Imagine this – you visit your local art museum for the first time in over a year. You’re excited to be back in the physical building! You get to be in the same physical space as the art! You make your way to one of your favorite art pieces in the museum, but when you finally arrive, you find something odd. Next to your favorite art piece is a small camera pointing at you and everyone else viewing your favorite art piece.
Is this to make sure people are wearing masks? Social distancing? Or is it something more?
Museum-goers in Italy are already facing this reality with the inclusion of the ShareArt system in several Italian museums. The system aims to track how long museum visitors spend at the museum piece, creating data to inform exhibition layout and scheduling decisions. In addition, there is interest in having the system capture and analyze facial expressions as mask mandates fall to the wayside. While this project aims to guide museums in making their collections more visible and accessible for museum visitors, it also brings up new and perennial concerns around privacy.
Tracking Bodies, Tracking Data
Libraries and museums are no strangers to counting the number of people who come into a building or attend an event. Door counters installed on entrance/exit gates are a common sight in many places, as well as the occasional staff with a clicker manually counting heads in one space at a specific time. The data produced by a door counter or a manual clicker counts heads or people in an area usually is relegated to the count and the time of collection. This data can get very granular – for instance, a door counter can measure how many people enter the building in the span of an hour, or a staff person can count how many people are in a space at regular intervals in a day. This type of data collection, if nothing else is collected alongside the count and time collected, is considered a lower risk in terms of data privacy. Aggregating count data can also protect privacy if the door or event count data is combined with other data sets that share data points such as time or location.
Patron privacy risk exponentially increases when you introduce cameras or other methods of collecting personal data in door or space counts. Door or space counters with webcams or other cameras capture a person’s distinct physical traits, such as body shape and face. This updated door counter mechanism is a little different than a security camera – it captures an individual patron’s movements in the library space. With this capture comes the legal gray area of if audio/visual recordings of patron use of the library is protected data under individual state library privacy laws, which then creates additional privacy risks to patrons.
Performing for an Audience
One good point on Twitter about the ShareArt implementation is that people change their behavior when they know they are being watched. This isn’t a new observation – various fields grapple with how the act of being observed changes behavior, from panopticon metaphors to the Hawthorn Effect. If a project is supposed to collect data on user behavior in a specific space, the visible act of measurement can influence the behavioral data being collected. And if the act of measurement affected the collected data, how effective will the data be in meeting the business case of using behavioral data to improve physical spaces?
Libraries know that the act of surveilling patron use of library resources can impact the use of resources, including curtailing intellectual activities in the library. Privacy lowers the risk of consequences that might result from people knowing a patron’s intellectual pursuits at the library, such as checking out materials around specific topics around health, sexuality, politics, or beliefs. Suppose patrons know or suspect that their library use is tracked and shared with others. In that case, patrons will most likely start self-censoring their intellectual pursuits at the library.
The desire to optimize the layout of the physical library space for patron use is not new. There are several less privacy-invasive ways already in use by the average library to count how many people move through or are in a particular space, such as the humble handheld tally clicker or the infrared beam door counter sensors. Advancements in people counting and tracking technology, such as ShareArt, boast a more accurate count than their less invasive counterparts but underplay potential privacy risks with the increased collection of personal data. We come back to the first stage of the data lifecycle – why are we collecting the data we are collecting? What is the actual, demonstrated business need to track smartphone wifi signals, record and store camera footage, or even use thermal imaging to count how many people enter or use a physical space at a particular time? We might find that the privacy costs outweigh the potentially flawed personal data being collected using these more invasive physical tracking methods in the name of serving the patron.