When it comes to data protection, transparency and trust are essential

Fountain Square in Downtown Cincinnati Is a Public Square That Works for the City and Its People in a Myriad of Ways: Light Rain Falls at End of Noontime Israeli Birthday Celebration 05/1973
Fountain Square in Downtown Cincinnati Is a Public Square That Works for the City and Its People in a Myriad of Ways: Light Rain Falls at End of Noontime Israeli Birthday Celebration 05/1973

When it comes to privacy, two key success factors are transparency that engenders trust. Responsible data processing is how you move from transparency to trust.

I wrote an article about this which I published on LinkedIn (it was also published on MarkLives) which I titled “Trust is more important than sales“. You may find it interesting.

Brands, accurate facial recognition and why transparency is critical

Introducing accurate facial recognition into the mix potentially removes the need for you to tell Facebook (or a future Facebook connected site or app) who you are before your data is shared and your experience modified. All you will need to do now is show up and let a camera see you long enough to capture a reasonably clear image of your face. From there you will be identified, placed into a particular context and things will happen. As a brand, there are some interesting opportunities. Imagine your guests arrive at your event and, instead of relying on guests to manually check in, a webcam at the door connected to your Facebook Page recognises the guests as they arrive and posts an update in your stream sharing their arrival. This isn’t happening yet but it is very possible. 

Facebook’s new artificial intelligence group recently published a research paper titled “DeepFace: Closing the Gap to Human-Level Performance in Face Verification” which describes its advances in facial recognition technology. The abstract is pretty technical so I highlighted the big takeaway that may interest you:

In modern face recognition, the conventional pipeline consists of four stages: detect => align => represent => classify. We revisit both the alignment step and the representation step by employing explicit 3D face modeling in order to apply a piecewise affine transformation, and derive a face representation from a nine-layer deep neural network. This deep network involves more than 120 million parameters using several locally connected layers without weight sharing, rather than the standard convolutional layers. Thus we trained it on the largest facial dataset to-date, an identity labeled dataset of four million facial images belonging to more than 4,000 identities, where each identity has an average of over a thousand samples. The learned representations coupling the accurate model-based alignment with the large facial database generalize remarkably well to faces in unconstrained environments, even with a simple classifier. Our method reaches an accuracy of 97.25% on the Labeled Faces in the Wild (LFW) dataset, reducing the error of the current state of the art by more than 25%, closely approaching human-level performance.

According to the MIT Technology Review’s article titled “Facebook Creates Software That Matches Faces Almost as Well as You Do”, human beings recognise faces correctly 97.53% of the time which makes DeepFace just about as accurate as humans when it comes to identifying your face. What does this mean for brands? Quite a lot although probably not right away.

One of the service features that will continue to distinguish brands and their service offerings is a brand’s ability to present its customers with a deeply personal and meaningful service. Brands have been working on ways to personalise their services for quite some time and have used demographics, location, culture and, more recently (and as we have increasingly seen on Facebook and Google properties), your interests. All of this information is being associated with your identity so when you connect to a site or an app with your Facebook profile, for example, you share your interests, connections and other signals from your profile with the site or the app which then customises your experience, tells you which of your friends are also using the site or the app (making it more likely that you will continue to use it) or do a number of other things to present a version of the site or the app that is more relevant to you.

Introducing accurate facial recognition into the mix potentially removes the need for you to tell Facebook (or a future Facebook connected site or app) who you are before your data is shared and your experience modified. All you will need to do now is show up and let a camera see you long enough to capture a reasonably clear image of your face. From there you will be identified, placed into a particular context and things will happen. As a brand, there are some interesting opportunities. Imagine your guests arrive at your event and, instead of relying on guests to manually check in, a webcam at the door connected to your Facebook Page recognises the guests as they arrive and posts an update in your stream sharing their arrival. This isn’t happening yet but it is very possible.

Of course whether users allow this will likely depend on Facebook’s (or the relevant service’s) data protection policy (with this sort of technology, the term “privacy policy” is totally inappropriate – privacy is a memory) and the controls Facebook will make available to users to permit the service to automatically identify and tag them more publicly than it does at the moment. The challenge is that most users don’t pay much attention to their privacy settings and don’t customise them to suit their preferences. That doesn’t prevent them from being outraged when brands use their profile data in otherwise permissible ways. This may not seem like a problem but, from a reputation perspective, it can be.

