John C. Tanner
24 Aug 2010
The furor in Hong Kong over the recent Octopus Card scandal – in which it was found to be selling customer data to third parties – has died down following the resignation of CEO Prudence Chan and the promise by the government to review its current laws regarding privacy and handling of customer data.
But the core issue is far from settled, not least because Octopus is just the latest example of companies struggling with the fact that they are sitting on a marketing goldmine of customer data that is difficult to monetize without betraying the trust of the customers who generated that goldmine in the first place.
At heart, the Octopus scandal is really just another version of the numerous Facebook controversies over allowing third parties to access user data for marketing purposes. On the bright side, at least Ms Chan didn’t try to argue – as Facebook CEO Mark Zuckerberg and Google chief Eric Schmidt have done – that privacy is practically dead anyway.
On the other hand, Octopus did maintain between apologies that technically it broke no laws and everything was disclosed in the fine print of the rewards program that generated the sold data. That did little to make outraged users feel better about the whole thing, and why would it?
This is a an issue that’s only going to get bigger as more and more service providers become tempted to monetize customer data, whether for subsidizing free services with advertising or creating new ad channels for extra revenues.
In the contactless payment sector alone, Frost & Sullivan says that contactless smartcard shipments in Asia-Pac alone will grow from 590 million last year to almost 2 billion by 2016. Those figures include electronic passports and mobile devices using NFC technology, which is another key point – the customer data protection issue isn’t limited to smartcards and social networking sites.