It seems that London-based recycling and targeted advertising company, Renew, has inadvertently opened a new battleground in the privacy wars: Media access control (MAC) addresses – a unique identifier broadcast by smartphones looking for a wifi signal.
Their idea seemed simple enough: Put screens on bins, add devices that will track the mobiles of passers-by as they move around the city and use that information to display targeted advertising. So, as you get back to work, having grabbed lunch at Pret a Manger, you’ll see an advert for EAT. A little bit like those disconcerting Google ads that track your browsing history – only these ones follow you around in real life.
What could possibly go wrong?
The scheme began collecting information over the summer and to show off, Renew released some early data to the press.
In the process, they managed to worry first the people over at Quartz, then the Information Commissioners Office (ICO) and finally the City of London Corporation, which looks after the area where the bins are located.
The City of London responded by asking Renew to stop tracking MAC addresses and the ICO is now investigating. The story has been picked up by every major newspaper, every technology blog and several television news programmes, making MAC addresses big news.
So – what’s wrong with this picture?
It seems that in the rush to be first and in an area of technology that is currently poorly regulated because it’s so new, Renew missed a few vital lessons from the recent past:
Too much personalisation freaks people out.
Russell Davies spoke about this a few years ago at dConstruct. Ben Bashford touches on it in his talk ‘All is full of love’ – and it’s borne out in the real world experiences of American retailer Target’s datamining experiments.
The message is clear: However useful personalised information is, if it’s too personal, it’s scary.
Everyone can see it
Personalised content could very easily tip over into being unsuitable for outdoor/broadcast media.
Even if it didn’t bother people that a sales bot in a bin is talking directly to them, a sales bot talking to them and everyone walking down the street behind them has got to be crossing a line. It might be fine if it’s trying to sell you lunch. Possibly less so if it’s trying to sell you hemorrhoid cream
And possibly most importantly:
No-one was asked if they were OK with their data being used in this way
In fact, the only options I can see for opting out of the Renew (or any) data collection scheme that uses MAC addresses are:
- Being fastidious about turning off wifi when out of range of a connection you trust.
- Opting out of having your MAC address mapped at all. This means that you can’t share information with services you do trust, or that give you something back.
There has to be a better way
Irrespective of what’s technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public.
City of London Corporation
So, what do we do next?
We could do worse than taking a long hard look at how we treat personal data. As technology develops, and new ways of locating and mapping devices are invented, how can the users and owners of cutting-edge devices make informed decisions about their personal data?
Moreover, how do we have a public conversation about a seemingly dry subject like data, to establish a precedent for handling our information?
What would that conversation look like, and who needs to lead it? The ICO? A group like the Open Rights Group?
These questions require serious consideration soon. The excited and excitable talk of ‘smart cities’, and a government agenda which includes ‘digital by default’ at its heart demands that we examine the big questions – of transparency, consent and ownership – as soon as we can.