blog image

Mind the Gap

May 16, 20232 min read

Doing both personalisation and privacy well

  • There is an increasingly obvious problem.

  • It is probably going to get worse before it gets better.

  • Yet it doesn't need to be this way.

The problem is that hotels are rushing headlong into the use of technology without first making sure that guest personal data is properly protected.

The data which is collected and processed by the latest technologies is rarely supported by adequate organisational systems.

At best, some hotels in the UK are singing the right notes but not necessarily in the right order. The rest of them are just ignoring the issue. Of course, people are busy, there are plenty other challenges to contend with.

Yet if you want to use personal data to make sales and improve your guest experience you are probably going to have to do some work to enable it all.

Otherwise you are simply storing up trouble for yourself.

  • Potential customers won't trust you.

  • Your technology vendors will do what they like, which is not always what you want.

  • You become the lawful prey of every hacker and cybercriminal in the world.

  • Your processing of personal data - the data you need - goes out of control.

The Problem

Privacy is an afterthought.

You can see evidence of this on most hotel websites.

"GDPR" was treated as a compliance nuisance. Ersatz solutions were deployed back in 2018. Not all of them cheap. By the looks of things there was a fair amount of snake oil peddled all those years ago and bought up by reputable hotels.

And because all this snake oil exists on the websites of reputable hotels, other operators copy it for theirs.

The concepts of consent or legitimate interest are frequently misunderstood or misinterpreted.

The words "Privacy Policy" appear in tiny text, buried at the foot of a website. If indeed it is there at all.

Where privacy information is published, it is all lumped together in one, long document which with the best will in the world nobody is ever going to read (only privacy and data protection people like me ever read 'em - oh, and litigation lawyers...).

Cookie banners, if used, are often misconfigured. They are supposed to offer website visitors choice. Very few do.

All of these seemingly unimportant points are things which need to be done better. Otherwise the prospect of your hotel making effective use of personal data is just a pipe dream.

Because if you are not getting these bits right, it is fair to assume the rest of the things you need to have in place are not being done right either. Indeed, they are probably not being done at all.

The personal data used by hotels needs to be "privacy enabled". Data protection and privacy needs to be designed in to technology as the default position.

blog author image

Allan Simpson

Privacy management blogger

Back to Blog