The value of data has been growing, but so have the costs of managing it. To be competitive in 2018 transport operators will need to be increasingly smart in the way they use data and the UK Data Protection Bill seeks to formalise new requirements on the handling of personal data. Better management of customer data helps operators to manage travel supply and demand, respecting customer preferences and needs, perhaps also adding new value to core transport services.
The new General Data Protection Regulation (GDPR) adds a new level of control on the way that personal data is used. From 25 May 2018 EU Citizens have a new set of digital rights. The new regulation covers all data that contains personal information. If a transport operator holds data on travel patterns that could identify individuals, they need clear policies for managing the data including informed consent from the traveller. The UK Data Protection Bill closely follows the EU approach since staying close to the rights and obligations contained in the GDPR is the least disruptive data protection option, regardless of the UK's trading position with Europe. This Bill moves into its final stages at the House of Commons early in 2018.
Transport has many small transactions, but providers know relatively little about each customer. Relative to other industries the costs of implementing GDPR could be higher than for organisations that already have strong customer relationships, and simply need to tweak the wording of the consents they receive from customers. Many transport operators may not even realise that they data they hold could be used to identify individuals, but ignorance is no excuse. The concept of informed consent must include some demonstrable action by a citizen that they have accepted the terms under which their data is collected and used.
It is possible that it will prove acceptable for consent to be as simple as a prominent sign saying, "by boarding this bus you consent for the record of your ticket data to be used to...." or "by using this fuel pump you are assumed to have given express consent for your car registration plate data to used for...". However, linked data can be very hard to anonymise, and not all customers will consider that using a service is a demonstration of expressed consent. Operators who attempt to anonymise all travel data don't just face higher administrative costs, or even increases in problems such as fare evasion by not being able to identify travellers, but also face greater risks of challenge for holding personal data without consent. If there is a chance to use the new rules for financial benefit, it will not be long before transport operators find themselves in court whilst the case law on personal consent evolves.
Will transport operators treat these new rules as an administrative and legal burden or could the change nudge many towards new higher value customer centric delivery approaches? With current technology there are low cost high benefit customer services that could be added to the standard delivery approaches of operators. Companies like Google already use the informed consent their customers have given, to offer travellers relevant services related to rail and car journeys.
Transport supply is an expensive business compared to customer relationship management. Forward looking operators could develop a range of new income streams, unlocking untapped value from getting to know customers better, such as affiliate marketing revenue from helping customers access services related to travel. For example, Transport for Edinburgh is now the second biggest retailer of tickets for Edinburgh Castle after Historic Scotland adding healthy revenues to the transport business.
An operator which persuades a customer to sign up for customer accounts will be able to use data for the benefit of both the operator and the traveller. A good smart ticketing design within the account can also enable both forward and backward compatible technologies suitable for all customers. That could mean offering some people paper tickets and vouchers linked to an account, or could include cards, phone apps and wearable technologies, recognising that both analogue and digital technologies will be needed on travel accounts for most operators for some time yet.
Accounts could even be linked with other operators under agreed terms, ensuring appropriate customer consents for journeys that use more than one operator. Provided each operator uses simple technologies for managing their customer travel accounts, and straightforward contracts for managing relationships with partners, they can be up and running with customer centric systems very quickly and well before May 2018. The consent process could be harder to manage if operators use some of the more complex smart and integrated ticketing approaches with more complex business rules. Using third party technologies does not diminish the liability of an individual operator on how their data is held and used.
Just as making better use of pervasive data has generated opportunities for new business, it has created the need for new regulations. The organisations that see only the cost side of data compliance will be missing out on the data revolution. In the coming months transport providers have a chance to make compliance more of an opportunity than a threat, by developing stronger personalised relationships with their customers.