Privacy: Building Trust for WebAR

Advertising is becoming even more personalized, combining data, voice, imagery and more for highly customized experiences. What does this mean for your AR campaign?

WebAR Demo by Geenee

Augmented Reality is enabling us to add a new digital layer to the world, opening the camera lens to more sophisticated interactions and personalized content. With three dimensional experiences, this means we are also capturing new data sets that are unique to the medium. At times, technology has changed faster than regulations can keep up, putting the onus on companies to develop a forward thinking approach to privacy by design.

According to Gartner market research, by 2020 there will be 100M consumers shopping with AR online and in stores, and 46% of retailers plan to integrate Augmented Reality or Virtual Reality into shopping experiences. As more people are entrusting their personal data with cloud services, consumers are increasingly aware of how data is collected and used, putting privacy at the forefront of consumer valued services. As we invite audiences into the new and wondrous world of WebAR, what does this mean for consumer trust and your Augmented Reality campaign?

IKEA’s Augmented Reality in use (above). Gartner reports 46% of retailers plan to integrate Augmented Reality or Virtual Reality into shopping experiences.

Privacy Matters

Privacy is important to everyone, from individuals, customers, website visitors, product users, employees, and businesses of all sizes. In the past few years, lawmakers have responded to calls from their constituents to enact stronger privacy protections around how consumer data is collected and used.

In May of 2018 the GDPR (General Data Protection Regulation) was enacted as Europe’s new data privacy and security law. GDPR imposes obligations on organizations located anywhere in the world, which target or collect data related to citizens of the European Union. Since the GDPR was made into law, large fines have been imposed against tech companies that have violated its privacy and security standards, and more than 200,000 investigations were executed in the first twelve months of the law’s enactment. Companies fined to date include Google (€50M euros) in relation to transparency and a lack of valid consent. In 2019, Facebook paid a fine of £500K over the Cambridge Analytica Scandal, an incident that occurred even before the GDPR was officiated. Still in the early days of enforcement, fines are expected to become more prevalent and a costly deterrent to privacy and data breaches. Under the GDPR, a company can be fined either 20 million euros or up to 4% of their annual revenues, whichever is the greater amount.

GDPR, Europe’s data privacy and security law.

In response to the Cambridge Analytica scandal and GDPR, California lawmakers enacted the California Consumer Privacy Act of 2018, which provides consumers greater control over how their personal information is collected, stored, and sold. It includes the right to know what information is collected, how it is shared, the ability to opt out of businesses being able to sell personal data, and to request that personal information is deleted. This evolution in data privacy regulations is putting greater power into the hands of consumers as they are able to have a say on how their data is handled. Data management will only become more complex, and transparency even more important.

Even ahead of California’s enactment of its mirror legislation, tech giants Apple and Microsoft declared their support for the GDPR and similar legislation in the U.S. “We shouldn’t sugar-coat the consequences,” said Apple CEO Tim Cook in a speech at the International Conference of Data Protection and Privacy Commissioners in October 2018. “The implication of fully functioning privacy in a digital democracy is that individuals would control and manage their own data and organisations would have to request access to that data rather than the other way round,” he said.

This level of outspoken commitment to privacy protection has set Apple, and other companies that have adopted the GDPR as their governing privacy standard, apart as leaders in consumer privacy. These proactive approaches offer consumers a right to privacy.

Apple CEO Tim Cook in a speech at the International Conference of Data Protection and Privacy Commissioners in October 2018. Image Credit: Isopix/REX/Shutterstock via TIME.

Appless AR, by design, protects users’ information. This contrasts with privacy-invasive apps that often demand personal identifying information such as email, date of birth, location, and phone number prior to accessing the mobile app.

As a company at the forefront of the development of WebAR and image recognition software, Geenee is fully compliant with privacy requirements. We remove the last four digits from a users’ IP address, making it impossible to identify Geenee’s WebAR users. The diagram below illustrates Geenee’s pipeline that protects user information:

As a prominent WebAR software provider, Geenee does not collect GDPR relevant personally identifiable information (PII). Computer vision is run directly through a user’s mobile device, and the images are transmitted for matching and annotation purposes. The image includes the picture itself, the IP address (last 4 digits are removed), and browser information. Images that are transmitted to the server are randomly stored for a maximum of 90 days, and can only be accessed for the purpose of quality control for our image recognition algorithms. After a maximum of 90 days, any image data is permanently erased, and the server logs are automatically erased after 30 days.

Working on the cutting edge of any technology, each iteration enables greater interaction between new digital layers, the camera, and the audience. This means we can learn more about user behaviors to amplify the consumer experience, in compliance with privacy and data standards. User Experience is key to resonating with audiences. From a business standpoint, campaigns that succeed are well researched, empathetic, and provide real value and connection. Data is invaluable, but not at the cost of private information, which can be safely protected throughout the execution of an AR activation.

Geenee’s WebAR activation for Star Wars. You can try it out here.

Due to a range of factors, including persistent protests against racial discrimination, and the concerns of BLM (Black Lives Matter), companies such as IBM, Microsoft, and Amazon have opted to deny police departments access to their facial recognition technologies. According to Business Insider, IBM will halt the sale of its software for “general purpose” facial recognition, while Amazon is imposing a one-year suspension on the sale of its facial recognition software to law enforcement, and Microsoft says it doesn’t sell facial recognition software to US police forces and will not do so until legislation is passed governing the use of the technology.

Facial Recognition Technology, image source: CPO Magazine

When talking about privacy and WebAR, it’s important to understand the difference between facial recognition (above) and facial tracking (below) — the technology that is used for WebAR, as well as app-based AR lenses from Snapchat. Facial recognition maps facial features from a photograph or video and compares the information with a database of known faces to find a match. In contrast, facial tracking only identifies facial landmarks such as eyes, lips, nose and mouth. When a face is detected, image processing creates a mesh for each unique face, and then applies AR features. In facial tracking, there is no cross-reference to a database to identify each user.

Facial tracking technology, image source: Tubefilter

Technology has incredible potential to make the world a better place for all — democratizing access to education, equalizing opportunity, and bringing diverse cultures and perspectives to light. IBM stated, it “firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency.” Privacy is not just important to data protection and privacy, it’s an important part of protecting our society.

If you have any questions on data and privacy for WebAR, or are interested in learning more about Geenee WebAR, please reach out to our team at: contact [at] geenee.me.