With AI and data analytics at the heart of today’s digital signage platforms, maintaining consumer and visitor privacy is becoming an increasingly important issue. The COVID-19 crisis has exacerbated these concerns as technology developers are both leveraging existing tech and inventing new systems that perform thermal monitoring, density monitoring, and even face mask detection. While most people would agree it’s important that our workspaces, learning facilities, transit centers, and retail outlets are safe environments, it’s fair to ask, How good a job is the industry doing at protecting people’s privacy?
[The Digital Signage Best Practices Guide]
“I think that overall, in terms of privacy, as long as the controls are used properly, we’re doing a good job as an industry,” said Marielle Crisanti, business development manager and associate consultant at VWMason Technology Consultants, an AV and acoustical consulting firm headquartered in Calgary, AB. The issue is that people aren’t necessarily aware of how the technology works, she conceded. “We’ve heard of cases where people discover that a camera has been hidden in a wayfinding kiosk and things blow up because people think that their information is being stolen, or the data is being collected and stored, when in reality it’s stored for a very minimal amount of time and [the camera is] not actually collecting any personal information. As long as we’re transparent about how the technology is being used—and you’ve got a privacy policy in place that people can easily access—I think that we’re doing a good job.”
For Benson Chan, senior partner at Strategy of Things, a Hayward, CA-based technology design and consulting firm that specializes in creating safe spaces and smart cities, one challenge is that not all organizations have good privacy policies, or have invested effort in considering how they will react to specific data. “Let’s say they have a kiosk that does temperature scanning, and it detects someone with a high temperature. What do you do next? Do you take that information and say, ‘I’m going to report you,’ or ‘I’m not going to let you into the office?’ What do you do with that information?” he illustrated. “This is where it gets a little bit scary because they don’t have the policies in place for [how they will take action].”
While it’s not the role of AV design and integration firms to develop privacy policies for their clients, Crisanti argued that it’s necessary to take those policies into account. “When deploying digital signage as a whole, you have to look at the corporate policies in terms of how the data is being collected, even when it’s not automated content,” she said. What if employees’ names are being displayed? In this scenario, it’s necessary to determine where that information can be shown, and whether or not employees are aware that their names figure into the content in the first place. “As an integrator, you have to be aware of [the client’s] privacy policies and data policies, and where that data may be displayed. It’s not just a matter of [deploying the system] and then not really taking into account each client’s privacy policy.”
[Facial Recognition: What You Need to Know]
Further along these lines, Crisanti encourages designers and integrators to engage with clients to gauge the relevance of the data they wish to collect. “What data is pertinent to the information you’re sending? Is it actually useful? How is it being collected? How is it being stored? Is it accurate?” she illustrated. While there’s a temptation to gather as much information as possible in the event that it may be useful in the future, does it actually apply to the goals that digital signage content designers and managers have set out to achieve? “These are all things that we need to discuss, both as integrators and designers, with our clients.”
Jonathan Brawn, director of the Digital Signage Experts Group (DSEG), an education and certifications provider, acknowledged that the pandemic has led to increased data collection—often of what could be perceived as sensitive information, especially when it comes to thermal monitoring. “Are companies being responsible with that data?” he asked. “I think most of the vendors that work with those types of software solutions have had to deal with sensitive data before, and so I do think a lot of them are capturing what they claim to be capturing: anonymous analytics.” In other words, while that thermal monitoring kiosk is scanning someone’s face, it’s simply capturing their temperature—not personally identifiable information.
It’s the concept of anonymous video analytics that Brawn believes could be better communicated to clients. “We say, ‘Oh, it’s anonymous,’ but we also need to educate them a little bit about what we’re actually capturing, how we’re sensing it,” he pointed out. Brawn counsels integrators to host live demonstrations to show clients the data points the software captures, how this information can be used, and how long it can be stored.
Chan emphasized that if organizations are to be effective in addressing privacy concerns, they require sound, transparent policies that are well documented and communicated. “It’s okay to say, ‘We’re going to monitor you and we’re going to use this information for this,’” he said. But this is just the first step. Supporting records and documentation should demonstrate how long data is stored, the process followed for data deletion, and even the actions taken when, for example, someone with a high temperature was detected. “They have to show that they did something useful with that information and not anything that was outside of the scope of those policies. All of those things build trust.”