The Marbazzar shopping platform provides data subjects with a 3D avatar feature for virtual try-ons to improve the shopping experience. However, using the features necessarily requires processing personal data, including sensitive data such as body measurements and facial features, but that is what makes the 3D avatar feature uniquely appealing and interactive.
However, this in-depth Data Protection Impact Assessment (DPIA) has shed light on several important issues that can't be ignored. The most significant of these are the inherent risks associated with handling sensitive data types and the technical constraints that make it impossible to delete or restrict this data once it's integrated into the AI algorithms. While Marbazzar has been cautious to collect only the bare minimum of required data and has put top-tier security measures in place, these areas of concern demand additional mitigative actions.
To address these challenges, this DPIA has assessed the risks and made essential recommendations. First on the list is the need for explicit user consent where legal regulations require it. This consent must be informed, meaning that Marbazzar must inform the users about the types of data they are collecting and the associated risks, including the inability to later remove or restrict this data.
Next, Marbazzar must keep processing only the categories of personal data that are absolutely necessary for the services it provides. This means regular audits and reviews of our data collection practices to ensure they align with the principle of data minimization.
Additionally, the commitment to state-of-the-art security must be ongoing. Regular security audits are essential to ensure that our protective measures are both effective and current.
Finally, the privacy policy needs to be as transparent as possible. It should clearly outline how Marbazzar is using, storing, and safeguarding user data, and it should also inform users about their rights and any limitations on those rights, such as the inability to delete or restrict their data.
To sum it up, the 3D avatar feature adds significant value to the Marbazzar experience, but it also introduces specific data protection challenges. By rigorously following the recommendations laid out in this DPIA, Marbazzar can mitigate these risks and continue to offer a service that meets both user expectations and legal requirements.
Marbazzar, Inc. is the data controller that makes decisions on data processing activities.
The processing activity, subject to this DPIA, involves the user voluntarily providing personal data to create a 3D avatar by providing video and photos of themselves. Marbazzar's proprietary AI technology creates a 3D avatar for each user, enabling virtual try-ons of clothes and accessories. The AI not only tracks these try-ons to continuously improve the user's avatar but also refines the general AI model.
The body measurements and the facial features provided by the data subject are further embedded into the AI model. Once trained, the model contains a mathematical representation of the data, but not the data itself.
The personal data embedded into the AI model is almost impossible to extract from the model in order to identify a person. However, there are small data privacy risks that are subject to this assessment.
Upon request or account deletion, the 3D avatar is deleted. The personal data embedded in the AI model cannot be extracted to identify the person, not for deletion of the data.
The General Data Protection Regulation (GDPR) of the European Union clearly requires conducting a Data Protection Impact Assessment in the following cases:
The data processing subject to this DPIA involves the processing of Article 35(3)(a). Furthermore, the EDPB Guidelines on DPIA clarify that DPIA is obligatory where the processing involves:
Processing personal data, including facial features and body measurements by an AI model
Furthermore, the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA) require covered businesses to conduct risk assessments for the processing of sensitive data. Marabazzar is not subject to the US state data privacy laws just yet but has the potential to grow and to become a covered business in the near future.
TBD
The methodology for this Data Protection Impact Assessment (DPIA) was developed through a collaborative effort involving key stakeholders. Petar Todorovski, a data protection consultant from Pragmatic Lab, worked closely with Vadym Antsyferov, Kenneth Fong, and William Kuryshko from Marbazzar, who provided the necessary information and feedback.
The team followed a comprehensive set of guidelines to ensure a thorough and compliant assessment. Specifically, the European Data Protection Board (EDPB) guidelines on DPIA and consent were used as foundational resources. Additionally, the UK Information Commissioner's Office (ICO) guidelines on DPIA provided further insights into best practices. The Standard Data Protection Model by the German Data Protection Agency and the CNIL Guidelines on AI was also consulted to ensure a multi-faceted approach to data protection.
The assessment involved a multi-step process, including the identification of data processing activities, risk analysis, and the development of risk mitigation measures. Marbazzar were consulted to provide a holistic view of data processing activities. The team also engaged in regular meetings and reviews to discuss findings, align recommendations, and ensure that all potential risks were adequately addressed. This collaborative and guideline-driven approach ensured a robust and comprehensive DPIA, aimed at safeguarding the rights and freedoms of data subjects.
High-risk personal data processing involves the processing of facial features and body measurements of data subjects. The data subject uploads their videos and pictures to the AI model, which allows them to create their 3D avatar for virtual try-ons.
