The 'right to be forgotten' really does exist... but it’s not the customer’s
What happens today when you forget your username or password? You are taken through some reset steps, maybe given a temporary password.
But where does that get sent? To your email or SMS provider.
So, you fix things and get back to normal. But let’s look more closely.
These password reset pathways are set up right at the START of a digital relationship. When customers create a new account with their email address, SMS or social network login. Like it or not, these 3rd parties have now become our default identity providers. Our digital backup when we can’t access other digital services.
A single point of failure
But what happens if it’s actually these 3rd party identity providers who lock us out?
We can't access other services. Our lives get frozen almost instantly, and completely.
The 'right to be forgotten' really does exist... but it’s not the customer’s. It belongs to the 3rd party identity provider, who can choose to lock us out and forget the customer whenever they want.
It’s they who are really in control of our digital experiences. Of our customer relationships. (And these life-lock-out incidents happen all the time... just look up #facebookdisabledme).
Yes, businesses have the right to kick people out of their account for breaking the rules. But when that account is the digital door key for the rest of the customer’s digital life, it becomes problematic - technically, economically, and societally.
Customers often get locked out without notice, finding out that they’ve fallen foul of the T&Cs they never read. Or perhaps it’s a technical blip, an accident. But either way, these identity providers are in the middle of *everything*.
But there’s an ever bigger risk: account takeover. If a bad actor accesses my 'root' identity (like my email inbox or Facebook account), then it only takes a few clicks to impersonate me elsewhere, and reset my logins everywhere.
A digital reboot
We need a customer relationship reboot. An identity reboot. No more single points of failure.
It's not about government ID or KYC. It's about how we better manage today's real-world problems, when only a handful of companies can decide where we can and can’t go digitally.
This is about the potential of new digital customer tools that individuals control themselves. It will be great for privacy and security. But even these new tools will have a lock-out and back up problems. So we need to get smart. Think about single points of failure. And who's really in control.
Yet I'm optimistic.
Because there are exciting new features coming that will deal with these back up issues and dependencies. But that’s for another post. For now I want to point out that our email providers and 3rd parties are today’s defacto identity providers. And that it’s time for a change.
Else we'll keep getting locked out.
We might forgive, but we won't forget.
If you enjoyed this and want to learn more about the future of customer relationships, why not sign up to the newsletter: