Definitely Doug 2/9/24: The Path to Personalization

by Doug Rice

In the ever-evolving landscape of technology, businesses often find themselves prioritizing functional changes and component upgrades over experimenting with new technologies, even critical ones.

Consider some pivotal moments in recent technology history, such as the emergence of the worldwide web or the introduction of the iPhone. Brick-and-mortar businesses like hotels were slow to realize that fundamental and ultimately threatening changes were afoot. This is understandable, since applications of new technologies are often not obvious, and the technologies themselves can be time-consuming to learn. Moreover, it is impossible to anticipate all the changes they will ultimately bring about. With the web and mobile web, third parties—notably online travel agents (OTAs)—invested sooner and more heavily than hotels. In doing so, they gained a foothold that hotels have never completely taken back. The same is true in many other industries.

If a hotel company could go back in time and be an early (or at least not lagging) adopter of web or mobile technologies, I suspect many would. These were missed opportunities that proved very costly to hotel operators. To be sure, early adoption of new technologies carries risks, and many early initiatives fail. But even failures provide important learnings for the organizations that have tried them, positioning them to succeed sooner than rivals. And early failures are usually small ones.

The technology environment today is at an inflection point as important as those represented by the worldwide web and the iPhone. But this time, instead of being an issue to understand for the future, key emerging technologies hold the potential, or even the promise, of solving some critical and immediate business priorities for hotels and other travel providers. The question is, will the hotels take the opportunity and act on it, or will intermediaries or alternative accommodation providers once again lead the way?

Intersecting Trends

On the business front, two pressing issues consistently top the priority list of hotels and other travel-related businesses. First is the growing desire to personalize the selling process, tailoring offers to match each unique sales opportunity. Loyalty, mobile apps, massive customer data platforms, attribute- and ancillary-based selling, and conversational interfaces are among the key initiatives many hotel companies are already prioritizing to meet this objective. And none of them work particularly well.

Simultaneously, corporate risk managers see skyrocketing costs and reduced coverage options for cyber insurance, resulting from the rising frequency, scope, and expense of data breaches and the associated regulatory and legal costs; these have been particularly bad for hotels. And these two priorities would seem to conflict: more personalization means more personally identifiable information (PII) to store, and more stored PII means more cyber risk.

Meanwhile, technology has seen explosive growth (and many useful applications) of artificial intelligence (AI), most notably large language models (LLMs) and now large action models (LAMs), the latter illustrated by the new Rabbit r1. Behind the scenes but equally important are foundational Web-3 technologies including self-sovereign identity (SSI), some of its building blocks, which include trusted identity, provable statements about people, biometric proofs tied into phone features like FaceID, and mobile apps that make these accessible to everyday consumers and businesses.

For hotels and many other travel industry participants, these trends are not in opposition. Web3 and AI technologies provide the opportunity to completely redefine how we handle personalization, how we store PII, and how travelers and hotels interact. I have no doubt that they will lead to dramatic changes in the way travel is imagined, purchased, and consumed within the next decade, and possibly much sooner – much as the web and mobile phones did in decades past. I would go as far as to say that without new approaches enabled by these new technologies, personalization will never truly work.

What remains to be seen is which companies will be like Kodak, betting on a future with pictures engraved on silver oxide film, and which will be Apple betting on digital images. If you think Apple had the better answer, and want to avoid Kodak’s fate, then this article is for you.

Why It Matters

Today, travel and tourism suppliers and intermediaries essentially broadcast rate and availability offers through various distribution channels. Collectively they spend billions of dollars to get consumers to visit those channels. Then they wait for potential travelers to come, look, evaluate, and hopefully buy.  

But when they do, every prospective traveler gets pretty much the same offer. To the extent there is any personalization, it is almost entirely at the edges of the process rather than at the core. It is like a grocery store where prices are marked on the shelves for consumers to see and decide. On shopper might have clipped a digital coupon that she knows will result in a better price at checkout, but that’s as personal as it gets. To be sure, I have seen a few truly personalized offers in travel. Airlines trying to get passengers to pay to upgrade to first class sometimes quote different prices based on your history, whether your status is more or less likely to get you a free upgrade, and the like. But this type of personalization is far from mainstream.

