2. From survey’s to sensors
Survey Data
Mobile Behavioral
Social media Data
Sensor Data
Understanding Consumer Behaviour
Insight
Increased data/sensor fusion
3. The promise! From snapshots to the promise of persistent data
HEALTH SURVEYS Shorter survey + Wearable or in-home sensors
4. Consumer Product Testing
The promise! From snapshots to the promise of persistent data
One off in house filming/survey
On home cameras/sensors, power monitoring
5. Cell ID – in retail park – several large department stores
GPS – Upmarket Department Store within retail park
WIFI – On second “fashion” floor
Beacon – Dwelled in Handbag Section
Beacon or NFC – Made a Purchase
100m – 1k
10-50m
20-200m
30cm-3m
<20cm
Client privacy! i.e. competitors mapping the store
The promise! Accurate location right up to the moment of purchase
6. The IOT Devices!
A recent HP study indicated 70% of devices had at least 30 security flaws
There are 5 competing IOT standard bodies... Its early....
Thousands of devices measuring thousands of things!
7. Privacy – what people care about
Privacy of Personal Information:
Credit Cards, Phone Numbers, Contact Lists, Address
Privacy of Personal Communications
Email, Text voice, SMS
Privacy of Personal Behavior - the observation of what an
individual does
i.e. cameras, clickstream
Privacy of the Person -- the integrity of an individual’s body
More sensitive health info i.e. medical conditions
8. The privacy hotspots – Camera and Audio Sensors
Cameras, audio and Facial Recognition
10. Privacy Principles
1. Notice
2. Choice
3. Collection / Collection Limitation
4. Use / Use Limitations
5. Access (to data held)
6. Onward Transfer
7. Security (passwords)
8. Monitoring & Enforcement
If you need to “Account” for data privacy in your Product or Service you should you focus on incorporating these
Privacy Principles in to the product. Despite the difference in laws by country, these principles are universally
applicable and most data laws have elements of these principles within. Data Protection Regulators will judge
products or services based on how well you are able operationalize these Principles.
11. Starting with the Connected Home
Notice – you need to first verify who’s data you are collecting!
Choice – you need a mechanism to allow someone to opt out without “jumping through hoops”
ROUTER
Smoke Sensor
Thermostat
Smart Appliances
SmartTV
Robo Vacuum Cleaner
Connected Door LockSmart Camera
Motion Sensor
Facial Recognition System
Amazon Echo – Voice Control
Smart Power Meter
13. Mobile behavioral panels
Digital
exposure
& behaviour
Internet browsing
Internet advertising
Streamed video/audio
Internet search and results
Apps Installed + usage
In-app usage
In-app advertising
Telemetrics
Phone calls/SMS
Network/Wi-Fi/data use
Battery/CPU
Music Video playing
Context &
Triggers
Location
PII
Removal
Algorithm
Adding IOT.. i.e. comparing daily
app usage with sleep patterns
14. Detailed Personal Data Shared
No Personal Data Shared
Generic or no service
Danger!
Ripe for
Disruption!
Personalized Services
or utility
Global Legislation Changes Media Cultural Expectation
Security Hackers
Privacy versus utility tradeoffs
Privacy Activists
15. Make sure “hacker”
culture i.e. hackathons
have defined boundaries!
In summary
Navigating IOT requires coordination across privacy, legal, product, IT functions.
Innovation or digital leads should have a “privacy officer” on speed dial.
Ensure you or your platform partner have the WPP sanctioned IT in place.
Expect that innovative use of IOT, will often require a legal opinion.
In doubt apply a “creepOmeter”
Hinweis der Redaktion
NOTICE
The Privacy Principle of NOTICE is universally recognized, widely favored and sometimes required by law or best practice in many countries. It is a concept that simply asks how is the person whom you are collecting information (or Images) from (directly or indirectly) informed about the collection or what will be done with the data.
CHOICE
The privacy principle of CHOICE is where the individual is being offered options / choices about the collection of their data. A related term is CONSENT which is the individual’s way of giving permission for use or disclosure of information. Examples of Consent include: Explicit Consent, Implicit Consent, Opt In/Opt Out.
COLLECTION
The principle of Collection is around how the data was originally sourced. If the data was directly sourced from an individual it can be less complicated than if it was sourced from another party.
USE / LIMITATION
Data USE should reasonably be explained in NOTICE (as described above) at the time of collection. The research company should be able to explain in a few sentences how the data you are collecting will be used for research. This includes any secondary use of the data and/or images and data retention (where and how long the data will be kept).
ACCESS TO DATA HELD
There are some laws or regulations that require a method be established that allows individuals to whom the data related have the ability to access and or correct inaccurate data held about them. A baseline expectation is that company contact information (email address, phone number, address) be provided in the Privacy Policy notice so that individuals can contact the company or local data privacy contacts to answer questions and data access requests.
ONWARD TRANSFER
This principle is about the allowances and restrictions around transferring personal data or personally identifiable data to other entities, individuals or countries. Third party data transfer practices involving personal data should be sufficiently described in your NOTICE language.
Also many regions or countries have Cross Border Data Transfer Restrictions where the exporting of certain data is not allowed unless a number of requirements are met. Additional scrutiny is required to understand these requirements for any particular study.
SECURITY
Data Privacy and Security are inter related but are slightly different disciplines. You can’t have Data Privacy without Data Security, but you can still have a Data Privacy conflict in products or data processing even where strong Data Security controls are operating effectively.
Risk exposure can be reduced with the use of data encryption in transit and at rest as well as updated NOTICE language to ensure it provides an accurate reflection of processes.
Retail – ability to push surveys to respondents in the moment by identifying:
A target store
A specific location in the target store (for X time)
An advertising installation
Or any combination of above.
Combination Retail/Passive
We can target respondents with survey questions – but might also log in-store movement + dwell time where possible.
Outdoor Advertising
Record number of likely ad exposures/footfall/ etc..
However there are many use cases beyond retail:
Tracking of respondents within their home (imagine a beacon on their wrist)... i.e. where they in the lounge when the Ad came on TV,
All sorts of scenarios around product interactions (i.e. we tag appliances like fridge doors, remote controls) etc.. And get data re: interactions...
Retail Focus.... Some movement re: Digital Signage...
For MR – retail path trackers...
Audience Measuremment – Outdoor Adversiting
Triggered Surveys