Youssef Sarhan writes:
A few days ago, I came across a photo which showed what appeared to be a digital advertisement screen in a restaurant in Oslo. However, the software running the advertisement screen had crashed and was revealing a log of what the software was doing. It turns out, the advertisement screen was using a camera to automatically profile everyone that passed by.
After sleeping on it, this reminded me of the increasing number of digital advertisement screens I’ve seen popping up around Dublin City. You’ve probably seen them too, they are pretty eye-catching. Here’s what they look like, this one (top) is in Capitol Bar. (There are at least two in Capitol Bar).
The company behind this screen is called “Orb”, their website can be found here. They have about 70 screens spread across Dublin, Cork and Galway. From speaking with Orb, I’ve discovered that approximately 10 of the screens are equipped with cameras, but they intend to increase this number soon.
If you didn’t notice, there’s a small camera that sits at the top of some of these screens. These cameras are used to track and identify the behaviours of everyone who walks by — you’ll find no signs up to explain this. Children are also included in their profiling, which I discovered based on a conversation I’ve had with Orb on the phone.
Thud.
Anyone?
Thanks Owen Derby
“Won’t somebody think of the children”.
It is not illegal to photograph people in public.
I don’t really care. The Gardai have cameras up too and they appear to do worse things with the footage.
Would this be considered covert surveillance?
The Data Protection Commissioner’s website has some interesting stuff to say on covert surveillance.
https://www.dataprotection.ie/docs/Data-Protection-CCTV/242.htm
The use of recording mechanisms to obtain data without an individual’s knowledge is generally unlawful. Covert surveillance is normally only permitted on a case by case basis where the data are kept for the purposes of preventing, detecting or investigating offences, or apprehending or prosecuting offenders. This provision automatically implies that a written specific policy be put in place detailing the purpose, justification, procedure, measures and safeguards that will be implemented with the final objective being, an actual involvement of An Garda Síochána or other prosecution authorities for potential criminal investigation or civil legal proceedings being issued, arising as a consequence of an alleged committal of a criminal offence(s).
Covert surveillance must be focused and of short duration. Only specific (and relevant) individuals/locations should be recorded. If no evidence is obtained within a reasonable period, the surveillance should cease.
If the surveillance is intended to prevent crime, overt cameras may be considered to be a more appropriate measure, and less invasive of individual privacy.
Also this, in relation to sensitive personal information:
https://www.dataprotection.ie/docs/General/1237.htm#3
1.3 What is meant by sensitive personal data?
Sensitive personal data is defined in the Data Protection Acts as any personal data as to –
(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject
[…]
The Data Protection Acts require additional conditions to be met for the processing of such data to be legitimate. Usually this will be the explicit consent of the person about whom the data relates.
But you need to read that along side what “personal data” means:
“personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.”
Which doesn’t apply here. I can be identified by CCTV. I can be identified by my name on medical records, I can’t be identified by a description of who I am.
The new marketing is icky and creepy, but it isn’t storing my gender, approx age and whether I’m smiling or not is not covered by data protection.
er, it is. that’s the whole point – they sell advertisers data on what type of people (gender, age, anything else they can model) look at the ads. to do that they have to store and process your personal information (photo) which you should have consented to
From the articles mentioned, the screen grab shows description of gender, approx age, whether you looked and your approx reaction if you did. I haven’t seen that they are storing actual pictures of individuals, only the processed information.
Nothing on those screen grabs could identify an individual.
how do you think that could actually be achieved? you think the billboard is capable of executing that? no, the billboard is taking photos, which are then sent somewhere else for analysis (i.e. to find faces in the photos, decide whether or not they are male or female, what age they are etc.)
there’s zero chance that analysis is taking place locally – hence, photos are being transferred
But is it being stored? We don’t know and so cannot, as you did state as an absolute fact that it is in breach. Especially when you paste a link below that is stating existing laws may not be adequate…Implying this practice is outside the scope.
I’m not in favour of this, but I don’t see the data protection breach from the info we have
there were a an article a month or so ago, maybe on Ars Technica, about US/EU ISP’s selling user information/browsing history etc to marketing groups and a push for individuals to claim ownership of this information and claim a ‘cut’ of the profits back-dated for however many years it’s been going on. Could claim the same here. If data is gathered from an individual, lawfully or unlawfully, does that data now belong to the gatherer or the person it was gathered from?
Dirty stuff.
Bit of nail polish/lipstick on the glass will do the job.
Interesting.
Have a read of this first: https://www.dataprotection.ie/docs/Data-Protection-CCTV/m/242.htm
I’m guessing that they don’t comply with the guidelines.
When you say ‘track’ and ‘profile’ what doe sthat mean exactly? They just a get a photo surely? So how would that profile or track you? maybe I’m missing something?
