Renew’s recycling bins identify smartphones with Wi-Fi switched on, but the London startup says it isn’t snooping
The City of London Corporation has ordered a provider of recycling bins in London to stop a trial in which its bins monitored the phones of passers-by for targeted advertising purposes.
London startup Renew has been operating 100 recycling bins in the East of London since the London Olympics, which are funded by advertising delivered over the Internet to digital screens on the receptacles. Twelve have been fitted with “Renew ORB” technology, which sniffs out signals from nearby smartphones when their Wi-Fi is turned on, and uses that data to glean specific information about behaviour. According to Quartz, the trial is designed to help Renew target its adverts, gathering personal data without permission, but the firm denies it is breaching privacy.
After concerns over privacy emerged, the City of London asked Renew to halt the trial, and has referred the case to the Information Commissioner’s Office (ICO). Despite earlier claiming its project was nothing to complain about, Renew’s CE£O Kaveh Memari says the company has “stopped all trials in the meantime.”
Privacy threat rubbished
When the story broke lat last week, Memari was adamant there was nothing to complain about: “I’m afraid that in the interest of a good headline and story there has been an emphasis on style over substance that makes our technology trial slightly more interesting than it is,” said a statement from Memari .
The trial only identified devices by their manufacturer, says Memari, and provided “anonymised and aggregated” data. MAC addresses are unique, and each manufacturer has a unique block of them, so it can tell which manufacturer makes each phone in the vicinity of the bin.
“It is very much like a website, you can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website,” said Memari. “For now, simply think of ‘Phase 1′ testing as a glorified counter on the street.”
It is true that the trial was just that – a trial. The image from Renew’s materials shown here makes that clear, as it shows a bin which has apparently spotted three devices from three different manufacturers – all with the same MAC address.
Memari says that the media storm has been “extrapolated”, based on “capabilities that could be developed and none of which are workable right now.” However, Renew did the extrapolation itself, and was offering to build those “unworkable” capabilities in its promotional materials.
Renew’s original release bills the test as measuring “variables in market share between mobile handheld providers within the City’s Square Mile”, but also promises to measure the speed and movement of individual phones.
Renew’s release about the results of that trial specifically says the firm is “working on proposals for clients to combine the Renew ORB technology both within the Renew Pods on the street and their venues in the City of London”.
It claims this could help shop and bar owners to “map the total footfall percentage within a 3-4 min walking distance of the shop. Further, we can identify which streets are not being captured and use the screens on the Renew Pods to drive further traffic into the shops. We will see all MACs that currently shop at the stores and we will be able to measure any new MACs arriving into the venue and the route they take.”
Renew offers to provide data on “linger time”, to measure which parts of a store are visited most, and make sure customers see adverts before their arrival.
”London is the most heavily surveilled city in the world… As long as we don’t add a name and home address, it’s legal,” said Memari.
Some question this view: GigaOm’s David Meyer quotes an opinion from the EU’s Article 29 working party, which provides advice to regulators, saying “the combination of the unique MAC address and the calculated location of a Wi-Fi access point should be treated as personal data”. This means that anyone gathering this data would be required to ask permission, just as they do for ‘cookies’.
In response to the outcry, Renew has now promised to consult on future developments: “Come the time we discuss creating the future levels of protection, we can move to an improved service where we can bring better content to people. In doing so, we may find that the law has not yet fully developed and it is our firm intention to discuss any such progressions publicly first and especially collaborate with privacy groups such as EFF to make sure we lead the charge on this as we are with the implementation of the technology.”
TechWeekEurope contacted Renew, and received the official statements quoted here.
Are you on top of privacy? Try our quiz!