Skip to content
GitHubLinkedInX / Twitter

The Ethics and Benefits of Progressive Profiling in Customer Identity

CIAM, Customer Identity, Digital Marketing, Digital Sales, User Experience, UX, Progressive Profiling, GDPR, Privacy, Digital Privacy3 min read

Progressive Profiling is a not-so-new tactic used in software, such as a business website, to get users to volunteer a ton of information about themselves. It could be described as the love child of Digital Marketers and Customer Identity. The aim is to build as much information as you can about a user without asking for it upfront. Progressive Profiling - ethics and benefits It can take several forms, but generally, it follows a similar pattern to this:

  • A customer registers for an account on your website, and you ask for their email address to complete registration, which requires validation. (Email acquired)

  • The next time they log into your website, you ask them to complete their name to complete their profile. (Name acquired)

  • Maybe during a purchase, you require a postcode to complete the transaction. (Geography acquired)

  • Several weeks later, you prompt for a mobile number under the guise of some requirement (e.g. giveaways, competitions, even two-factor authentication). (Mobile number acquired)

And so on and so forth.

There are different schools of thought on this. One is simply from a marketing perspective: “Consume all the data we can.” This usually has little regard for privacy but doesn’t necessarily breach any GDPR-related compliance requirements. It’s a sleight of hand that is non-confrontational and appears more harmless than a giant form of data.

Another is to simply improve the user experience. If your website actually needs a lot of information to provide a service to your customer, you may spread the acquisition of this information over time, prioritizing the ‘must-have’ data and deferring the ‘nice-to-have’ data to avoid overwhelming your customers. This could also be the difference between converting a customer or losing them; a good user experience holds a lot of value in e-commerce.

Note: If you sign in with Google or Facebook, then often this information is just siphoned from their database (since you gave the website permission to read your Google or Facebook data). Anything missing from that dataset can be queried for at a later date.

If a website is subject to GDPR standards, then you have the right to request your data. If you suspect a website has gamed you down a progressive profiling rabbit hole, you can check out what data they hold on you, correct the data, or remove that data.

If you’re considering using progressive profiling in your software, consider the ethics of the approach. Transparency with customers and users is always preferred, as consumer focus continues to grow on privacy. Businesses that don’t take privacy seriously have been made an example of over and over, doing their brand immense damage as a result. It’s no longer a matter of ‘if’ you’ll get found out, but a matter of ‘when’.

Additionally, when data is not necessary for the serviceability of a customer, avoid asking for it, or if you hold that data, purge it. If your website or database is compromised and your customers suffer a data leak, serious questions will be raised on why specific information was even held. We’ve seen examples of businesses storing drivers license numbers, when weak justifications were provided on how the data is being used. Minimisation of stored data can significantly reduce the blast radius of future attacks.

© 2024 by The Identity Citizen. All rights reserved.
Theme by LekoArts