Opinion by CDT’s Harley Geiger: What the Digital Signage Federationâ€™s Adoption of Privacy Standards Means to the Industry
At the Digital Signage Expo, Center for Democracy and Technology Policy Counsel Harley Geiger has an opinion column about voluntary privacy standards adopted by the Digital Signage Federation. (I worked with him on a set of privacy guidelines for the digital signage industry, â€œBuilding the Digital Out-Of-Home Privacy Infrastructureâ€ (pdf), from which the voluntary standards were drawn, but I did not work to create these voluntary standards.)
What is â€œdigital signageâ€? Most people have heard of the term connected with billboards or other screens that have cameras (and facial-recognition technology) to watch people watching ads in order to improve their marketing. The digital signs log data such as gender, approximate age and how long someone looks at an advertisement. This is supposed to help build a better billboard â€” one that is tailored specifically to the individual standing in front of it. However, the data-gathering and surveillance practices raise substantial privacy questions.
Geiger says that it is urgent for companies to adopt the voluntary privacy standards issued by the Digital Signage Federation:
Future growth for digital signage depends in part on the mediumâ€™s ability to integrate identification and customization technologies â€“ such as facial recognition and RFID â€“ to boost its appeal and effectiveness. Yet it is also these features that pose the greatest consumer privacy risk. Despite the potential of such technologies to improve ad targeting, companies and consumers continue to have deep reservations about using these technologies due to privacy issues.
Companies are right to be wary of how consumers will react. Consumers have consistently objected to behavioral marketing, even when it is â€œanonymous,â€ and especially if it is done in secret. […]
The Digital Signage Federation announced last week that it is adopting a comprehensive set of digital signage privacy standards for its member companies and their affiliates. The Point of Purchase Advertising International (POPAI) also released a set of privacy guidelines. Both sets of voluntary standards are detailed and quite strong from a consumer privacy perspective. The DSF Digital Signage Privacy Standards are drawn from a paper I wrote for the Center for Democracy & Technology (CDT) issued in 2009, and I worked closely with DSF to develop the standards.
Under the privacy standards of both POPAI and DSF, companies should obtain consumersâ€™ opt-in consent before collecting directly identifiable information through digital signage. Companies would be prohibited from collecting information on minors under 13 (or as defined by state law) through digital signage. Companies should also provide notice of any ongoing data collection in the physical location in which digital signage units operate â€“ like a sign at the entrance of a supermarket â€“ even if the system collects only â€œanonymousâ€ data.
The recommendation on notice may receive the most pushback from the industry. Companies have repeatedly asked why consumers should be notified when systems do not collect directly identifiable data. The reason, again, is that a clear majority of consumers consistently object to â€œanonymousâ€ tracking for marketing purposes. Consumers will inevitably become more aware of the data collection, and if digital signage companies appear as though they are trying to hide their activities then it will further sensationalize the issue and lead consumers to more deeply distrust the industry. […]
Although privacy standards are a great step forward for the digital signage industry, standards alone do not protect consumers. The standards are voluntary and â€“ as we saw with the online behavioral advertising industry â€“ self-regulation does not have a strong track record. The next important step is for individual companies to actually integrate privacy protections into their business practices. Then thereâ€™s the issue of verifying whether companies are providing the protections they have committed to and not just paying lip service to privacy while flouting consumer trust behind the scenes. It may only take a few bad apples that disregard consumer privacy expectations to spoil the image of the whole industry.