3 Concerns of Facial Recognition and Privacy

In the last few weeks, three very interesting articles were published specifically around the use of facial recognition technology. In fact, all three articles address what seems to the central concern around AI-based facial recognition:

  • How should these databases be created?
  • Who should be able to access the technology?
  • How can regulators limit the possible abuse of organizations using the technology?

These new articles are critically important as biometric privacy policies (e.g. facial recognition) is not standardized across the US. For example, the Washing Privacy Act (WPA) has very strict standards around facial recognition while CCPA is a little more relaxed. 

Here are 3 recent articles highlighting different views on facial recognition:

Illinois Class-Action Lawsuit Over Facial Recognition Privacy:

New York has long been a state the empowers the use of technology and the freedom to build exciting companies. Recently one of those companies, Clearview AI is receiving some negative press specifically in the state of Illinois. The Clearview AI technology allows law enforcement agencies to act on real-time facial recognition technology. While this technology has been adopted by other law enforcement agencies across the globe citizens in Illinois feel it is violating their civil rights.

In a recent ZDNET article found here states that Clearview AI was scraping social media outlets and illegally capturing people’s photos. The citizens in the lawsuit are suggesting the process of scaping the photos violates biometric privacy.

It is really interesting about this process is how Illinois is using a class-action method to sue Clearview AI. And how a company not based in NY is still required to meet the privacy standards of another state. This trend will certainly continue until we have a national standard for privacy. Until we will have problems similar to the EU and London noted below.

London Police Using Facial Recognition:

In London police announce they are looking to use enhanced facial recognition technology to improve public safety by identifying criminals in real-time. In fact, the London police department is planning on rolling out the same company Clearview AI mentioned above in the new class-action suit.

A recent article from The New York Times found here highlights several countries and various security forces all finding success with the new technology including Clearview AI and NEC. However, opponents are quick to highlight the inaccuracy of the new technology the basis including gender and race. 

The most interesting part of this article is the police do seem to be as transparent as possible about using this technology. And from the tone of the article, it seems like they will be moving forward with it. However, the rest of the EU may not be in agreement.

EU Considers 5 year Ban on Facial Recognition:

The EU recently released a statement on possibly placing a 5-year ban on facial recognition technologies while the governing body determines how to effectively reduce police officially possibly abusing the technology. A recent article from the BBC can be found here

Regulators’ primary concern is police using surveillance videos to automatically scan the public via automated facial recognition technology. Some are concerned the technology is intrusive and inaccurate.

The best part of this story is the regulators are spending the time to learn the best way to use technology which ensuring public safety via the police department.

In summary, legal bodies need to be in alignment with new technology companies and law enforcement organizations. The real challenge is to know when to use technology to protect the public while ensuring the public is being protected while not abusing the technology. Only time will tell how the marriage of law, justice, and technology will all be aligned. 

Learn More at www.rivn.com

Data Privacy Day – 3 Data Privacy Facts

Data Privacy Day is here! Why is this day so exciting?  Companies are finally realizing the power of privacy can have several benefits including the following:

  • Building brand trust
  • Driving a positive ROI
  • Staying ahead of the global privacy trend.

Because of these key factors, companies large and small are making privacy a major focus in 2020. Companies are implementing new policies, procedures, and technologies to ensure compliance and to stay competitive in this global market.

Here are 3 points on why everyone should celebrate Data Privacy Day:

Privacy Drives Transparency and Increases Brand Loyalty:

Consumers are now realizing the true power of having their data collected by companies across the globe. Wise consumers are now deciding to interact with brands that offer transparency when it comes to customer data. And the ones that offer exceptional experiences by leveraging that same information.

A recent Salesforce report found here suggests that 76% of consumers expect companies to understand their needs and provide a custom experience. That only happens when consumers are willing to share their data with these companies. In fact, according to the same report, 92% of consumers are more likely to trust these companies when they are transparent about the purpose of capturing data.

In short, the companies that are transparent about capturing data will reap the benefit of brand trust if they use that data responsibility and offer a personalized experience.

Data Privacy Drives ROI:

Some companies fall into the trap that privacy is only a cost center. These same companies see new regulations as just another hoop to jump through instead of an opportunity to improve systems, increase customer satisfaction and in turn increase ROI.

Cisco recently published a new data privacy report focusing on hard ROI numbers which can be found here. What is really interesting about this report is for the first time it puts a hard ROI number around privacy accountability. The reporting found on average companies will realize a $2.70 in brand benefit for every $1 spent on privacy and that numbers goes up for larger organizations. The benefits can be found in top-line revenue, increase brand trust, a reduction in data breaches and a reduction in sales cycles just to name a few areas.

Again, this report highlights a real ROI based on thousands of responses when companies make privacy a priority in their organization.

Data Privacy is Growing Across the Globe:

For years the web has been a bit of the wild west in terms of companies collect data consumers and then buying and selling that data everywhere. Now across the globe legal bodies trying to develop laws that encourage business but protect consumer rights.

As you can see in the map below from the World Federation of Advertising new regulations are being rolled out in every part of the world. That means companies can not simply hide and operate in a business as usual mentality. They are all now required to ensure the policy standards meet these global regulations. 

