Skip to Content

Privacy & Data

CDT Issues Report and Recommendations on Digital Signage and Privacy

On Monday, the Center for Democracy & Technology (CDT) released a report on consumer privacy and the digital signage industry entitled, Building the Digital Out-Of-Home Privacy Infrastructure.

Digital out-of-home (DOOH) refers to the digital signs, billboards and displays rapidly proliferating in stores and other places.  Increasingly, these signs can capture information about the people walking by or looking at them and use that information for various marketing purposes. (For more background on digital signage, please see a listing of my earlier blog posts, here.)

CDT’s new report includes a set of recommendations for safeguarding privacy as the DOOH industry increasingly adopts identification and tracking technologies, such as facial recognition, mobile marketing, social networking, RFID tracking and license plate scanners. CDT’s comprehensive digital signage privacy recommendations are based on the widely accepted Fair Information Practices (FIPs).

CDT believes consumer privacy controls are essential for digital signage advertising to maintain consumer trust, which in turn is crucial if the industry is to continue growing at its current explosive pace. Unless the industry adopts strong self-regulatory guidelines, it is likely to face consumer backlash and reactive government regulation that may stifle innovation. It will only take a few bad apples that flout consumer privacy expectations to spoil the image of the whole industry.

The release of CDT’s report coincided with last week’s Digital Signage Expo 2010. CDT’s report also comes on the heels of a preliminary set of industry best practices for privacy and security issued by POPAI, a trade association. POPAI’s Code of Conduct is an excellent starting point for the industry. CDT’s report supplements the POPAI guidelines and joins the World Privacy Forum’s (WPF) call for digital signage privacy policies based on the FIPs. Digital signage companies now have several good resources on privacy practices at their disposal.

DSE 2010 Experience

At the Digital Signage Expo, I joined POPAI and WPF on a panel presentation focused on consumer privacy. The panel was the least attended at the trade show, with only about a dozen audience members. On the other hand, panels featuring audience measurement techniques were among the most popular. If that experience is any indication, appreciation of consumer privacy issues seems to be developing at a slower pace than interest in audience measurement for targeted marketing and selling ad time.

Still, it was my impression that most companies exhibiting at the Expo were aware of consumer privacy as a potential flashpoint for the industry, and many took steps to mitigate their systems’ impact on privacy. I spoke with several companies that use facial recognition to tailor advertisements. Each told me they were committed, at this time, to discarding any images of individuals and retaining only aggregated demographics of the consumers who passed by their signs. This was highly encouraging from a privacy perspective, and CDT hopes these commitments remain steadfast even as pressure eventually mounts to profit from individual identification. 

The commitment to transparency, however, was less encouraging. Although some of these companies provided consumers with notice of information collection at the establishments in which their units were located, this was not always the case. Several companies spoke of internal debates over whether or not consumers should be notified that signs would use cameras to target ads based on age, gender, and ethnicity. Other companies that develop audience measurement technologies said that they advise their clients (often signage network operators) to provide notice, but their clients generally decline to do so because, “They don’t want people to know. They think people will be uncomfortable with the fact that they’re doing this.”

Unfortunately, consumers will be far more uncomfortable, and quite possibly outraged, when they inevitably discover that this sort of marketing is targeting them in secret. As CDT recommends in its report, transparency through notice and a public privacy policy is the responsibility of not just the technology vendors, but also the digital signage network operators and the owners of the establishments at which the signage is located.

I also spoke with companies that deployed interactive mobile phone and social networking applications. These companies provide a platform on which consumers can text content, like Twitter updates, to public-facing digital signs. In the process, the companies obtain consumers’ phone numbers and social networking names, which can often be users’ actual names. Encouragingly, the companies I spoke to were committed to keeping this data confidential and claim to have no intention to use or sell this information for additional marketing beyond the initial interaction with consumers. However, the companies nonetheless retained the data, despite lacking a specific business use for the phone numbers and usernames. Retaining unnecessary data is itself a violation of privacy principles. As CDT points out in its latest report, companies should destroy unnecessary consumer data, especially directly identifiable data. The Federal Trade Commission already holds companies responsible for the personal data they hold, even companies that have no direct relationship with consumers. The best data security is to not be in possession of information in the first place.

Industry Grappling with Consumer Privacy Impact

Many privacy issues with digital signage are forward-looking, so some may dismiss them as premature. However, it is reasonable to presume that digital signage will one day routinely identify individuals for the simple reason that it will be profitable to do so. The use of identification technologies for advertising in public raises difficult questions about transparency, consent and consumer expectation of privacy – questions that will only grow more important as identification technologies become cheaper, more powerful and more widespread.

The convergence of digital signage with the burgeoning “Internet of Things,” a network of physical objects and mobile devices built on digital tags and device signals, will only exacerbate issues of long-term profiling and location tracking.

Because digital signage audience measurement technologies are still in their early stages, the DOOH industry has the opportunity to incorporate privacy by design. It will be easier and less expensive to integrate privacy controls now than to bolt them onto existing systems. Done right, privacy by design may also avoid unwanted regulatory scrutiny and public outcry. In-depth resources on privacy protection are now readily available to DOOH companies through the work of organizations like CDT, POPAI and WPF. What remains is for the digital signage industry as a whole to apply comprehensive privacy safeguards to their business practices.