I have a personal history in the areas of personalization and profiling. And there might be some good chance for these ideas to become reality now - in the context of Infocards and to the sake of VRM (Vendor Relationship Management).
The threat in personalization and profiling is to know what the person really wants (personalization) or is/has (profiling). The one who knows best is the person itself.
(Managed) infocards can transport virtually everything. They might provide profile information for personalization. A trusted identity provider might offer a service which stores profile information it retrieves from the users and provides it in a controlled way (the basic idea of user-centrism) to web sites which shall provide a personalized experience to the user.
Bring in things like U-prove and that site doesn't need to know the exact data but can "ask" the Identity Provider about relevant aspects and retrieve a yes/no decision. For sure the service provider/relying party in that equation will know some things but the amount of this knowledge can be limited - and thus privacy can be maximized.
I'm convinced that there is a business model for Identity Providers. Users might pay for a trustworthy handling of privacy information. Relying parties might pay for the ability to personalize information. There might also be approaches where the service is for free but the privacy is limited - the relying party might pay more if she learns more about the user. Both approaches might work.
VRM fits perfectly into this. It is the use of these approaches for vendor relationships, providing information for buying decisions via Infocards. For me, VRM, infocards and technologies like U-Prove are the pieces of a puzzle which, when ready, shows personalization and profiling as the picture.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]