Privacy is a hot topic when it comes to beacons, proximity and location, and there are many pitfalls that companies in the beacosystem may encounter. At Unacast we have always focused on privacy and compliance, and early on we hired Jarno as our Privacy Advisor. In this interview, Jarno goes into detail about privacy and what beacosystem entrepreneurs need to know. We will cover some of those aspects here.
Why should you care about beacons privacy?
“Beacons do not track you, they just broadcast data, therefore privacy isn't an issue” - a quote from quite a few companies working in the beacosystem. It is correct that the beacons themselves do not collect data. However, there is usually a mobile app involved, which makes the case a bit different because the app interacts with beacons and generates data. When you add meaning or context to beacons by using software, such as apps, a lot of data can be extracted from this - is the consumer actually in the store, where in the store, etc.
Another critical question in this regard is how beacon owners should gain consent for the collection of data and, in particular, location data? Given that the interaction with beacons takes place through the mobile device, mobile devices have robust mechanisms for accepting data collection with the help of beacons. An app asks from the user to opt-in to the collection of location data, and keeps asking through the app’s lifecycle on the mobile device whether a consumer wants to continue to allow the app to collect location data. Some apps also helpfully tell users why location data is useful for the consumer’s experience with the app. Most mobile devices now also enable users to opt-out of location data collection for a specific app, a selection of apps, or for the device as a whole. Having such choices is important. In addition to these device-based mechanisms, clear privacy policies must, obviously, be in place
The key to success is that the beacosystem has to make sure that mobile device users understand the collection of data, what this actually means, what purposes it will be used for, and to whom the data will be disclosed, among others.
What happens if you neglect privacy?
Over the last couple of years there have been several instances where the FTC has gone after companies that are in the proximity ecosystem, such as in-store or Wi-Fi tracking companies. These companies had included untrue statements in their privacy policies and/or in agreements with their business partners. Following the FTC investigation, these companies ended up paying hundreds of thousands of dollars in fines. In addition to this, the companies were required to build a comprehensive privacy program that has to be audited annually.
To care about privacy is therefore crucial if you operate in the beacosystem.
US vs. EU
In the US, it is the FTC that mainly protects consumers by enforcing the law that prohibits “unfair or deceptive acts or practices in or affecting commerce”. In addition, there is plenty of industry self-regulation on the internet and mobile advertising industry, such as the Network Advertising Initiative and the Digital Advertising Alliance. Member companies of these organizations must comply with a code of conduct that deals with, among other things, opt-in consent for the collection of precise location data, and collection of sensitive personally identifiable information. It is also important to mention the Children’s Online Privacy Protection Act (COPPA) which requires advance affirmative parental consent for collection of personally identifiable information (including device ID:s) from children under 13 years of age.
For the future
It will be important to educate consumers further. Beacons will be everywhere, and consumers need to be educated in what this actually means. As pointed out in the beginning, users of the mobile devices need to be informed about what data is being collected, the purposes of collecting the data, how long you will keep the data and who will use the data, such as third parties. We in the industry have to come up with solutions and educate consumers about the benefits of beacons and the collection of data that is taking place in the beacosystem.