Information Commissioner's Office
How shops can use your phone to track your every move and video display screens can target you using facial recognition
Blog posted by: Simon Rice, Group Manager for Technology, January 21, 2016.
Picture the scene, you’re in a department store and decide to go back and try that pair of trousers on for a second time. How would you feel if the price had changed or a display lit up with a three-for-two offer?
What you may not realise is that technology has been developed which could allow the store to track your shopping movements using the Wi-Fi on your mobile phone.
This technology, which is starting to be rolled out in shops, allows retailers to use the customer journey to build up a picture as to how people typically use the store. It uses the MAC address of a smartphone which can, in many cases, be linked to a specific individual.
Here at the ICO, we’re interested in Wi-Fi location tracking because it could involve the use of personal data. This means it falls under the Data Protection Act and that’s where we come in.
The use of this type of technology is not just confined to the retail environment – airports, railway stations and even city-wide Wi-Fi networks could use it to monitor individuals.
The issues surrounding Wi-Fi location tracking were discussed at the last meeting of the international working group on data protection in telecommunications that I attend on behalf of the ICO.
When this type of technology is used to generate aggregate statistics about daily visitor numbers or to generate an alert if an area is overcrowded, it can be done in a privacy-friendly manner. Therefore we have written a list of recommendations for use of the technology.
These cover things like ensuring there are clear physical and digital signs to inform individuals that location tracking is in operation and to transform the unique MAC address so that it no longer relates to the individual device from which it was collected.
The working group looks at the implications of a range of emerging technologies. For instance, we have seen examples of advertising displays knowing when and how long we are looking at them, as well as our age and gender.
This could result in targeted marketing such as an advert for shaving products appearing if a man is detected in front of the display.
Meanwhile, smart CCTV systems could offer new options for audience measurement and detection of over-crowding.
Even if the identification of individuals is not the intended purpose, the implications of intelligent video analytics for privacy, data protection, and other human rights are still significant. For example the technology could be used to play recorded messages to reprimand litter picking or illegal parking.
One of the key implications of video analytics is that individuals have the right to know who is collecting what data about them and for what purposes.
As with Wi-Fi location tracking, the working group has again come up with a list of recommendations for how the video technology should be used. The recommendations can be viewed in the working papers produced by the group.
The ICO will be keeping an eye on these developments, and others, and working to advise the relevant organisations on the rules they need to follow.
In the meantime you can read the previous working papers which have been published since the group first started in 1983, including topics such as drones, big data, web tracking and cloud computing.
Just as it may be necessary to return to the changing room to ensure the correct fit, we need to ensure the correct balance between technology and privacy to ensure we don’t end up with a case of Wallace and Gromit’s Wrong Trousers.
Latest News from
Information Commissioner's Office
How modern data protection is helping to unlock the power of data13/05/2021 12:25:00
Elizabeth Denham’s keynote speech on the regulator’s view, delivered at the Data and the Future of Financial Services 2021 conference.
ICO and Office of the Privacy Commissioner, New Zealand, sign Memorandum of Understanding12/05/2021 15:15:00
The Information Commissioner’s Office (ICO) and the New Zealand Office of the Privacy Commissioner (OPC) have today signed a Memorandum of Understanding (MOU).
Blog: Work on updating the ICO’s Journalism code continues10/05/2021 09:10:00
Blog posted by: Anulka Clarke, Acting Director of Regulatory Assurance, 07 May 2021.
Five things we learned from DPPC 202107/05/2021 15:20:00
The ICO’s Data Protection Practitioners’ Conference 2021 was held this week, bringing together more than 3,000 data protection professionals from across the country.
Data Protection Practitioners’ Conference 202105/05/2021 14:15:00
Elizabeth Denham’s speech at the Data Protection Practitioners’ Conference on 5 May 2021
Digital Regulatory Cooperation Forum’s response to DCMS on the future of the digital regulatory landscape05/05/2021 12:05:00
The Digital Regulatory Cooperation Forum (DRCF) has submitted its response to the Department of Digital, Culture, Media and Sport (DCMS) on the future of the digital regulatory landscape and how to achieve coherence in regulatory approaches across digital services.
Blog: Free advisory check-ups help small businesses make the best use of their data30/04/2021 16:25:00
A blog from Syed Ali, Lead Engagement and Regulatory Assurance Officer
Data protection is an enabler for trust and confidence in the implementation of digital identity systems23/04/2021 12:25:00
Blog posted by: Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy), 22 April 2021.
How the ICO Innovation Hub is enabling innovation and economic growth through cross-regulatory collaboration21/04/2021 14:20:00
The COVID-19 pandemic has changed work for so many of us around the world; forcing innovation and new ways of working. And that’s just as true for regulators – we’ve had to adapt to develop new ways to support organisations.