The advent of 5G mobile data networks could take threats to personal data and privacy to a new level, the Information Commissioner’s Office has warned.
The potential for large volumes of data to be transferred at high speed over constantly connected networks, which can communicate with personal devices such as smartphones, opens up a variety of marketing uses that could be “creepy” and “intrusive” and poses “dramatic challenges”, according to the ICO’s executive director for technology policy and innovation Simon McDougall.
“The kind of possibilities we currently only have via the Internet of Things in some people’s homes are going to be possible out there on the street all the time,” he told the DMA’s Data Protection 2019 conference in London today (1 March).
Having returned from this week’s Mobile World Congress trade show in Barcelona, McDougall pointed out that use cases of 5G have begun to appear in nascent form. One “exciting but potentially very intrusive” example is the ability for digital outdoor advertising sites to communicate on a constant basis with personal devices such as smartphones and wearables.
Marketers and the ICO – as the enforcement body for data protection laws – will need to act with care to ensure such applications of 5G do not cross the line, remaining useful to consumers and respectful of their privacy, he cautioned.
The warning came in a speech that also addressed the regulator’s activities since the EU’s General Data Protection Regulation (GDPR) came into force last May. These include consulting on a code of practice for direct marketing at the end of last year, which will lead to the publication of a consultation paper this summer and ultimately legally enforceable standards for the sector.
Online advertising ‘a concern’
It has also hired a research fellow who will design a framework for auditing artificial intelligence algorithms to ensure GDPR compliance, and will shortly invite applications from businesses to take part in what it calls a ‘regulatory sandbox’. The ICO will nominate 10 to 15 businesses of various sizes to propose data-driven innovations, working with them in a risk-free environment to explore the compliance issues that might arise.
I don’t think the person on the street knows what’s going on and that in itself is a concern for us.
Simon McDougall, Information Commissioner’s Office
Meanwhile, the ICO is placing significant focus on its oversight of the online behavioural advertising industry. McDougall revealed the results of research commissioned by the ICO that found while 63% of people said it is acceptable for websites to be funded by personalised advertising, once it gave a basic description of how personal data is used in the process, the figure dropped to 36%.
While 76% knew advertising might use data from a person’s browsing history, only 36% were aware this could include unique identifiers, according to McDougall.
“At a very basic level I don’t think the person on the street knows what’s going on and that in itself is a concern for us,” he said.
It is for similar reasons that the DMA is now working with ISBA on a set of best practice guidelines for digital advertising. DMA chief executive Chris Combemale pointed out that data-driven marketing stands at a crossroads almost a year since GDPR came into force, arguing that it “can choose to become the UK’s most customer-focused community” or take an altogether more destructive path.
“We can be an industry that puts short-term profit above long-term loyalty. An industry that uses data, technology and creative to trick customers into a quick sale. An industry that targets obsessively, as if our customers only want to buy what they have always bought,” said Combemale.
“Or we can be an industry that chooses to create truly engaging customer experiences. An industry that reinforces community values. An industry that builds trust. An industry that earns respect for our talent, our skills and our sense of responsibility.”