The processing, step-by-step, occurs as follows:
Identified risk
Likelihood and severity of the possible harm
Data Security Breaches
- Given the sensitive nature of the data, any security breaches could have severe consequences for the affected individuals.
- This includes the risk of identity theft, fraud, or even potential physical threats if the data falls into the wrong hands.
The data will be stored safely on encrypted (AES256) servers, which is a robust encryption standard. This significantly reduces the risk of unauthorized access to the data if the servers are compromised.
The risk is not solely a technical one but also hinges on user behavior. Even the best encryption can't protect against poor password practices or falling for phishing scams.
Despite strong server-side encryption, the risk of a data breach remains due to the likelihood of weak passwords set by the users.
Young people, who may constitute a significant portion of the user base, are often less aware of best practices for password security.
The demographic of young users may also lack a comprehensive understanding of privacy risks, making them more susceptible to phishing attacks or social engineering tactics.
This increases the risk of unauthorized access to individual accounts, bypassing the server-side encryption.
While Marbazzar takes steps to secure the data at rest, the risk landscape indicates that data security is a shared responsibility between the service provider and the data subjects.
Data subjects’ rights (delete, access, portability)
The body measurements and facial features, once embedded into the AI model, cannot be extracted to identify a person, nor to be deleted.
Therefore, data subjects will not be able to exercise the right to erasure, restrict, or object to the processing.
Children's personal data processing
Marbazzar services are not intended for use by children under the age of 18.
Processing of a child’s personal data by the AI model is possible only by providing false information by the user and without Marbazzar’s knowledge.
Bias in AI Models
- Using facial features and body measurements to train AI models can introduce or perpetuate biases. If the training data isn't diverse, the AI might favor certain body types or facial features over others.
- This can lead to a lack of representation or even discrimination against certain groups of people, undermining the inclusivity of the platform.
The risk of bias is heightened if the training data lacks diversity in terms of ethnicity, age, gender, and body type. A non-diverse dataset can skew the AI model's performance. If biases exist in the training data, the AI model may inadvertently favor certain body types or facial features, leading to algorithmic discrimination against underrepresented groups.
Biased AI models can reinforce harmful stereotypes and social norms, contributing to broader societal issues of discrimination and lack of representation. A lack of diversity in AI models can also have economic implications, as potential market segments may be alienated, affecting profitability.
Data processors’ compliance
Marbazzar holds ultimate responsibility for the data it collects, even when processed by third-party data processors and their subprocessors. Non-compliance on their part can result in Marbazzar being held liable.
If data processors or their subprocessors lack adequate security measures, it increases the risk of data breaches, for which Marbazzar would be held responsible.
Marbazzar needs to ensure that contracts with data processors include clauses that mandate compliance with data protection laws, as well as penalties for non-compliance.
The risk is exacerbated if Marbazzar does not conduct thorough due diligence when selecting data processors and their subprocessors.
Data Retention Concerns:
- If Marbazzar retains the data for longer than necessary, it increases the window of potential misuse or unauthorized access.
- Prolonged retention without a clear purpose can infringe on an individual's right to have their data forgotten.
Retaining data for longer than necessary increases the time frame during which a data breach or unauthorized access could occur, elevating the risk profile. It brings risks without potential benefits.
Indefinite or unclear data retention periods can also erode user trust, as individuals may be concerned about the long-term use or misuse of their personal data.
Over time, retained data may become outdated or inaccurate, leading to potential issues if used for decision-making or AI training.
Marbazzar already has a clear data retention period for each data category in place.
Lack of Transparency:
- If individuals are not fully informed about how their data is used, especially for training AI models, it can lead to a lack of trust and potential GDPR violations.
- The right to be informed is a fundamental GDPR principle, and any lack of clarity can pose risks to individuals' rights.
GDPR requires informed consent, meaning that a privacy notice that is not up-to-date leads to invalid consent.
Therefore, every single change in privacy practices related to the high-risk processing subject of this DPIA must be clearly laid down in the privacy policy or any other notice provided to the data subjects at the consent collection.
Processing personal data based on invalid consent would make the processing of such data invalid and may lead to data deletion.
Impact on Young Adult Mental Health
The use of 3D avatars can amplify existing societal pressures around body image, particularly among vulnerable demographics like children and young adults.
The platform's design may inadvertently create a competitive or comparative environment, exacerbating issues of low self-esteem and self-worth.
The option to share or publicize avatars increases the risk of online bullying and harassment, with potentially severe mental health consequences.
The platform could inadvertently become a space for body-shaming or other forms of online abuse.
