Copywriter, technical writer, translator (FR>EN, ES>EN, IT>EN), journalist

Beacon technology finding footing in Canada

Smartphone-toting film, music and technology fanatics who converged on Austin, Texas, in March for South by Southwest (SXSW) got to connect with the festival and each other a little better than in previous years.

The SXSW Go mobile app responded to more than 1,000 beacons deployed at event venues in order to facilitate meet-ups, guide people to venues and generally involve them in the event like never before.

Such emerging beacon technologies are spreading to Canada, and experts are predicting the ways they might be affected by Canadian law. Hint: much of the law that affects beacons today centres around the smartphone apps that receive their signals.

The basics of beacons

Radio beacons are no longer just emergency radio transmitters. Low-energy Bluetooth beacons repeatedly transmit a set signal within a limited range. When signals hit Bluetooth-enabled smartphones whose owners have installed compatible apps, the apps react in pre-programmed ways.

Beacons in business

Beacons show promise in many applications beyond events like SXSW. Theme parks use beacons to provide location-specific information. Travelers might receive travel information in public transit or airport facilities.

Retail may represent the biggest looming deployment of beacons. Apple’s store-based iBeacons trigger the Apple Store app on customer iOS devices to provide various services. Location-based transmitters in big box stores can help customers navigate aisles and send them coupons for nearby products.

“We see estimates of 30 to 40 per cent of retailers looking at beacons,” says Doug Thompson, Toronto-based CEO of smart beacon consultancy dot3 Ltd.

Potential beacon pitfalls

But many businesses have cold feet. They don’t want to up the “creep factor” like that shown in scenes from the dystopian 2002 film Minority Report in which “active ads” assail protagonist John Anderton as he strides through a mall. Retailers also don’t want to annoy customers the way Wi-Fi-based systems did several years ago.

“Retailers were reluctant to deploy beacons until they could understand how consumers would react to the devices,” Thompson says. He figures fears of surveillance have subsided since more people now understand: beacons merely broadcast signals, and people can turn beacon detection off.

Technical note: Beacons themselves don’t collect data. They can, however, trigger apps that do. Smartphone owners can avoid unwanted beacon-triggered interactions by removing beacon-triggered apps from their mobile devices, or turning Bluetooth off.

Privacy and spam

Much of the risk in beacon deployment will likely stem from privacy concerns. Well aware that companies want to track and collect consumer behaviour for a variety of purposes, privacy-aware shoppers might complain about beacon-based marketing efforts.

The Canadian anti-spam law (CASL) might apply should beacons trigger apps to deliver commercial electronic messages.

“CEMs are defined broadly under CASL,” says Roland Hung, a Calgary-based associate in McCarthy Tétrault’s litigation group.

Hung recommends developers use consent forms that “pop up” when people first open their beacon-triggered apps. He also advises against “function creep,” which happens when developers collect more information than what they list in the original consent notice, or use collected data in ways that the notice doesn’t cover. (An added wrinkle: developers whose apps share information with other platforms may need to review what’s shared.)

Thompson figures developers face a catch-22.

“In mobile, it tends to be easier for permission layers to be less robust than they are on other platforms,” he says, noting that developers face enough obstacles onboarding users for their apps without making them face multiple screens of terms and conditions. “People might rather delete an app” than read through lengthy legalese, he says.

Transit systems, educational institutions and other public organizations must heed public sector privacy laws should they choose to deploy beacons. Tamara Hunter points out the prohibition against storing personal information outside of Canada.

“This has created practical difficulties for public bodies,” says the Vancouver-based leader of Davis LLP’s privacy law compliance group.

American companies produce disproportionately large amounts of the world’s leading-edge technology. It’s often cloud-based and required servers aren’t always situated outside the United States. Hunter notes that well-financed clients can arrange Canadian-based servers for choice cloud applications, but “I’ve dealt with smaller public bodies that don’t have that kind of purchasing power.”

Hijacking a beacon

Thompson wonders about the possibility of beacon hijacking, or spoofing. “In theory, I could use beacons in store X to trigger an app for competitor store Y,” Thompson explains. “I could stand next to a beacon and broadcast ‘don’t buy that here, go buy that at store Y for a better deal.’”

Thompson wonders: “It’s a radio signal. It’s not encrypted. It’s just broadcasting to the world. Who owns that radio spectrum?” Presuming Store X adds beacons, it might want to secure the beacon network to prevent rivals from stealing customers and to avoid the need for legal action.

Should a competitor hijack or spoof beacons, legal action could be related to privacy, defamation, consumer protection, even the federal Competition Act.

The “creep factor” and consumer annoyance could foreseeably increase the probability of people slapping beacon-deploying businesses with legal complaints. Hunter has seen privacy law complaints driven by reasons other than privacy concerns, so she advises businesses not to give people “other reasons” to complain.

“I could see consumers getting really fed up with notifications every time they walk into a store,” Hunter says. “Beacons will only work if people get useful information, not just a flood of messages.”

Smart beacon deployment

She advises beacon deployers go further than simply complying with the law; they must also provide offers that are valuable to consumers.

Hung concurs. He figures good business practices can prevent legal headaches, so organizations can prevent privacy, surveillance and other potential beacon-related legal concerns by clearly communicating what their apps and beacons do. He recommends developers read the Privacy Commissioner of Canada’s recently published two-page tip sheet Ten Tips for Communicating Privacy Practices to Your App’s Users.

Big Brother-style concerns notwithstanding, beacons are coming. Beacon technology will also evolve. Thompson notes mesh networking, where beacons may communicate with each other, as a possible next step.

New beacon-related legal developments can’t be far behind.

This article originally published in Lawyers Weekly Magazine. To view the print version, click here.