Tomorrow’s technology will still support the “grocery shelf” model, but it also offers better options. In particular, consumers (or more likely AI agents acting on their behalf) will be able to broadcast a set of travel needs and preferences and invite travel suppliers and intermediaries to respond with tailored product offerings.

My good friend and industry legend Gene Quinn has compared the new model to the open-outcry stock exchange floor, where sellers shouted out what they had to sell and at what price, and buyers announced what they wanted to buy and how much they were willing to pay; the old model only had sellers doing this. At a macro level this is an accurate and useful analogy. At the micro level, it has even more depth, enabling a private negotiation between each buyer and each seller (or more likely between their AI agents). And that negotiation is not just about price, but can cover features, add-ons, inclusions, booking policies, and other attributes that have value to a particular buyer and that produce more profit to the supplier. Moreover, the marketing language used to describe the offer can be personalized to appeal to the hot buttons of the specific traveler (AI can already do this well).

This model is supported by the combination of SSI (now an integral part of the worldwide web standards), emerging standards for digital trust, emerging mobile apps for consumer interactions, and LLMs. I have written about SSI before so I will not elaborate further here (if you need a primer, you can find one here). LLMs like ChatGPT have gotten a lot more publicity than SSI; I am pretty sure you do not need an explanation. Let us see how these can work together.

Painting the Picture

For this, we will utilize our time travel machine and project ourselves into the future. I will not guess a precise time frame, but based on progress to date, I expect the current proof-of-concepts and early pilots to evolve into a few stable, scalable products within one to two years. The full adoption timetable will take much longer; thirty years after the launch of the worldwide web, there are plenty of hotels that still only accept reservations by phone. My best guess is that a scenario like what follows will be common within four to five years and will be the norm in less than a decade. The technology itself will likely stabilize within the first few years, but historical experience suggests hotels (and particularly the long tail of smaller hotels) might not be the speediest of adopters.

In a few short years, a consumer who wants to travel will interact with an LLM-based agent on their phone, expressing some general desires (location, purpose, sun, beach, skiing, fishing, whatever), budgetary guidelines, who is traveling, and other relevant specifics. The AI agent maintains a (private) version of the traveler’s profile, which includes identifying information; ongoing requirements, likes, preferences, and behavioral characteristics; and cryptographic verifiable proofs of relevant credentials or affiliations (such as might be needed to access a negotiated rate or to prove certifications for certain high-risk experiences).

The agent broadcasts the consumer’s requirements and preferences to qualified suppliers and intermediaries, sharing whatever information the consumer has approved from their profile. This will be done anonymously unless the traveler prefers otherwise. Suppliers and intermediaries then construct offers tailored to each request and return them to the agent.

The agent evaluates and ranks them, presenting the best matches to the traveler. In the early years, the responses will need to be augmented with published (non-personalized) options, since many suppliers will not be ready to respond to broadcast requests for offers. And the process may iterate if, for example, the traveler realizes that the criteria were not as tight as needed to avoid getting back some unacceptable options. The traveler and the agent will likely be conversing in a LLM interface, using voice or text and plain language, as in “I’m looking for someplace sunny, on a beach, and all-inclusive for a week-long vacation sometime in March, but not the Caribbean. My budget is $2000 for two people.”

The supplier uses LLMs to construct personalized marketing descriptions for their offer, based on the requirements and preferences expressed by the consumer. A consumer whose profile says they enjoy art shows might get a description of a hotel offer that highlights its proximity to an arts district or a scheduled art fair or exposition, for example. Another consumer with detailed culinary interests might see something for the same hotel highlighting interesting neighborhood restaurants.

The process is not limited to a single supplier or intermediary. A complex trip might include air, hotel, rental car, restaurants, and multiple activities; the AI agent can have simultaneous conversations with multiple suppliers for every aspect, and construct the best options based on the results, essentially a package on the fly. The traveler’s app basically becomes a digital super-travel-agent. Alternatively, the agent might get quotations from OTAs or traditional tour operators that handle multiple pieces in a package. The search results are not limited to one or the other, they can include both.

