World Privacy Forum Report | Digital Signage -- The World Privacy Forum published a groundbreaking report today on digital signage and privacy. The report, The One Way Mirror Society, discusses the remarkable consumer surveillance occurring in retail and other spaces. This is the first report on this topic to be published. From the report:
FTC Privacy Roundtable -- Thursday, January 28, WPF Executive Director Pam Dixon will be speaking at the FTC's Privacy Roundtable about the privacy implications of digital signage networks and will be specifically discussing the new report: The One-Way Mirror Society: Privacy Implications of the New Digital Signage Networks. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate.
This 2010 WPF report, The One Way Mirror Society, explores new forms of sophisticated digital signage networks and their privacy implications in the US and other countries. Digital signage networks are being deployed widely by retailers and others in both public and private spaces. From simple people-counting sensors mounted on doorways to sophisticated facial recognition cameras mounted in flat video screens and end-cap displays, digital signage technologies are gathering increasing amounts of detailed information about consumers, their behaviors, and their characteristics.
The digital signage networks this report addresses are bi-directional. These networks give information to viewers while they capture information from viewers and send it back to a home base. In the digital signage industry, the new technologies are often compared to the interactive signs from the movie Minority Report. [1] In the movie, large-screen video billboards recognized individual consumers and delivered personalized advertisements to each person. The movie version of the digital signs and billboards relied on an iris scan to customize the ads. Today’s modern digital signs rely on advanced video analytics and sophisticated cameras and sensors.
The best way to understand the capabilities of digital signage today and how it is being used is to see the digital signage industry’s newly minted Recommended Code of Conduct for Consumer Tracking Methods (See Appendix A for complete document). This document on consumer tracking methods in digital signage was written and agreed upon entirely by industry members, without any participation by consumer representatives. The document reflects the advances in technology in this area and where the possibilities for abuse lay. The opening of the document reads:
Heat maps and path tracking technologies essentially generate maps of where consumers spend the most time standing and walking in stores. (Figure 2). One product, PathTracker, uses RFID chips for large store tracking, and video tracking technology for smaller stores or sub-areas within stores.
Facial recognition technology was initially developed for security purposes, but it has found a new use in digital signage for marketing and ad targeting purposes. Essentially, the process is that a camera captures an individual’s image, then checks it against algorithms that analyze at least 80 facial characteristics, such as distance between eyes, length of the face, width of the face, depth of eye sockets, and so forth. [48] Layers of algorithms are used to crunch the facial information into determinations about a person’s age bracket, gender, and ethnicity. The next efforts are going toward coding the facial expressions of shoppers to “capture their emotional reactions to in-store environments.” [49]
Few consumers are aware that watching a video screen or interacting with a kiosk may mean they are being recorded and having their behavior, gender, age, and ethnicity analyzed. As a result, there has not been a robust public discussion of how consumers feel about these technologies.
Security Camera Footage: Repurposing footage for marketing and profit Perhaps the most egregious repurposing of data is the use of security camera footage for store marketing purposes. From the industry literature, this appears to be an established business practice at this point. It is one that needs to be examined closely.
The industry view of privacy has been officially articulated in a Recommended Code of Conduct for Consumer Tracking Methods that has been provided to the World Privacy Forum. The code of conduct is contained in full in Appendix A.
There is no public awareness of the capabilities of digital signage, and that has to change before for any debate over regulation or legislation can start. Nevertheless, it is possible to identify from other privacy arenas the types of standards that should be considered for users of digital signage. Full recommendations will only be possible at a later stage. Here are some preliminary ideas.
New forms of sophisticated digital sign networks are being deployed widely by retailers and others in both public and private spaces. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate. The privacy problems inherent in digital networks are profound, and to date these issues have not been adequately addressed by anyone.
The following document is the recommended code of conduct for businesses engaging in consumer tracking. The document is entirely non-binding, and was created entirely by industry participants. The document is reproduced here in full with no changes. Best Practices: Recommended Code of Conduct for Consumer Tracking Methods
The World Privacy Forum filed comments today with the Department of Labor requesting that the DOL expand its protections of how genetic information may be used by health insurance companies or group health plans. The World Privacy Forum urged the DOL to include genetic information posted on social networking sites in its consideration of the GINA regulations.
Genetic privacy -- The World Privacy Forum filed comments today with the Department of Labor requesting that the DOL expand its protections of how genetic information may be used by health insurance companies or group health plans. The World Privacy Forum urged the DOL to include genetic information posted on social networking sites in its consideration of the GINA regulations.
FTC Privacy Roundtable -- WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.
The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan's web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.
Genetic non-discrimination regulations (GINA) -- The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan's web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.
Congressional testimony -- WPF executive director Pam Dixon testified at a joint subcommittee hearing focused on privacy and the collection and use of online and offline consumer information. Dixon's testimony focused on the new "modern permanent record" and how it is used and created. Dixon said "The merging of offline and online data is creating highly personalized, granular profiles of consumers that affect consumers’ opportunities in the marketplace and in their lives. Consumers are largely unaware of these profiles and their consequences, and they have insufficient legal rights to change things even if they did know." The testimony explored concrete examples of problematic consumer profiling activities.
I am particularly interested in developments related to online and offline data flows of consumer information. Given the advances in technology that have significantly broadened and deepened the scope of consumer data collection practices, and given the new ways that these technologies and practices can shape and impact an individual’s experiences and opportunities, I believe the decisions that this Committee arrives at will be of lasting importance. Given the transition our society is undergoing from analog to digital, it is crucial to question what changes the new environment brings, what new controls it includes, and its meaning for our day-to-day lives. It is especially crucial to carefully examine and to discuss the effects these developments will have for the consumer. We must look for a fair balance between benefit, risk, and harm.
FTC "Exploring Privacy" Roundtable Series -- The World Privacy Forum has been invited to speak at the Federal Trade Commission's first Privacy Roundtable, to be held December 7, 2009 in Washington DC.
FTC Privacy Roundtable -- The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers' interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.
The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers' interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.
Madrid Declaration -- A significant civil society document with more than 100 signatories worldwide has been published in conjunction with the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners. The document, known as the Madrid Declaration, affirms support for the complete canon of fair information practices as expressed by the OECD, affirms support of privacy as a fundamental human right, and warns that "the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies."
FTC -- The Federal Trade Commission has delayed the enforcement date of the Red Flag Rule until June 1, 2010.