Teemo can relaunch the collection of geolocation data in France


Data is the future of the business, and even the present for many of them. This is the philosophy of "data driven business", which is spreading today in organizations. For the retailers, a particular data is of particular interest: the geolocation. This data makes it possible to track the movements of a person and therefore its passage in or near points of sale. In short, it is a lever that, exploited, can help generate revenue. Some actors saw the opportunities available to them and developed services based on geolocation. This is the case of the drive-to-store.De 10 million mobile users to zero In France, several companies evolve in this sector. They are called Fidzup, Singlespot, Vectaury, Roofstreet and Teemo. To operate and provide services to brands and outlets, they need data. A lot. Smartphones provide more than ever before. Better, the users do not leave them. Teemo quickly grew and established in France a base of more than 10 million mobile users (and for each one, collected hundreds of location points every day by advertising ID), but not without attracting attention and questions, and in particular: are individuals aware of sharing their geolocation data for advertising purposes and have they given valid consent to this collection? In July this year, the French regulator personal data, the CNIL, ruled that no and put in business the company, as one of its competitors, Fidzup. The two companies have in common to base their model on an SDK, a software kit. This one is proposed to publishers of applications with wide audience like Le Figaro, Marmiton or Closer. The mobile app embedding this software code will thus make trace the geolocation data to Teemo, which compensates the publisher in return. The user of Figaro (who has since removed the SDK) was informed and consented? Unless you read the TOS, it's unlikely. This is also what the CNIL has ruled, which in its formal notice concluded that "consent is not collected as the law requires." This decision, also made public by the authority, signed the shutdown of Teemo's business. For lack of a valid consent, impossible indeed, and even prohibition, for the player of the drive-to-store to collect any data. Teemo has therefore worked hard to make the changes expected by the CNIL and restart its activity.But from scratch. The database of Teemo contains "to date, zero" data, confirmed on October 8 to ZDNet the director of France of the company, Alexandra Chiaramonti. "In the eyes of the CNIL, no one in France collected the geolocation in a way that met their expectations, and the consent was not legally collected, so any data collected without proper consent had to be erased." "Adjustments" , but a model that is not questioned From scratch – at least in France – but Teemo is back on track. The demands of the regulator have obviously been met since it has lifted its formal notice on 4 October. The company's managers also want to make it known, as they want to insist on the legality of their business. "Our promise, which is to generate visits to point of sale, has never been questioned" says Alexandra Chiaramonti. On the other hand, Teemo had to make "adjustments", especially in the collection of consent. And it will be done through "a banner" displayed in partner applications, collection points of geolocation. "We have made many trips back and forth with the CNIL and we have today A banner fully validated by the CNIL Since last week, we ask our publishers to set up to collect the data again. "Display a banner was only part of the work, however. The terms used are also essential to be able to claim compliance with the legislation: "When we open an application in which our SDK is integrated, we see a banner that details very precisely the fact that we will ask the geolocation, and this The mobile user can accept or refuse, but in no case should influence the choice.It is the principle of the RGPD applies "details the head of the company.How concretely this banner and what is the terminology used? The leader remains vague and did not wish to communicate to ZDNet a copy of the banner deemed compliant by the CNIL. And she explains: "I'm going to be very sincere: currently, we are the only ones on the market to have a completely compliant banner, so we have a competitive advantage for a while." It will therefore be necessary to wait until the first publishers partners (which?) Deploy it to get a better idea of ​​how consent can now be collected by these actors. The collection of consent today a competitive advantage Teemo also brought , at the end of "long and complex exchanges", changes to the retention periods of data according to the purposes, as required by the protection authority. When the data concerns a visit, the information collected is "very precise" and kept longer (12 months). Otherwise, the accuracy is lower (geolocation over a 100 meters by 100 meters zone, against 500×500 before). the reduced shelf life (30 days for the raw data, then these are "degraded" in the form of a statistical aggregation). Compliance is therefore a priori guaranteed. Publishers must now update the SDK to their applications and legally collect the consent. No data will be collected without this consent, which means no remuneration for publishers who do not apply it. "If you have not seen this banner and have not accepted the consent, we do not collect the data. data "ensures Alexandra Chiaramonti. What to restore trust or press articles and the notice will leave traces and the image of a company with little concern for privacy In the United States, a society whose practices can be compared to those TeMo or Fidzup, InMobi, was sanctioned in 2016 by the FTC – even as the US legislation on personal data is more flexible. This decision, mediated in the sector, could have alerted other companies. Did not these actors enjoy a legal limbo or simply neglect? The leaders of the French company, now also established in the US, defend themselves: "the control of the CNIL took place in October [2017] And, to be honest, they were harassed for a lot of answers, and the day we received the letter of formal notice, we were happy, we said 'finally answers'. " And if Teemo did not react faster, it would be because of "these many unanswered questions." However, the leader ensures that measures were taken even before the formal notice: "as of July 2017, we have updated all our contracts with publishers to write in black and white that we must put a banner of consent and update its terms of use (…). "Teemo careless? "We did the best we could" If publishers have followed these contractual arrangements well, the terminology used in the banner has not been satisfactory under the law. The formal notice will have "opened a privileged channel of communication with the CNIL" and make the necessary changes, according to Teemo, who regrets the lack of prior exchanges – and the decision of the CNIL to make public Teemo denies any concern for confidentiality and declares that it hired a data protection officer (DPO) in January and makes representations to a private organization to conduct an external audit and is certified as compliant. . "We did the best we could, and unfortunately we did not always have the answers we would have liked." The company now believes the regulatory framework is clear and allows it to work. App publishers can come back. Including on iOS? Apple has decided in May to remove geolocation applications, including Teemo, but also apps incorporating SDK collecting this data. But for Alexandra Chiaramonti, it is a business decision, like that of not accepting cookies. third, and not a questioning of the legality of a business model. Apple strives to differentiate itself from its competitors, especially Google, on the issue of data privacy. "It's a choice of Apple and free for them to operate as they wish." Will the firm choose to allow these apps to re-enter the Apple Store again? Impossible to say today. Teemo nevertheless ensures that it can operate with the only data from Android devices (80% of the smartphone market and 80% of the data it collected previously). A business that has had "the merit of cleaning up the market" But the immediate news Teemo is the recovery of activity. "Today we are the only ones to have this stamp of the Cnil and I am happy to be able to return to see the publishers.We have gained some assurance to demand that this banner and only this one is implemented. tell them that I could not pay them until they did, which was not necessarily easy before. "Something bad is good, and Alexandra Chiaramonti hopes that" advertising all these things will have clarified the speech and will have the merit of cleaning up this market.I think this will help restore confidence (…) If we work with us, it is in the legality.We know exactly what to do to be in compliance, and normally this avoids any doubts or suspicions about the legality of the activity. "But the intervention of the CNIL could also encourage publishers and other actors exploiting personal data collected via mobile apps. obiles, through or not SDK, to ask the question of the (co) responsibility of treatments, transparency, consent and its collection in a compliant way. Many publishers today share data of their users with third parties, for example for advertising purposes, without explicitly informing them before installation on the terminal and legally obtaining their consent? The ecosystem must certainly move towards greater transparency. A real cultural change.

Leave a Reply

Your email address will not be published. Required fields are marked *