When Nordstrom (NYSE:JWN) this week ended a controversial mobile customer-tracking trial, it offered perhaps the best example why normal IT processes for dealing with third-party vendors may need to be re-evaluated when it comes to mobile.
The problem is data ownership. When a retailer invites a third-party in to track (or otherwise interact with) its customers, who owns that data? Does the vendor have the right to retain a copy? When that vendor works for competing retailers, can it use that information to help them? Does it need to only be in aggregated form? And who is going to police that? Is that low-cost third-party deal as good a deal as it sounds if your customer data ultimately helps a direct rival?
At an NRF panel, two retailers in January called this one perfectly. Jay Culotta, the treasurer at regional convenience chain Wawa, said many of the mobile vendors say they are not—today—planning on sharing data, but they refuse to say what will happen down the road. "It's not a forever situation," Culotta said, adding that the temptations for leveraging such data will likely be overwhelming. "It's unclear what their business case would be without monetizing that data."
A Lowe's executive on the panel—VP, Operational Controller John Manna—agreed and painted a scenario where a mobile vendor knew that a Lowe's customer made regular purchases at Lowe's and then walked right by an Ace Hardware store. And if an Ace Hardware corporate manager is then talking with that vendor, will the very substantial dollars that Ace would likely pay for that list of customers be set aside? Manna indicated that he would rather not find out.
As the Lowe's (NYSE:LOW) and Wawa execs point out, this is not a privacy issue nearly as much a business model issue. Shopper fears of having their privacy violated are misplaced, as this won't violate their privacy any more than it's been violated for decades.
Sidenote: Retail privacy has never really existed. Go back as far as you want. Those convenient corner grocers that your grandparents used? Those owners knew everything they bought and they remembered. It was sort of cerebral CRM. Technology today replaces the shopkeep's memory. It may be much more efficient, but it's hardly more intrusive.
But to the business model. The idea of retailers entrusting tons of ultra-sensitive data to third-parties is nothing new. Think about your payment processor, your QSA or even Visa directly. (Please, not before dinner.) What's the difference? After all, those folk had access to every one of your transactions and they also take money from your direct rivals. Was it a matter of trust? (A retailer blindly trusting Visa? Please.) The difference is that those payment players made their money other ways.
The problem in mobile is that these third-party vendors are still trying to figure out how they'll make money from all of this. The only answer we keep coming back to is data. Repurposing it, reselling it and packaging it. The third-party becomes the data broker and sells the interactions and movements of your customers to the highest bidder.
There is an alternative, of course: Do it yourself. Track your customers on your apps and keep all data internal. The third parties may make life a lot easier and cheaper—in the short term—but until this space solidifies and there's a way to make money without repurposing your data, be warned. This data is also something you can never get back.
Think back to Papa John's legal nightmare last year (it's still going on) when a third-party company that was helping the pizza chain by texting its customers to come back for various promotions started going rogue. It eventually asked for that third-party to destroy all of the names. The allegations involve the third-party grabbing mobile numbers from customers when they asked for pizzas to be delivered. Did the third-party wipe all of that data when asked? What about backup systems? Employees of that vendor who had copies on laptops and thumb drives? Saying "yes, we destroyed it" is a lot easier than proving it.