Information Commissioner's Office
How shops can use your phone to track your every move and video display screens can target you using facial recognition
Blog posted by: Simon Rice, Group Manager for Technology, January 21, 2016.
Picture the scene, you’re in a department store and decide to go back and try that pair of trousers on for a second time. How would you feel if the price had changed or a display lit up with a three-for-two offer?
What you may not realise is that technology has been developed which could allow the store to track your shopping movements using the Wi-Fi on your mobile phone.
This technology, which is starting to be rolled out in shops, allows retailers to use the customer journey to build up a picture as to how people typically use the store. It uses the MAC address of a smartphone which can, in many cases, be linked to a specific individual.
Here at the ICO, we’re interested in Wi-Fi location tracking because it could involve the use of personal data. This means it falls under the Data Protection Act and that’s where we come in.
The use of this type of technology is not just confined to the retail environment – airports, railway stations and even city-wide Wi-Fi networks could use it to monitor individuals.
The issues surrounding Wi-Fi location tracking were discussed at the last meeting of the international working group on data protection in telecommunications that I attend on behalf of the ICO.
When this type of technology is used to generate aggregate statistics about daily visitor numbers or to generate an alert if an area is overcrowded, it can be done in a privacy-friendly manner. Therefore we have written a list of recommendations for use of the technology.
These cover things like ensuring there are clear physical and digital signs to inform individuals that location tracking is in operation and to transform the unique MAC address so that it no longer relates to the individual device from which it was collected.
The working group looks at the implications of a range of emerging technologies. For instance, we have seen examples of advertising displays knowing when and how long we are looking at them, as well as our age and gender.
This could result in targeted marketing such as an advert for shaving products appearing if a man is detected in front of the display.
Meanwhile, smart CCTV systems could offer new options for audience measurement and detection of over-crowding.
Even if the identification of individuals is not the intended purpose, the implications of intelligent video analytics for privacy, data protection, and other human rights are still significant. For example the technology could be used to play recorded messages to reprimand litter picking or illegal parking.
One of the key implications of video analytics is that individuals have the right to know who is collecting what data about them and for what purposes.
As with Wi-Fi location tracking, the working group has again come up with a list of recommendations for how the video technology should be used. The recommendations can be viewed in the working papers produced by the group.
The ICO will be keeping an eye on these developments, and others, and working to advise the relevant organisations on the rules they need to follow.
In the meantime you can read the previous working papers which have been published since the group first started in 1983, including topics such as drones, big data, web tracking and cloud computing.
Just as it may be necessary to return to the changing room to ensure the correct fit, we need to ensure the correct balance between technology and privacy to ensure we don’t end up with a case of Wallace and Gromit’s Wrong Trousers.
Latest News from
Information Commissioner's Office
ICO statement on investigating coronavirus scams09/04/2020 09:10:00
ICO are supporting businesses eager to stay in touch with customers during the Covid-19 pandemic.
Winner of the ICO’s Practitioner Award for Excellence in Data Protection 2020 announced07/04/2020 12:25:00
Recognising the increasingly vital role played by data protection professionals, the third ICO Practitioner Award for Excellence in Data Protection is awarded to Barry Moult, Information Governance and Privacy Consultant, and former Head of Information Governance at an NHS Trust.
Blog: Community groups and COVID-19: what you need to know about data protection01/04/2020 09:10:00
Blog posted by: Ian Hulme, Director for Regulatory Assurance at the ICO, 30 March 2020.
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis30/03/2020 12:25:00
The ICO’s Deputy Commissioner Steve Wood recently responded to the use of mobile phone tracking data to help during the coronavirus crisis.
Blog: Community groups and COVID-19: what you need to know about data protection27/03/2020 13:20:00
A blog by Ian Hulme, Director for Regulatory Assurance at the ICO.
Council employee fined £400 for illegally deleted audio file16/03/2020 10:25:00
A council employee has been fined £400 for an offence under the Freedom of Information (FOI) regulations.
Data protection and coronavirus12/03/2020 15:25:00
We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater.
Blog: Don’t get caught out when it comes to pupil photos10/03/2020 15:10:00
Blog posted by: Andrew Laing, ICO Head of Data Protection Complaints, 09 March 2020.
Combining privacy and innovation: ICO Sandbox six months on10/03/2020 12:25:00
It’s been an exciting, interesting and challenging first six months for the ICO Sandbox – both for those externally involved in the various projects and for the ICO staff working on the scheme. Ian Hulme discusses the progress so far.