The key takeaway here is no matter what industry you are in or where you are located having strong privacy accountable is the wave of the future and the time to get right is now.

Source: https://wfanet.org/knowledge/item/2020/01/14/WFA-Global-Privacy-Map

In summary, celebrating privacy is important, because it will shape how business gets done in the future and is a reflection on our society. We all need to embrace privacy and trust and next year we will have a bigger celebration!


Salesforce State of the Consumer Report: https://www.salesforce.com/blog/2019/04/customer-loyalty-data-privacy-trust.html

Cisco Privacy Report: https://www.cisco.com/c/dam/en/us/products/collateral/security/2020-data-privacy-cybersecurity-series-jan-2020.pdf

World Federation of Advertisers:




Insights on Google Sandbox from RIVN

Google a subsidiary of Alphabet is one of the greatest company success stories of all time. While the company has diversified into various sectors including self-driving cars, maps, televisions just to name a few. Its advertising business has always been to the financial bloodline of the company.

Google recently announced the concept of a Privacy Sandbox which they would manage. Ad Exchanger recently covered this announcement and the full article can be found here (https://adexchanger.com/privacy/whats-in-googles-privacy-sandbox-nothing-for-now/). The major tag line is Google is planning to phase out 3rd party cookies by 2022. Which puts billions of marketing dollars potentially at risk. At a high level, the Privacy Sandbox would be a collection of web browser-based API versus the cookie code snippets we have today. 

So, here are a few insights:

Google is the major player in digital spend

Google is a major play in the digital spend market. In fact, based on a recent report the company almost controls 40% of the digital ad spending of the marketing by themselves as noted below. With such a controlled hand on the marketing place already it begs the question could Google be creating a monopoly?

Source: https://marketingland.com/almost-70-of-digital-ad-spending-going-to-google-facebook-amazon-says-analyst-firm-262565

Can privacy lead to a monopoly

Google is standing firm that is is not trying to restrict competition rather create a level platform that allows for developers across the globe to participate in the creation of the sandbox and support the creation of the browser API’s.  Which can be found SandBox Github.

Google Sandbox

So, it does seem that Google is making an effort to ensure that across the board fingerprinting is removed and privacy access is equal. But will the fox be able to watch the hen house?  Only time will tell.

Measurement Doomed?

One key area outside of digital advertising they everyone is also concerned about is how will conversion and other traditional tracking be measured. Right now Google is focused on testing and says it has already completed a few tests with clients calling the Google API to receive a specific value to determine conversion event, rather than relying on cookies. It will be interesting to see how historical reporting could be affecting by this completely new methodology.

In summary, it is very early still in this process but a universal standard for tracking and regulatory requirements will help move this initiative or any other forward. We need our legal bodies to act to create a framework that allows for commerce but still protects user privacy. But, everyone can agree, privacy regulations and standards will be shaping how businesses operate in this new decade.

3 Initial Insights on CCPA

The latest high profile consumer privacy regulation called the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. As a result, social media and various publications have been buzzing about the new regulation including users’ experiences.

As background CCPA is trying to give consumers more control over their data including how companies can manage it including selling data. That includes allowing consumers to request access or deletion of their data from companies. Along with expressing if they would like companies to not sell their data.

Under the new law companies that need to meet CCPA regulations include the following: (1) generate $25 million in revenue, (2) have more than 50,000 consumer records in your database, or (3) derive more than 50% of your revenue from selling consumers’ personal info.

After reading these insights I believe everyone can agree the CCPA has empowered the people to take control of how companies capture, store and manage their data.


So, here are 3 initial insights after one full week of CCPA:


CCPA Is Huge On Social Media

CCPA is having a larger social impact than anticipated. While many companies seem to be prepared for CCPA, it does seem like a lot of companies are either not prepared or are taking that stance of none compliance. The most surprising impact of CCPA has been the groundswell of regular people fully documenting their experiences with various brands in regards to CCPA. 

California citizens on their own are creating repositories to make it easy for others to submit data access & deletion requests such as this one here

Also, individuals are documenting how huge companies such as Facebook or OpenTable are simply denying consumer requests for access or deletion of their data. for now, as seen below.

Here is an example of OpenTable denying a do not sell request from one of the co-authors of CCPA Mary Stone Ross also on Twitter @MarySRoss18:

Here is an example of a Twitter user @ampersand_ie reporting back on Facebook denying deletion requests under CCPA:

CCPA is very different than the General Data Protection Regulation (GDPR)

In contrast to GDPR, CCPA has been very visible across the web. While GDPR was highly visible with the privacy community and in Europe, it has heavily focused on consent. While CCPA does have a consent component it is highly focused on consumer data access and deletion rights along with the sale of consumer data.

So for many consumers, they have seen the impact of CCPA directly in communication with them. Even more specifically in many people’s inboxes. You may have noticed emails from several of the companies that you subscribe to recently sending email updates about their privacy policy changes. 

These are directly associated with the anticipation of CCPA. While enforcement of CCPA does not occur until July 1, 2020, responsible companies are preparing now. This will continue to rise along with the use of a “Do Not Sell” button which should become a staple on most sites.

