Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (18)
Andere mochten auch
Ähnlich wie DAB_IOT_PRIVACY_V2
Ähnlich wie DAB_IOT_PRIVACY_V2 (20)
Mehr von David Wright
Mehr von David Wright (10)
DAB_IOT_PRIVACY_V2
- 1. David Wright Innovation Specialist David.Wright@kantar.com Benjamin Farrah Privacy Director Benjamin.Farrar@kantar.com IOT AND DATA PRIVACY
- 2. From survey’s to sensors Survey Data Mobile Behavioral Social media Data Sensor Data Understanding Consumer Behaviour Insight Increased data/sensor fusion
- 3. The promise! From snapshots to the promise of persistent data HEALTH SURVEYS Shorter survey + Wearable or in-home sensors
- 4. Consumer Product Testing The promise! From snapshots to the promise of persistent data One off in house filming/survey On home cameras/sensors, power monitoring
- 5. Cell ID – in retail park – several large department stores GPS – Upmarket Department Store within retail park WIFI – On second “fashion” floor Beacon – Dwelled in Handbag Section Beacon or NFC – Made a Purchase 100m – 1k 10-50m 20-200m 30cm-3m <20cm Client privacy! i.e. competitors mapping the store The promise! Accurate location right up to the moment of purchase
- 6. The IOT Devices! A recent HP study indicated 70% of devices had at least 30 security flaws There are 5 competing IOT standard bodies... Its early.... Thousands of devices measuring thousands of things!
- 7. Privacy – what people care about Privacy of Personal Information: Credit Cards, Phone Numbers, Contact Lists, Address Privacy of Personal Communications Email, Text voice, SMS Privacy of Personal Behavior - the observation of what an individual does i.e. cameras, clickstream Privacy of the Person -- the integrity of an individual’s body More sensitive health info i.e. medical conditions
- 8. The privacy hotspots – Camera and Audio Sensors Cameras, audio and Facial Recognition
- 9. The privacy hotspots – Proximity
- 10. Privacy Principles 1. Notice 2. Choice 3. Collection / Collection Limitation 4. Use / Use Limitations 5. Access (to data held) 6. Onward Transfer 7. Security (passwords) 8. Monitoring & Enforcement If you need to “Account” for data privacy in your Product or Service you should you focus on incorporating these Privacy Principles in to the product. Despite the difference in laws by country, these principles are universally applicable and most data laws have elements of these principles within. Data Protection Regulators will judge products or services based on how well you are able operationalize these Principles.
- 11. Starting with the Connected Home Notice – you need to first verify who’s data you are collecting! Choice – you need a mechanism to allow someone to opt out without “jumping through hoops” ROUTER Smoke Sensor Thermostat Smart Appliances SmartTV Robo Vacuum Cleaner Connected Door LockSmart Camera Motion Sensor Facial Recognition System Amazon Echo – Voice Control Smart Power Meter
- 12. WPP View – Beacon Hotspots Proximity = Context
- 13. Mobile behavioral panels Digital exposure & behaviour Internet browsing Internet advertising Streamed video/audio Internet search and results Apps Installed + usage In-app usage In-app advertising Telemetrics Phone calls/SMS Network/Wi-Fi/data use Battery/CPU Music Video playing Context & Triggers Location PII Removal Algorithm Adding IOT.. i.e. comparing daily app usage with sleep patterns
- 14. Detailed Personal Data Shared No Personal Data Shared Generic or no service Danger! Ripe for Disruption! Personalized Services or utility Global Legislation Changes Media Cultural Expectation Security Hackers Privacy versus utility tradeoffs Privacy Activists
- 15. Make sure “hacker” culture i.e. hackathons have defined boundaries! In summary Navigating IOT requires coordination across privacy, legal, product, IT functions. Innovation or digital leads should have a “privacy officer” on speed dial. Ensure you or your platform partner have the WPP sanctioned IT in place. Expect that innovative use of IOT, will often require a legal opinion. In doubt apply a “creepOmeter”
Hinweis der Redaktion
- NOTICE The Privacy Principle of NOTICE is universally recognized, widely favored and sometimes required by law or best practice in many countries. It is a concept that simply asks how is the person whom you are collecting information (or Images) from (directly or indirectly) informed about the collection or what will be done with the data. CHOICE The privacy principle of CHOICE is where the individual is being offered options / choices about the collection of their data. A related term is CONSENT which is the individual’s way of giving permission for use or disclosure of information. Examples of Consent include: Explicit Consent, Implicit Consent, Opt In/Opt Out. COLLECTION The principle of Collection is around how the data was originally sourced. If the data was directly sourced from an individual it can be less complicated than if it was sourced from another party. USE / LIMITATION Data USE should reasonably be explained in NOTICE (as described above) at the time of collection. The research company should be able to explain in a few sentences how the data you are collecting will be used for research. This includes any secondary use of the data and/or images and data retention (where and how long the data will be kept). ACCESS TO DATA HELD There are some laws or regulations that require a method be established that allows individuals to whom the data related have the ability to access and or correct inaccurate data held about them. A baseline expectation is that company contact information (email address, phone number, address) be provided in the Privacy Policy notice so that individuals can contact the company or local data privacy contacts to answer questions and data access requests. ONWARD TRANSFER This principle is about the allowances and restrictions around transferring personal data or personally identifiable data to other entities, individuals or countries. Third party data transfer practices involving personal data should be sufficiently described in your NOTICE language. Also many regions or countries have Cross Border Data Transfer Restrictions where the exporting of certain data is not allowed unless a number of requirements are met. Additional scrutiny is required to understand these requirements for any particular study. SECURITY Data Privacy and Security are inter related but are slightly different disciplines. You can’t have Data Privacy without Data Security, but you can still have a Data Privacy conflict in products or data processing even where strong Data Security controls are operating effectively. Risk exposure can be reduced with the use of data encryption in transit and at rest as well as updated NOTICE language to ensure it provides an accurate reflection of processes.
- Retail – ability to push surveys to respondents in the moment by identifying: A target store A specific location in the target store (for X time) An advertising installation Or any combination of above. Combination Retail/Passive We can target respondents with survey questions – but might also log in-store movement + dwell time where possible. Outdoor Advertising Record number of likely ad exposures/footfall/ etc.. However there are many use cases beyond retail: Tracking of respondents within their home (imagine a beacon on their wrist)... i.e. where they in the lounge when the Ad came on TV, All sorts of scenarios around product interactions (i.e. we tag appliances like fridge doors, remote controls) etc.. And get data re: interactions... Retail Focus.... Some movement re: Digital Signage... For MR – retail path trackers... Audience Measuremment – Outdoor Adversiting Triggered Surveys