You’re missing the outrage.
You should be outraged by this because………..something
This is the story I saw about the digital sign in Oslo:
https://nakedsecurity.sophos.com/2017/05/11/would-you-like-a-side-of-facial-recognition-with-your-pizza/
This sign was profiling the viewers of the advertisement, recording (and presumably storing) demographics, such as sex, age range, where they were looking, if they smiled, and for how long, etc.
So what? CCTV does that to everyone.
Furthermore, I actually clicked your link which pretty much disputes the point you’re trying to make – no spying going on.
From the link
“Newman theorized that the only intention of the advertising app is to engage customers and to collect demographic statistics for tuning targeted advertising. Another Redditor, vincent__h, said that sounded right. There’s no spying going on, they said – just plain old marketing:
I’ve worked with digital signage (not with Peppes) and that’s exactly what is happening here. No video or photo is recorded or sent anywhere. It’s just a facial recognition software running on a PC which logs impressions for the display. Set up correctly you’ll get decent stats for every message on the screen enabling the content producers to improve the overall effectiveness of the signage. No one at Peppes has time to spy on passerby’s :) “
If they’re not, they could get themselves into a good bit of trouble. Does the Data Protection Commissioner not fine per breach of data? If this company had recorded say 2,000 people illegally over a 24 hour period, that would equate to 2,000 separate fines
What data have the breached?
Eh, possibly this bit:
“The Data Protection Acts require additional conditions to be met for the processing of such data to be legitimate. Usually this will be the explicit consent of the person about whom the data relates…”
That’s great but that relates to “Sensitive Personal Data” – whether a person is male or female or young or old and where they look is not “Sensitive Personal Data”
Sensitive Data in the link is defined as:
“(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject,
(b) whether the data subject is a member of a trade union
(c) the physical or mental health or condition or sexual life of the data subject,
(d) the commission or alleged commission of any offence by the data subject, or
(e) any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings. “
Start jibbing off in front of the camera, then they will be in breach of processing your sexual life (preference for public lewdness) and then they get fined when an advert for Youporn comes up.
would this bit not relate to everyone they film, e.g. their racial or ethnic origin
“(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject,
@rob
Firstly it’s not personal (the camera cannot identify the specific person),
Secondly, the color of one’s skin or shape of their eyes does not identify a person’s ethnic or racial origin. We are now all able to self identify! It’s what’s inside that counts
facts schmacts ! Andy :) don’t get in the way of the rage!
*hi fives Andrew*
Public filming – what a rich new seam of clickbait
https://www.rte.ie/news/business/2017/0407/866084-new-ad-technology/
“Potential benefits to customers are not the issue,” said Liam Herrick, director of the Irish Council for Civil Liberties.
“The issue is that individuals can sacrifice knowingly or more likely unknowingly aspects of their privacy real and potential for commercial ends and I think that is something we need to be very mindful of,” he stated.
The council says lawmakers here need to examine such new technology to see whether the existing laws are capable of vindicating peoples rights and if they are not then legislation needs to be changed.
And that’s the point, rob, as you and a few others appear to understand.
I picked up a nice little glass coffee cup in Nespresso shop recently to have a look at it. Later that day the same cup kept popping up in an Nespresso ad on my FaceBook feed. Got me thinking and some friends and colleagues had similar experiences with different products they had checked out in certain shops.
location services.
and not at all creepy.
Creepy is relative term. It’s not spooky.
Agreed. Not spooky. Creepy as in ‘ew, ye creep’.
I get a vaguely creepy feel from it, but just in a weirded out kind of way and pretty irrational considering the amount of info I volunteer to google to everyday.
Oh yeah! I couldn’t work it out.
One could have a bit of fun seeing who gets shown different ads.
I’m going to borrow a Trump and a Clinton mask next time I’m in town.
Video detection is nothing new. Those little round, black sensors with the red light on them at some traffic lights are video sensing cameras too.
You can detect what is happening in the field of view to your heart’s content and use it to gather anonymous METADATA on targets in the field of view. Perfectly legal .
If you are recording their images, then you’re in trouble.
How do we know they are not using stills to run through facial recognition profiles against facebook say?
You can’t profile an image without a signifigent amount of other known data otherwise all you get is:
Sign is ignored by myopic young wans
Sign is read by men circa 45 with bright clothes
Sign is read and giggled at by gaggles of girls who were otherwise giggling
99% of nuns ignore the sign
100% of gurds in uniform look longingly at the sign
That fella with the blood stained lab coat and the dismembered head in his hand…… never mind.
Would it be illegal to cover the camera lens (say with a piece of tape that could be removed…no ‘damage’ to camera)?