “better customer experience”; this might mean that the information is used for undisclosed marketing purposes or data analysis. 

A well-known example of this is Target in the United States, and how they figured out a teenage girl was pregnant before her own family did from her purchase habits alone! Target keeps a record of customers’ history of purchases along with the demographic information they collected personally or bought from other sources. With this information, Target’s statisticians were able to derive a pattern of purchasing habits that can help them assign customers who might be pregnant and predict the trimester they are in. Based on this algorithm they send targeted advertisements on baby products to these customers, which might make them uncomfortable especially if they did not sign up for Target Babies program themselves. 


Research about existing data brokers and opt-out


Data brokers is an uncommon concept in the Middle East, many online users are not aware that even their simplest request on a search engine is being recorded and used by data brokers. Furthermore, the lack of privacy policies in the Middle East region makes users an easy target for these companies. Whether browsing the web or shopping online, there is a 200-billion dollar industry that trades on this kind of dataRetail companies might depend on data brokers to gather more information on customers already in their loyalty program or potential customers that they can target to subscribe to their programs. They are particularly interested in this kind of information as it helps them understand their customers and adjust their marketing strategies accordingly. Users cannot always guarantee that reaching out to data brokers and asking to opt out will in fact delete their information; yet, it is worth a shot.  


Adjust the privacy settings of social accounts



This is the easiest way to protect personal information! On Facebook and some other social accounts, members can adjust privacy settings to turn off access to third-party apps. Every user should undergo this exercise to make sure they are at least aware of the possibilities of their info being shared. Most companies today in the Middle East especially opt-in their customers to share data as default settings due to the lack of rules and regulations in the region regarding user data. 

Create a secondary email address 



Consider creating an email address that can be used for loyalty programs and other online subscriptions. This allows the isolation of personal vs other emails and safeguards any private information that might be taken if that email is shared with a third party without the user’s knowledge. 

Data protection is a two-way street; companies need to have a clear strategy and a disclaimer of how, where and when this data is used and users should have control over decision. It is also important for loyalty programs to keep in mind that the ultimate goal of data collection is to enhance the consumers’ experience with the company and gain their trust, as consumers who are willing to disclose additional data on themselves expect more benefits in return. 



Last Updated  September 29, 2019