Hospitality/Travel/Loyalty

Key Business Considerations

The hospitality and travel industries thrive on providing special or unique services for customers, particularly providing personalisation for regular or high-profile repeat customers. For example, some large hotel chains are able to provide their most-valued hotel guests with personal liaisons for customer questions or assistance during their stay. In smaller hotels, stored data and processing technology is used to track customer preferences, so that guest experiences can be personalised to some extent. And this does have an impact on customers: in the Hotel 2020 report from IBM, they noted that “over 70 percent of hotel guests we surveyed report having positive experiences with personalization.”

Some of the issues with developing these experiences include:

• Loyalty programs need more than simply discounting to personalise the experience. For example, loyalty programs may offer better rewards as a customer becomes more connected.
• Automated technology can elevate guest experiences, without which hotels and airlines may struggle to compete.
• Balancing guest privacy with the opportunity to deliver a more positive and tailored guest experience is challenging.
• Providing coupons, special deals, and targeted advertising and marketing inside these sectors is a long-standing practice that creates a tension between data processing and data privacy laws.

Key Legal Considerations

Analytics, AI and ML for hospitality, travel and loyalty programs:

• Require personalised data to reflect customer preferences.
• Need to combine data sets, often collected for different purposes.
• Produce inaccurate, biased results without access to accurate datasets.

While processing personalised data is necessary for successful hospitality, travel and loyalty programs, there are some issues. The personalised nature of these datasets results in a higher likelihood of reidentification risk via the Mosaic Effect.

When the processing of personalised data is necessary for successful hospitality, travel and loyalty programs, the resulting benefits and the protection of personal data must be balanced. A practical way of ensuring both must be discovered.

It is difficult to rely on the legal ground of consent for hospitality, travel and loyalty programs because consent must be specific and informed. The required analytics, AI and ML tools are so complex, it is not possible to reasonably rely on a customer’s consent, as you cannot be specific enough for the consent to be valid.

This means that you need to rely on Legitimate Interests processing. Legitimate Interests processing provides benefits for data controllers wanting to lawfully use data for secondary processing and repurposing.

However, for Legitimate Interests processing to satisfy legal requirements, you must show that you are using “appropriate safeguards” that reduce the risk of data misuse, such as GDPR-compliant Pseudonymisation.

Anonos Pseudonymisation Technology

The problem is that until now, no data protection technologies were capable of supporting Legitimate Interests processing, by reconciling the conflict between data protection and utility when processing the personal data of customers to maximise lawful data value.

For example, conventional data protection technologies that support anonymisation, encryption, static token allocation, and differential privacy:

• Significantly degrade the utility of data, distorting the accuracy and predictability of the insights you need;
• Fail to deliver effective protection against unauthorised re-identification; and
• Limit the further use of valuable data for non-primary purposes.

Click here to learn what other global companies have proven: that it is possible to retain up to 100% of the accuracy of analytical value when processing datasets protected using patented Anonos Variant Twins®.

Anonos state-of-the-art Pseudonymisation technology is superior to other data protection techniques because it helps enable lawful repurposing, distributed secondary processing and data sharing while delivering data utility equivalent to processing unprotected cleartext versions of personal data.