Even though this technology is not implemented particularly widely, accurate facial recognition associated with identities and personal information profiles is probably not far off. It is going to scare consumers who will become aware of the myriad cameras and opportunities for them to be identified and located in specific contexts. The remnants of their privacy (by obscurity) will be whittled down to almost nothing and they won’t expect it. As a brand, this technology offers a number of opportunities to engage with customers in a very meaningful and personal way but catching them by surprise is almost certainly going to backfire, largely because the backlash will be so much more intense, precisely because the possible applications of this technology are so personal.

Preparing customers for implementations of these sorts of technologies and reducing the risk of significant reputational harm requires transparency and a healthy dose of courage to be as transparent as you need to be about how you intend engaging with your customers. As I pointed out in my talk at the recent SA Privacy Management Summit, brands have little to gain by being opaque. Transparency is a critical risk management tool, it engenders trust and keeps brands accountable and honest. That is scary for brands not accustomed to being in the spotlight but if they want to engage more effectively with their customers and earn their loyalty, they can’t do it by being evasive and catching their customers by surprise.

Widespread facial recognition will have a fairly profound impact on data protection when businesses adopt it on a larger scale. The opportunities for brands are tremendous and could, literally, revolutionise how a customer perceives a brand. To paraphrase a worn adage, with this great power comes great responsibility and brands should think carefully about how to introduce these tools to their customers and obtain their buy-in. Even though facial recognition is still in fairly limited use, brands have been using various tools and techniques to leverage customers’ identifies and personal data to customise their experiences of a brand’s products and services for some time now. Transparency is more likely to win customers’ trust even though it scares many brands silly. That said –

Courage is not the absence of fear, but rather the judgement that something else is more important than fear.

— James Neil Hollingworth

Lessons learned from Google’s Transparency Report

Google makes a number of people nervous when it comes to personal information and has made its share of mistakes. That said, Google has also made significant strides in giving its users greater control over their personal information on its servers. While users have a pretty good idea what personal information Google has collected from them and have options when it comes to getting that personal information out of Google’s services, the one area which Google has remained somewhat opaque about is what personal information Google has been giving government agencies behind the scenes … at least until now.

What many people may not realise is that Google can be compelled to hand over users’ personal information to a variety of government agencies, worldwide. This may be in terms of local regulatory or law enforcement mechanisms. Google’s privacy policy deals with this and states that it may hand over your personal information when faced with such requests:

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

  • We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
  • We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
  • We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

This is not unique to Google and you will find that virtually all companies that take privacy policies seriously will have provisions that inform you about their obligations to hand over personal information in these circumstances.

While Google is required to comply with many of these requests, it has taken a rather bold decision not to hide these requests from its users and, in fact, to expose these requests in an aggregated form to its users through what it calls its Transparency Report. This initiative makes sure that users know which countries make requests of Google and how Google generally responds to these requests:

Transparency Report - Government Requests

The Transparency Report also reveals how much traffic its various services receive. This data can be broken down by region too:

Transparency Report - Traffic

Online privacy is a tough challenge to meet and Google has made its share of mistakes. That said, the search giant is also at the cutting edge when it comes to giving users better information about what it does with their personal information. This latest initiative reminded me of the recent PigSpotter debate and subsequent reports how local law enforcement is dealing with the PigSpotter phenomenon – poorly. The Transparency Report seems to stand in stark contrast to efforts to clamp down on PigSpotter by, among other things, reportedly conducting illegal searches of motorists’ mobile phones for hints of their involvement in the PigSpotter phenomenon. It also stands in stark contrast to the South African government’s efforts to implement its controversial Protection of Information Bill which will likely take media freedom back at least two decades and cripple the right to freedom of expression for the sake of avoiding the embarrassment of having politicians’ failings exposed in the press.

Google’s Transparency Report is a reminder of the need for a degree of transparency and the accountability that transparency brings. It is also a reminder that companies like Google can still be required to hand over personal information to government agencies which may not share Google’s respect for your personal information (its only fair to note that my perception of Google’s respect for privacy is not universal and there are valid criticisms of Google’s handling of personal information). We can only hope that this spirit of transparency and respect for privacy visibly filters through to our government agencies and authorities.

As an aside but on a related note, take a look at this video if you are curious about Google’s approach to privacy generally. Also be sure to take a look at Google’s Privacy Centre for more information.