This article first appeared in Digital Signage Expo.
Future growth for digital signage depends in part on the medium’s ability to integrate identification and customization technologies – such as facial recognition and RFID – to boost its appeal and effectiveness. Yet it is also these features that pose the greatest consumer privacy risk. Despite the potential of such technologies to improve ad targeting, companies and consumers continue to have deep reservations about using these technologies due to privacy issues.
Companies are right to be wary of how consumers will react. Consumers have consistently objected to behavioral marketing, even when it is "anonymous," and especially if it is done in secret. Consumers don’t want digital signage to spy on them in secret or against their will whenever they leave their homes. Digital signage companies want to avoid alienating consumers and their advertising clients, as well as the possibility of reactive government regulation that could stifle innovation. Fortunately, digital signage industry trade associations are taking a critical step in the other direction by issuing voluntary privacy guidelines.
Proactive Privacy Standards
The Digital Signage Federation announced last week that it is adopting a comprehensive set of digital signage privacy standards for its member companies and their affiliates. The Point of Purchase Advertising International (POPAI) also released a set of privacy guidelines. Both sets of voluntary standards are detailed and quite strong from a consumer privacy perspective. The DSF Digital Signage Privacy Standards are drawn from a paper I wrote for the Center for Democracy & Technology issued in 2009, and I worked closely with DSF to develop the standards.
Under the privacy standards of both POPAI and DSF, companies should obtain consumers’ opt-in consent before collecting directly identifiable information through digital signage. Companies would be prohibited from collecting information on minors under 13 (or as defined by state law) through digital signage. Companies should also provide notice of any ongoing data collection in the physical location in which digital signage units operate – like a sign at the entrance of a supermarket – even if the system collects only "anonymous" data.
The recommendation on notice may receive the most pushback from the industry. Companies have repeatedly asked why consumers should be notified when systems do not collect directly identifiable data. The reason, again, is that a clear majority of consumers consistently object to "anonymous" tracking for marketing purposes. Consumers will inevitably become more aware of the data collection, and if digital signage companies appear as though they are trying to hide their activities then it will further sensationalize the issue and lead consumers to more deeply distrust the industry.
A notice enables digital signage companies to demonstrate to consumers that they are forthcoming about data collection. If consumers object to "anonymous" tracking done in secret, then being transparent simply is the right thing to do from both customer relations and ethical standpoints. Digital signage is also not the only industry providing notice of "anonymous" data collection. Online marketers are starting to provide more notice to consumers on the advertisements themselves – even when those advertisements are based on demographics and interests and not directly identifiable information.
A Lesson from Online Behavioral Advertising
The digital signage trade associations are showing considerable prudence in issuing such standards now, rather than after a backlash over privacy. POPAI and DSF not only released privacy standards that are strong, but did so in the absence of a major public scandal or government wrath. In contrast, the major online behavioral advertising trade associations only issued self-regulatory guidelines under pressure from government regulators and after widespread public controversy over their business practices.
Online behavioral advertisers operated for years without transparency or strong privacy policies. As the public inevitably became more aware of online tracking, a backlash over consumer privacy grew, prompting the Federal Trade Commission (FTC) and Congress to propose industry regulations. Online advertising trade associations – under pressure from the FTC – developed self-regulatory guidelines, but few companies actually adopted the guidelines. Again under FTC pressure, the trade associations are now beginning to step up enforcement of the guidelines among their members. It remains to be seen whether this renewed push for self-regulation will be successful. The seeds of consumer distrust in the online advertising industry have already been sown and the FTC has warned the industry that this was its last chance to protect consumer privacy in the absence of formal government regulations or legislation.
The Next Challenges: Adoption and Accountability
Although privacy standards are a great step forward for the digital signage industry, standards alone do not protect consumers. The standards are voluntary and – as we saw with the online behavioral advertising industry – self-regulation does not have a strong track record. The next important step is for individual companies to actually integrate privacy protections into their business practices. Then there’s the issue of verifying whether companies are providing the protections they have committed to and not just paying lip service to privacy while flouting consumer trust behind the scenes. It may only take a few bad apples that disregard consumer privacy expectations to spoil the image of the whole industry.
The digital signage trade associations have taken action towards meeting the challenge of protecting consumer privacy, but it is now largely up to the individual companies using identification and interactivity technologies to make the effort truly successful. It’s no small task for companies to integrate comprehensive privacy principles into their business models. However, the work will be well worth it in the long run.