Here is an example from Potterybarn Kids:

The cost of CCPA will be great and teams will need to work closely together

The total cost of any regulation for companies is difficult to estimate. But, a recent article from Bloomberg estimated that CCPA alone will cost companies 55 Billion dollars. 

At these levels companies, internal teams will need to work in harmony. With executive oversight, the teams that have been affected by CCPA have been marketing, IT, legal and finance. 

  • Marketing Teams – These teams have been responsible for creating messaging to ensure consumers about compliance changes that have been seen in banner ads and emails.
  • IT Teams – These teams have been required to audit technology stacks and implement new compliance solutions where required.
  • Legal Teams – Most legal teams have been required to get up to speed on marketing and analytics processes to ensure corporate compliance.
  • Finance Teams – Financial organizations have been required to take new liabilities into account and allocate resources to ensure corporate compliance.

In summary, the last week has been very interesting. Over the next several weeks and months companies will need to be vigilant & flexible to ensure they are not only meeting the new regulation but also meeting social expectations.  Very exciting times!

To learn how RIVN can help please visit www.rivn.com

Consumer Online Privacy Rights Act (COPRA)

Consumers across the globe have heard new acronyms regarding privacy. From the General Data Protection Regulation (GDPR) to California Consumer Protection Act (CCPA). All of these regulations have a simple goal; create trust between brands and consumers. However, most of the regulations have been developed in silo’s at the state or regional level only. 

The latest US legislation is known as the Consumer Online Privacy Rights Act (COPRA). COPRA is designed to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement,” laudable goals and ones on which privacy advocates, consumers and industry are increasingly finding common ground as states around the countries craft disparate rules on privacy protection.

The quote above comes from a recent IAPP article entitled “US Senators Unveil New Federal Privacy Legislation” which can be found here. The article also highlights the penalty level included in COPRA which is between $100-1,000 per infraction per day.

One novelty or twist that COPRA brings to the table is the bill tackles algorithmic decision-making, requiring those engaged in the practice to facilitate advertising or eligibility determinations for housing, education, employment or credit to conduct an impact assessment annually for accuracy, fairness, bias and discrimination. Challenges related to “deep fakes” are also addressed.

Below is an excerpt from the article that highlights the six pillars of COPRA:

Consent: The bill requires individual consent for data processing, including express affirmative consent for processing sensitive data, which is very broadly defined but excludes “publicly-available information.” Much like the California Consumer Privacy Act, COPRA provides individuals the right to opt out of the transfer of their covered data for “valuable consideration” and would grant the FTC rulemaking in that area.

  1. Access: The act requires covered entities to provide individuals with their own covered data upon request, in a portable format, as well as the name of any third party to which it has been transferred for valuable consideration.
  2. Correction and deletion: Individuals are granted the right to correct and delete their own covered data.
  3. Transparency: Covered entities must publish a privacy policy that includes information commonly seen in such policies today. This includes contact information for the entity, the categories of data processed, and the categories of third parties and service providers to which information is transferred. Somewhat more novel requirements include retention timelines, and perhaps more contentious, the identity of each third party to which covered data is transferred. The policy must be made available in all languages in which the covered entity does business.
  4. Data minimization: Covered entities may only process covered data for specific purposes, subject to necessity and proportionality standards.
  5. Data security: Covered entities must provide reasonable security, assess vulnerabilities, implement corrective action when risks are identified and dispose of data that is no longer needed.

As noted in the third bullet point above consumer deletion request will continue to be a key part in almost all new privacy regulations. For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. 

Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below:

The Power of Privacy

If you search the term “privacy” in Google you would see about 19 billions results in half a of second. The reality is people across the globe are interested in learning more about privacy and how they can protect themselves. More importantly the power of consumer privacy is on the rise. Recent news stories have highlighted the power of privacy in regards to big technology companies and political campaigns. 

Pew Research recently reported that “roughly six-in-ten U.S. adults say they do not think it is possible to go through daily life without having data collected about them by companies or the government.”

The team at Forbes recently published a great article found here. The article gives great background into how the rise of privacy has become a mainstream topic along with certain business vertices and technologies that are the most impacted.


Below is an excerpt from the article:

Andrew Hawn, my former colleague and now founder of MetaForesight, is a technology, media and content expert. Andrew has been collaborating with my analytic startup, Metametrix, and we recently spoke about privacy and its far-reaching implications.

“We’re seeing a social shift in the long term effects of privacy…. As billions more in venture investing targets our personal data for resale in a multitude of ways, people are starting to more deeply question their growing lack of data privacy and control.”

Andrew went on to say:

“The truth is that there is only so much regular citizens can do without laws and policies that empower citizens to retake some personal data power. The EU’s GDPR was a blunt first instrument, and now California’s CCPA is trying to take a slightly smarter approach starting in 2020.”

“Just trying to turn things off by playing whack-a-mole won’t work; we need new innovations focused on protections that are more conversation driven and transparent.”

What these comments do give insight to is new technologies such as RIVN need to be in place so companies have the ability to respect user privacy preferences. All companies will need to adopt scalable technologies that lead to compliance.  

For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below: