Note: New guidance on Wi-Fi location analytics available here: https://ico.org.uk/media/for-organisations/documents/1560691/wi-fi-location-analytics-guidance.pdf
By Simon Rice, Group Manager for Technology.
Picture the scene, you’re in a department store and decide to go back and try that pair of trousers on for a second time. How would you feel if the price had changed or a display lit up with a three-for-two offer?
What you may not realise is that technology has been developed which could allow the store to track your shopping movements using the Wi-Fi on your mobile phone.
This technology, which is starting to be rolled out in shops, allows retailers to use the customer journey to build up a picture as to how people typically use the store. It uses the MAC address of a smartphone which can, in many cases, be linked to a specific individual.
Here at the ICO, we’re interested in Wi-Fi location tracking because it could involve the use of personal data. This means it falls under the Data Protection Act and that’s where we come in.
The use of this type of technology is not just confined to the retail environment – airports, railway stations and even city-wide Wi-Fi networks could use it to monitor individuals.
The issues surrounding Wi-Fi location tracking were discussed at the last meeting of the international working group on data protection in telecommunications that I attend on behalf of the ICO.
When this type of technology is used to generate aggregate statistics about daily visitor numbers or to generate an alert if an area is overcrowded, it can be done in a privacy-friendly manner. Therefore the working group has written a list of recommendations for use of the technology.
These cover things like ensuring there are clear physical and digital signs to inform individuals that location tracking is in operation and to transform the unique MAC address so that it no longer relates to the individual device from which it was collected.
The working group looks at the implications of a range of emerging technologies. For instance, we have seen examples of advertising displays knowing when and how long we are looking at them, as well as our age and gender.
This could result in targeted marketing such as an advert for shaving products appearing if a man is detected in front of the display.
Meanwhile, smart CCTV systems could offer new options for audience measurement and detection of over-crowding.
Even if the identification of individuals is not the intended purpose, the implications of intelligent video analytics for privacy, data protection, and other human rights are still significant. For example the technology could be used to play recorded messages to reprimand litter dropping or illegal parking.
One of the key implications of video analytics is that individuals have the right to know who is collecting what data about them and for what purposes.
As with Wi-Fi location tracking, the working group has again come up with a list of recommendations for how the video technology should be used. The recommendations can be viewed in the working papers produced by the group.
The ICO will be keeping an eye on these developments, and others, and working to advise the relevant organisations on the rules they need to follow.
In the meantime you can read the previous working papers which have been published since the group first started in 1983, including topics such as drones, big data, web tracking and cloud computing.
Just as it may be necessary to return to the changing room to ensure the correct fit, we need to ensure the correct balance between technology and privacy to ensure we don’t end up with a case of Wallace and Gromit’s Wrong Trousers.
Last updated 21/01/2016 10:15
|Dr. Simon Rice is the Group Manager for the Technology team which provides technical expertise to all ICO departments in order to support the broad range of activities undertaken by the ICO.|