Center for Democracy & Technology releases new report on privacy and DOOH; skips alarmist nonsense

March 2, 2010 by Dave Haynes

The Washington, DC-based Center for Democracy & Technology released a new report this week on consumer privacy and the digital signage industry, called Building the Digital Out-Of-Home Privacy Infrastructure.

The CDT report has recommendations for ensuring privacy as more and more DS and DOOH companies start using audience counting and other technologies to get a sense of audience size, dynamics and profile.
The report strongly urges the industry to get ahead of the issue to ensure consumer trust and control costs, suggesting doing what’s needed now beats the cost of retrofitting.
I have just had a quick run through the report but it appears to contain none of the ridiculously loaded, alarmist tone of another recent report by the little known World Privacy Forum, instead taking an even-handed point of view and building on some of the recent recommendations developed and released by POPAI.
The report suggests the industry should be wary of rising concerns that track all the way up to the US Federal Trade Commission:
Given this environment, DOOH companies should proactively adapt their practices to be transparent and minimally intrusive, and to afford consumers control over how their information is collected and used. Incorporating privacy into the fabric of DOOH business models and data management practices is the best way to prevent privacy risks before they arise.25 It will be less expensive for DOOH companies to integrate privacy controls now, while identification technologies are still relatively new to the industry, than it will be to retrofit privacy protections onto existing systems. How DOOH companies handle the privacy issues they face today will affect the way the public, regulators and advertisers perceive the industry, as well as the industry’s direction in the future. The industry should prove its dedication to privacy protection to reduce the risk that the public will consider interactive DOOH a disrespectful intrusion.
There’s a lot to summarize, but the reports suggests the framework for privacy guidelines breaks down to these areas:
  1. Transparency
  2. Individual Participation
  3. Purpose Specification
  4. Data Minimization
  5. Use Limitation
  6. Data Quality and Integrity
  7. Security
  8. Accountability
The attorney behind the report, Harley Geiger, was actually at DSE last week and has written on the CDT blog about the show and his impressions of the industry as it relates to the privacy issue.
At the Digital Signage Expo, I joined POPAI and WPF on a panel presentation focused on consumer privacy. The panel was the least attended at the trade show, with only about a dozen audience members. On the other hand, panels featuring audience measurement techniques were among the most popular. If that experience is any indication, appreciation of consumer privacy issues seems to be developing at a slower pace than interest in audience measurement for targeted marketing and selling ad time.

Still, it was my impression that most companies exhibiting at the Expo were aware of consumer privacy as a potential flashpoint for the industry, and many took steps to mitigate their systems’ impact on privacy. I spoke with several companies that use facial recognition to tailor advertisements. Each told me they were committed, at this time, to discarding any images of individuals and retaining only aggregated demographics of the consumers who passed by their signs. This was highly encouraging from a privacy perspective, and CDT hopes these commitments remain steadfast even as pressure eventually mounts to profit from individual identification.

The commitment to transparency, however, was less encouraging. Although some of these companies provided consumers with notice of information collection at the establishments in which their units were located, this was not always the case. Several companies spoke of internal debates over whether or not consumers should be notified that signs would use cameras to target ads based on age, gender, and ethnicity. Other companies that develop audience measurement technologies said that they advise their clients (often signage network operators) to provide notice, but their clients generally decline to do so because, “They don’t want people to know. They think people will be uncomfortable with the fact that they’re doing this.”

Unfortunately, consumers will be far more uncomfortable, and quite possibly outraged, when they inevitably discover that this sort of marketing is targeting them in secret. As CDT recommends in its report, transparency through notice and a public privacy policy is the responsibility of not just the technology vendors, but also the digital signage network operators and the owners of the establishments at which the signage is located.

I also spoke with companies that deployed interactive mobile phone and social networking applications. These companies provide a platform on which consumers can text content, like Twitter updates, to public-facing digital signs. In the process, the companies obtain consumers’ phone numbers and social networking names, which can often be users’ actual names. Encouragingly, the companies I spoke to were committed to keeping this data confidential and claim to have no intention to use or sell this information for additional marketing beyond the initial interaction with consumers. However, the companies nonetheless retained the data, despite lacking a specific business use for the phone numbers and usernames. Retaining unnecessary data is itself a violation of privacy principles. As CDT points out in its latest report, companies should destroy unnecessary consumer data, especially directly identifiable data. The Federal Trade Commission already holds companies responsible for the personal data they hold, even companies that have no direct relationship with consumers. The best data security is to not be in possession of information in the first place.
You can get the report here: http://www.cdt.org/report/building-digital-out-home-privacy-infrastructure

Leave a comment