A brief history of the in-store privacy discussion
About four or five years ago, a number of companies came to market with products that could analyze live video feeds to see where people were looking (called "gaze tracking") and also recognize certain demographic characteristics of people caught on camera. Many of these companies originally devised their systems for military or civilian security use, and were seeking to adapt it for other purposes. By 2008, some of these companies were courting digital signage networks and software companies to integrate their wares. Their arguments for doing so were fairly straightforward. First, by identifying how many people were looking at a digital sign at a particular time, it would make the screen time that much more valuable for advertisers. Second, by identifying a person by demographic, the network could immediately display information thought to be relevant to that group. But people seemed to be glossing over the privacy implications of the technology, which led me to write an article explaining why digital signage networks must guarantee viewer privacy.
Image credit: Rob Pongsajapan
In early 2009, I spoke out again about the topic, this time asking if digital signage is invading consumer privacy. By mid-2009, the POPAI best practices document was finalized, and was reviewed by members of POPAI's board of directors, as well as POPAI's strategic planning committee. Dick Blatt (POPAI's President at the time) took the draft document to an informal working session at the FTC, which is the government body that manages most of the legislation surrounding consumer privacy. The FTC folks agreed that our draft was the correct first step toward the kind of industry self-regulation that, if properly managed, would keep members of our industry out of the FTC's targets later on. At roughly the same time, Nathan Purcell of DCSI reviewed a draft of the best practices document with former House of Representatives member Barry Goldwater Jr., one of the primary authors of The Privacy Act of 1974, and a recognized expert on consumer privacy matters. The positive feedback from both government-related endeavors led us to believe we were on the right track.
What are the best practices for collecting and using data?
The POPAI document is called "Best Practices: Recommended Code of Conduct for Consumer Tracking Research", and you can download the full 11-page document directly from their website (PDF format). In general, we tried to focus on the four or five things most likely to get you in trouble with your local, state or federal government, your customers, or both. If you are planning to collect, store, process or use any kind of surveillance-like data gathering (especially with technology that can uniquely or individually identify consumers, which we'll cover in a minute), then you really need to:
- Disclose data collection methods: Put up some signs, make some pamphlets available, put up a web page. I know that this will be anathema to retailers, but our expectation -- which is mirrored by the FTC's own recommendations to related industries -- is that the more potentially privacy-invading the tracking technique, the more good you can do by plainly disclosing it ahead of time.
- Get customer consent to be monitored: I know this isn't going to be practical in all cases, but again, giving your clientele a modicum of power inside your venue translates to an improved sense of trust and a stronger customer relationship.
- Know the difference between unique and individual identification: In short, unique identification means that you can track an individual apart from other individuals as they travel through the venue. Individual identification means that you can take that tracking data and correlate it to a specific person, either via some personal information like a name or address, or via an account number.
- Allow customers to opt in (or opt out) of more intrusive monitoring practices: Like getting consent, I know this isn't going to be practical or even possible in many cases. But the opt-in (and even more so, the opt-out) is the thing that will keep our industry out of the hands of regulators.
- Practice cross-channel and cross-domain marketing constraints. This is another area that may get our industry into trouble in the future. Imagine a scenario where a cross-retailer loyalty program can track an individual as he goes from the supermarket to the dry cleaner to an apparel store to a big-box retailer. Such a system would clearly be able to collect a vast amount of personal information. Just as the FTC is currently trying to limit the ability of Internet marketers to track consumer behavior over a large variety of Internet properties, they will certainly try to do the same thing in the real world at the first sign of trouble.
Quis custodiet ipsos custodes? (or: Who will watch the watchers?)
Who's watching the watchers, you ask? My personal belief is that we'll eventually need a fully independent, non-commercial, global not-for-profit organization set up to align shopper and marketer interests. POPAI would be a great choice for this role given its current global presence, non-profit status, and clear interest in seeing the digital signage industry continue to expand and flourish. (For a truly excellent analysis of why our industry needs a non-profit advocacy organization like POPAI at the helm, I highly recommend Ken Goldberg's recent article on the subject.) For now, given the early stage that we're at and the hard time we're having just getting the message out, I think such a move is a bit premature. But rest assured that government and private entities alike are keeping a very close eye on what's going on with real-world consumer marketing programs, and that one of them will ultimately pounce.
So, that's the digital signage privacy debate in a nutshell. If you're angry or upset about it, I guess you can blame me, since I'm as responsible as anybody for perpetuating the discussion. And if you think it's a non-issue, then at least you can take solace in the fact that I'm wasting my time on it.
But if you're the least bit concerned, or you're a major brand or retailer thinking about implementing tracking mechanisms, or you're a company that deals with gaze tracking, RFID tracking, mobile tracking or anything like that, then I highly recommend you spend a few minutes with us at the Digital Signage Expo, where we'll be doing a seminar on the best practices for using observed tracking data. Here are the details:
Opt-in or Opt-out? Navigate the Consumer Privacy Issue for Future Profit
Thursday, February 25 at 8-9 AM
Hope to see you there!
What do you think of the new POPAI guidelines? Leave a comment and let me know.