Information Commissioner's Office
How shops can use your phone to track your every move and video display screens can target you using facial recognition
Blog posted by: Simon Rice, Group Manager for Technology, January 21, 2016.
Picture the scene, you’re in a department store and decide to go back and try that pair of trousers on for a second time. How would you feel if the price had changed or a display lit up with a three-for-two offer?
What you may not realise is that technology has been developed which could allow the store to track your shopping movements using the Wi-Fi on your mobile phone.
This technology, which is starting to be rolled out in shops, allows retailers to use the customer journey to build up a picture as to how people typically use the store. It uses the MAC address of a smartphone which can, in many cases, be linked to a specific individual.
Here at the ICO, we’re interested in Wi-Fi location tracking because it could involve the use of personal data. This means it falls under the Data Protection Act and that’s where we come in.
The use of this type of technology is not just confined to the retail environment – airports, railway stations and even city-wide Wi-Fi networks could use it to monitor individuals.
The issues surrounding Wi-Fi location tracking were discussed at the last meeting of the international working group on data protection in telecommunications that I attend on behalf of the ICO.
When this type of technology is used to generate aggregate statistics about daily visitor numbers or to generate an alert if an area is overcrowded, it can be done in a privacy-friendly manner. Therefore we have written a list of recommendations for use of the technology.
These cover things like ensuring there are clear physical and digital signs to inform individuals that location tracking is in operation and to transform the unique MAC address so that it no longer relates to the individual device from which it was collected.
The working group looks at the implications of a range of emerging technologies. For instance, we have seen examples of advertising displays knowing when and how long we are looking at them, as well as our age and gender.
This could result in targeted marketing such as an advert for shaving products appearing if a man is detected in front of the display.
Meanwhile, smart CCTV systems could offer new options for audience measurement and detection of over-crowding.
Even if the identification of individuals is not the intended purpose, the implications of intelligent video analytics for privacy, data protection, and other human rights are still significant. For example the technology could be used to play recorded messages to reprimand litter picking or illegal parking.
One of the key implications of video analytics is that individuals have the right to know who is collecting what data about them and for what purposes.
As with Wi-Fi location tracking, the working group has again come up with a list of recommendations for how the video technology should be used. The recommendations can be viewed in the working papers produced by the group.
The ICO will be keeping an eye on these developments, and others, and working to advise the relevant organisations on the rules they need to follow.
In the meantime you can read the previous working papers which have been published since the group first started in 1983, including topics such as drones, big data, web tracking and cloud computing.
Just as it may be necessary to return to the changing room to ensure the correct fit, we need to ensure the correct balance between technology and privacy to ensure we don’t end up with a case of Wallace and Gromit’s Wrong Trousers.
Latest News from
Information Commissioner's Office
ICO's blog on its information rights work26/07/2021 16:20:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law21/07/2021 09:20:00
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.
Blog: What’s next for the Accountability Framework?19/07/2021 09:10:00
Blog posted by: Anulka Clarke, 15 July 2021.
Blog: Reflecting on the past five years of fundraising and data protection regulation16/07/2021 14:43:00
Lord Toby Harris, Chair of the Fundraising Regulator & Elizabeth Denham CBE, the UK Information Commissioner, reflect on the past five years of fundraising and data protection regulation in the charity sector.
Statement on ICO investigation into Department of Health and Social Care CCTV footage16/07/2021 09:10:00
The ICO can confirm it is investigating an alleged data breach.
ICO fines transgender charity for data protection breach exposing sensitive personal data09/07/2021 09:25:00
The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.
ICO publishes annual tracking research07/07/2021 15:15:00
77% of people say protecting their personal information is essential, research commissioned by the ICO has found.
ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care07/07/2021 12:10:00
A blog by Elizabeth Denham, UK Information Commissioner