QR codes are back in vogue. And while the technology is helping us all stay COVID-safe, it also raises questions around data collection. In this piece, smrtr general manager product, sales and marketing Steve Millward explains where all your data goes when you scan a QR code.
As Australia continues its emergence out of the COVID-19 lockdown and towards a ‘new normal’, there is one thing we’re all becoming very familiar with.
The use of QR codes has been commonplace across the country as we search for effective contact tracing solutions in recent months and will only increase as Victoria continues to reopen after the state’s prolonged shutdown. NSW made QR codes for hospitality businesses compulsory in November last year.
It’s a movement that has been described as the revival of the QR code (Quick Response code), a technology which has been used intermittently (and often without much lasting success) for the best part of the last decade.
The way in which this venue data can be used to contact trace individuals who might have been exposed to COVID-19 is an example of how data can be used to solve real-world problems.
What data is being collected?
But what actually happens after you scan the black and white QR code and get the ‘green tick’ for entry to these venues?
More often than not, the business will securely store the data and only hand it over to government authorities if there is the need to alert customers of potential exposure to an active COVID-19 case.
As we know, the venues typically ask for basic contact information – and personally identifiable data – including mobile number, email, name and time of visit.
The way this data is stored will also vary, depending on the business. For example, the Service NSW app – which has been downloaded over 3 million times – will only retain customer information for 28 days (which is also the minimum amount of time NSW venues must store this data) and stores all data in a separate, encrypted database.
Privacy vs privacy risk
Much of the data collected through these customer check-ins – particularly all health information – is also protected under the Privacy Act. For businesses bound by the Privacy Act, all health information collected must only be collected with the consent of the individual.
The Privacy Act also stipulates that businesses can not assume that just because it has to collect contact details as part of a COVID Safe Plan, it can use this personal information for other purposes, such as marketing.
Despite these protections, the revitalisation has still seen concerns raised by various privacy advocates. UNSW professor of law Graham Greenleaf said the data collected by these QR codes – which includes full name, email, phone number, date and time of entry – is “solid gold” for data aggregators.
The commercial use of QR codes shows that privacy risks are always present. There is always a chance – albeit a small one – that this data could end up in the wrong hands and user privacy will be compromised.
For most users, however, the risk associated with using these QR codes is outweighed by the upside – the opportunity to eat, drink and socialise.
The fact is, in a digitally connected society, privacy risks are unavoidable. The best thing we can do is minimise these risks through strong data protection frameworks, encourage greater consumer awareness of data ownership and an ethical approach to data sharing.
Use of QR codes going forward?
So are QR codes back for good? We are already seeing the technology be used more prevalently in marketing campaigns and ecommerce. Given smartphones no longer require users to download an app to scan QR codes (as they used to) it is more than likely the hype will continue.
However, in order to ensure the technology is scaled in a privacy-focused way, developers will have to include transparency controls to show exactly what data is being collected. One possible solution here could be the use of data labels, which have emerged in recent times as a way to show exactly what data is contained within audience data segments.
At smrtr, we work to ensure we are compliant with all privacy regulations and help our partners create ethical and privacy-focused data strategies.
If you’d like to learn more please, contact us and we’ll be in touch within the next business day.
Please login with linkedin to commentqr codes
In an interview with Mindshare’s Katie Rigg-Smith, recently returned Australian CMO Brent Smart said advertising lacks enough emotional storytelling, and that marketers lack the support of their organisations to brand build in the long term. Smart is the chief marketing officer at Insurance Australia Group, a position he moved to after returning to Australia from […]
Media strategy specialist Slingshot has won the strategy, planning and buying account for Masterpet, and Endeavour Consumer Health. Masterpet owns pet care brands Black Hawk, VitaPet and Aristopet, while Endeavour Consumer Health includes brands like Red Seal, Pharmacy Choice and Faulding. Slingshot CIO and Partner Simon Corbett (pictured) said that winning the two businesses was […]
Leading South Australian ageing care provider ECH (Enabling Confidence at Home) is shining a light on the need for Australians to talk openly about death with their family members and loved ones to ensure any specific wishes or choices can be fulfilled. Australia faces a significant societal challenge as death continues to be a subject […]
Introducing The Zavy Social Scoreboard You might have noticed a colourful scoreboard sitting on the B&T homepage this month. Well, allow us to formally introduce ourselves – and it. We’re Zavy. And we believe in the promise of social media: brand building by two-way engagement and rich communication. What does this have […]