Eventually, the traveler selects an option and is ready to book. This might be handled by a Large Action Model. LAMs are just starting to emerge in the real world, but you can find a good overview of how LLMs and user agents may evolve into LAMs in this Salesforce research piece (their example of buying a car is quite instructive). The LAM knows what to do to make bookings happen. This will often involve sending additional information from the traveler’s profile, such as name, address, and payment information. Shopping will often be anonymous as it is today, but travel suppliers typically require a name (and often other information) to confirm a booking.

The conversation between the agent app and suppliers and intermediaries has several important aspects that are often missing today.

  • Both parties can be 100% confident who they are dealing with (or more accurately, they can be confident whenever they need to be). If my agent is in a conversation with a hotel company, the hotel company can ask for proof that I am who I say I am, and I can provide it. Similarly, I can be sure I am dealing with the hotel (or whatever supplier or intermediary) and not an online impostor. This can significantly reduce online fraud.
  • Each conversation is one-on-one (traveler to agent, and agent to supplier or intermediary), and  human participants are dealing in natural language throughout the process.
  • The exchange of PII can be managed for compliance with virtually any modern regulatory framework, such as GDPR (SSI is GDPR compliant by design). The PII is stored on a device or cloud facility controlled by the traveler, who can reuse the same information with all travel suppliers and intermediaries (and for that matter with non-travel suppliers). Sharing requires the traveler’s consent, which the traveler provides through their agent app. The scope of shared information can be as narrow or as broad as the situation requires. The supplier or intermediary requesting PII states how it will use the data and how long it needs to retain it. The traveler can limit retention or revoke consent at any time; for a trusted supplier, they may choose to provide ongoing access so that the supplier always has access to current information about them.
  • All PII becomes current, first-party data, not data that became outdated ten years ago. The traveler can maintain a single profile and share it with multiple suppliers and intermediaries. If they move or change phones or emails, or decide to go vegan, a single update will allow every supplier who has the traveler’s consent to get the update. Today there is a big barrier to updating all your online profiles, and it simply doesn’t happen; as a result, a large chunk of PII held by travel suppliers and intermediaries today is hopelessly out of date. One company recently asked me to verify my phone number when I called for support on my account; what they had on file was a number that has not been mine for more than 25 years!
  • Suppliers and intermediaries with which travelers have consented to share PII have no need to store most of it. Instead, they have permissioned, ongoing, secure, real-time access to some or all information from the most current version on the traveler’s cloud storage. They can access it any time (unless and until the traveler revokes consent), so they do not need their own copy. This should make risk managers ecstatic. To be sure, certain PII may always be needed transactionally; hotels need a guest name in their property management system for a host of reasons. But do they need addresses, phone numbers, or even credit card numbers? I would argue that they need a way to communicate with customers and they need a guarantee of payment – the reasons this information was historically collected. Web3 and SSI provide multiple options for this that do not require storing copies of emails, phone numbers, and credit card details.

Where Are We on This Journey?

The key elements of this future vision are falling into place today. The Worldwide Web standards around SSI, secure communications, and verifiable documents and credentials are now reasonably mature. Trust frameworks, necessary to ensure prevent impersonations, are more complex and vary by use case, but are a current focus of numerous standards and industry efforts. There are now many pockets where trust can be established unequivocally, but others that still need work. Many governments (including all 27 member states of the European Union) are building identity trust frameworks around individual, corporate, and web identity, and other bodies are establishing digital certification frameworks for various industries and applications. The EU has an objective that 80% of citizens will use digital IDs by 2030.

Many private and public entities are developing digital wallets – a catch-all term that encapsulates the way a person interacts with digital identity and third parties, typically through an app a mobile device (think Google Wallet or Apple Wallet, but on steroids). As described in the above examples, wallets can maintain a secure copy of PII, requirements, and preferences (and not just for travel). They can store a backup on the cloud and enable parties to securely access portions for which the traveler has consented. They can manage updates to the profile and maintain multiple versions (such as a business travel profile vs. leisure). They can manage negotiations with suppliers and intermediaries, and they can interact with AI to help formulate requests to suppliers and intermediaries and to evaluate offers received in response, and other functions.

