David Wright

Innovation Specialist

David.Wright@kantar.com

Benjamin Farrah

Privacy Director

Benjamin.Farrar@kantar.com

IOT AND DATA PRIVACY

From survey’s to sensors

Survey DataMobile Behavioral Social media Data Sensor Data

Understanding Consumer Behaviour

Insight

Increased data/sensor fusion

The promise! From snapshots to the promise of persistent data

HEALTH SURVEYS Shorter survey + Wearable or in-home sensors

Consumer Product Testing

The promise! From snapshots to the promise of persistent data

One off in house filming/survey

On home cameras/sensors, power monitoring

Cell ID – in retail park – several large department stores

GPS – Upmarket Department Store within retail park

WIFI – On second “fashion” floor

Beacon – Dwelled in Handbag Section

Beacon or NFC – Made a Purchase

100m – 1k

10-50m

20-200m

30cm-3m

<20cm

Client privacy! i.e. competitors mapping the store

The promise! Accurate location right up to the moment of purchase

The IOT Devices!

A recent HP study indicated 70% of devices had at least 30 security flaws

There are 5 competing IOT standard bodies... Its early....

Thousands of devices measuring thousands of things!

Privacy – what people care about

Privacy of Personal Information:Credit Cards, Phone Numbers, Contact Lists, Address

Privacy of Personal Communications Email, Text voice, SMS

Privacy of Personal Behavior - the observation of what an individual doesi.e. cameras, clickstream

Privacy of the Person -- the integrity of an individual’s body More sensitive health info i.e. medical conditions

The privacy hotspots – Camera and Audio Sensors

Cameras, audio and Facial Recognition

The privacy hotspots – Proximity

Privacy Principles

1. Notice 2. Choice3. Collection  /  Collection Limitation4. Use / Use Limitations 5. Access (to data held) 6. Onward Transfer 7. Security (passwords) 8. Monitoring & Enforcement

If you need to “Account” for data privacy in your Product or Service you should you focus on incorporating these Privacy Principles in to the product.  Despite the difference in laws by country, these principles are universally applicable and most data laws have elements of these principles within.   Data Protection Regulators will judge products or services based on how well you are able operationalize these Principles. 

Starting with the Connected Home

Notice – you need to first verify who’s data you are collecting!Choice – you need a mechanism to allow someone to opt out without “jumping through hoops”

ROUTER

Smoke Sensor

ThermostatSmart Appliances

SmartTV

Robo Vacuum Cleaner

Connected Door LockSmart Camera

Motion Sensor Facial Recognition System

Amazon Echo – Voice Control

Smart Power Meter

WPP View – Beacon Hotspots

Proximity = Context

Mobile behavioral panels

Digital exposure

& behaviour

Internet browsing Internet advertising Streamed video/audio Internet search and results Apps Installed + usage In-app usage

In-app advertising

Telemetrics

Phone calls/SMS Network/Wi-Fi/data use Battery/CPU Music Video playing

Context & Triggers Location

PII Removal

Algorithm

Adding IOT.. i.e. comparing daily app usage with sleep patterns

Detailed Personal Data Shared

No Personal Data Shared

Generic or no service

Danger!

Ripe for Disruption!

Personalized Servicesor utility

Global Legislation Changes Media Cultural Expectation

Security Hackers

Privacy versus utility tradeoffs

Privacy Activists

Make sure “hacker” culture i.e. hackathons have defined boundaries!

In summary

Navigating IOT requires coordination across privacy, legal, product, IT functions.

Innovation or digital leads should have a “privacy officer” on speed dial.

Ensure you or your platform partner have the WPP sanctioned IT in place.

Expect that innovative use of IOT, will often require a legal opinion.

In doubt apply a “creepOmeter”