Much of the market leadership on SSI and digital wallets has been coming from the European Union, led by the public sector but with many private startups and established companies also actively participating. The EUDI wallet, now in pilot, is planned for rollout to all 27 member EU countries within the next couple of years. The EUDI Wallet Consortium is a joint effort to leverage this into digital travel credentials. Numerous other countries, states, and local governments also have efforts in production or under development.

IATA, the international association of airlines and airports, has an SSI effort that is aimed at eliminating the need for multiple stops at an airport to check documents such as boarding passes, identity documents, passports, and visas. In addition, the Known Traveller Digital Identity program has a pilot involving the governments of Canada and the Netherlands, three airports, two airlines, Accenture, Vision-box (just acquired by Amadeus), and Idemia. Amadeus also has a significant internal group focused on SSI, although I have not yet seen any announced products in the consumer space.

Several mostly earlier stage companies have developed wallets and related technologies to support this vision in various parts of the travel industry. Autoura has developed an AI tour guide that is driven by a digital SSI wallet; there is a fun and eye-opening five-minute video from a recent Phocuswright conference here. Condatis, Gimly, IDNow, Indicio, MATTR, Neoke, PassiveBolt (see a deeper dive in my blog from last March), SICPA, TravlrID and Youverse are others I recommend looking at. I am sure there are others, and it is far too early to pick winners and losers, but these efforts are all worth watching. Many of these companies are looking for additional pilot partnerships.

A final and critical piece is the traveler profile. The typical historical profile used by travel suppliers and OTAs today has maybe 10-20 pieces of user-provided information (name, address, phone, email, and things like seat or room type preference). That first-party data is typically enhanced by third-party data that overlays demographics, psychographics, browsing history, past purchase, and other factors. While useful, this approach does not facilitate the personalized travel discovery, shopping, and booking process described here.

To get the best options, profiles need to enable a traveler to specify much more information: preferred cuisines, attitudes towards safety (would you venture out in a strange city alone at night or not?), what you like to do, whether you are willing to shared taxis or accommodations, any accessibility requirements, dietary needs or preferences, and many other factors. It would be too laborious to ask a traveler to provide this level of detail to every travel supplier or intermediary; the self-sovereign profile ensures that they can create it once, add to it or update it over time, and then share from their wallet selectively with suppliers and intermediaries during travel discovery and booking (or for trusted suppliers, permanently).

An ongoing effort within the Hospitality and Travel special interest group of the Decentralized Identity Foundation (the nonprofit association that developed SSI standards that have been adopted by the Worldwide Web Consortium) has spent the last nine months developing a standard for such a profile for the travel industry. It is an open effort that anyone can join for free. In the coming months, the group intends to publish it as an open-source resource and schema that can be enhanced over time. Several companies who have already developed their own profiles as part of new products are participating and see the value in a global standard that will promote cleaner and more precise communications between AI agents, suppliers, and intermediaries.

When a profile is combined with an AI-based LLM and a travel wallet, you have all the pieces needed for intelligent travel agents that can live on your phone. Now it is up to suppliers and intermediaries to plug into the ecosystem.


Travel distribution and marketing will not change overnight. New technologies take time to mature and be adopted; the old and the new will coexist for a decade or longer. But for the most part, we now know the key building blocks and capabilities of the next generation of digital travel distribution, and are gaining experience in how to use them. The question for hotels is who will be the first to start the transition to a world where travelers can tell us what they want and we can respond with personalized offers? Will it be one of the major hotel companies? A service provider like Amadeus or Sabre? An intermediary like or Expedia? Or a startup like one of the ones mentioned above?

More important, will your company be leading the move towards personalization in a future with better and better AI-based LLMs, while reducing your PII risk, cyber insurance costs, and cost of regulatory compliance? Or will you let your competitors take the lead? The choice is yours.

If you’d like to connect with any of the efforts or companies mentioned in the article, please reach out to me directly.

Douglas Rice

Discover Return On Experience

Three ecosystems — Hospitality & Leisure, Food & Beverage, and Inventory & Procurement — operate independently and together depending on your needs.


Let's Get Digital

7 Questions to Ask Before You Invest in a Hotel Mobile App



Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.