Parents may have heightened concerns about the platform's impact on their children's mental health, leading to potential loss of user base and reputational damage.
Likelihood and severity of the possible harm
Risk Mitigation Measures
Data Security Breaches
The data will be stored safely on encrypted (AES256) servers, which is a robust encryption standard. This significantly reduces the risk of unauthorized access to the data if the servers are compromised.
The risk is not solely a technical one but also hinges on user behavior. Even the best encryption can't protect against poor password practices or falling for phishing scams.
Despite strong server-side encryption, the risk of a data breach remains elevated due to the likelihood of weak passwords set by the users.
Young people, who may constitute a significant portion of the user base, are often less aware of best practices for password security.
The demographic of young users may also lack a comprehensive understanding of privacy risks, making them more susceptible to phishing attacks or social engineering tactics.
This increases the risk of unauthorized access to individual accounts, bypassing the server-side encryption.
While Marbazzar takes steps to secure the data at rest, the risk landscape indicates that data security is a shared responsibility between the service provider and the data subjects.
Multi-Factor Authentication (MFA)
- Implement MFA to add an extra layer of security, making it more difficult for unauthorized users to gain access even if they have the password.
Password Strength Checker and Policies
- Implement a password strength checker during the account creation and password change processes to encourage the use of strong passwords.
Regular Security Audits and Penetration Testing
- Regular security audits to identify vulnerabilities and assess the effectiveness of current security measures.
Account Monitoring and Alerts
- Monitor for suspicious account activities and set up automated alerts for multiple failed login attempts or unusual access locations.
Data Minimization and Encryption Key Rotation
- Storing only the essential data needed for creating 3D avatars and refining AI models, reducing the potential impact of a data breach.
- Regularly update the encryption keys for AES256 encrypted servers.
Incident Response Plan
- Develop and regularly update an incident response plan to ensure quick and effective action in case of a data breach.
Regular Updates and Patches
- Keep all systems up-to-date with the latest security patches to minimize vulnerabilities that could be exploited.
Legal Compliance and Documentation
- Ensure all measures are in compliance with data protection laws like GDPR, particularly provisions related to children's data. Maintain thorough documentation for accountability.
Employee training
- Provide employees and contractors with educational materials on data security and data protection. Make sure to inform them about their duties in terms of data breach prevention.
Data subject rights
The body measurements and facial features, once embedded into the AI model, cannot be extracted to identify a person, nor be deleted.
Therefore, data subjects will not be able to exercise the right to erasure, restrict, or object to the processing.
Children data processing
Potential for profiling
Shall be done only upon explicit consent.
It is a strict legal requirement under the GDPR.
Data shall be processed for advertising purposes only upon explicit consent.
Consent shall be recorded.
Bias in AI models
The risk of bias is heightened if the training data lacks diversity in terms of ethnicity, age, gender, and body types. A non-diverse dataset can skew the AI model's performance. If biases exist in the training data, the AI model may inadvertently favor certain body types or facial features, leading to algorithmic discrimination against underrepresented groups.
Biased AI models can reinforce harmful stereotypes and social norms, contributing to broader societal issues of discrimination and lack of representation. A lack of diversity in AI models can also have economic implications, as potential market segments may be alienated, affecting profitability.
Regularly auditing the training data to identify and remove any existing biases. This should be an ongoing process to continuously improve the model.
Implementing a user feedback mechanism to report issues related to bias or discrimination, and use this feedback for continuous improvement.
Conducting tests to evaluate how the AI model performs across different demographic groups, ensuring that it doesn't unfairly favor or discriminate against any particular group.
Regular assessment of the economic impact of the AI model's performance across different market segments to ensure it is not alienating potential users, affecting profitability.
Data Processors Compliance
Marbazzar holds ultimate responsibility for the data it collects, even when processed by third-party data processors and their subprocessors. Non-compliance on their part can result in Marbazzar being held liable.
If data processors or their subprocessors lack adequate security measures, it increases the risk of data breaches, for which Marbazzar would be held responsible.
Marbazzar needs to ensure that contracts with data processors include clauses that mandate compliance with data protection laws, as well as penalties for non-compliance.
The risk is exacerbated if Marbazzar does not conduct thorough due diligence when selecting data processors and their subprocessors.
Marbazzar shall carefully vet all the data processors and their subprocessors.
Conducting thorough due diligence when selecting data processors and their subprocessors, evaluating their data protection measures, compliance history, and reputation.
Having a Data Processing Agreement where all the responsibilities are clearly laid down is essential.
If necessary, Marbazzar shall exercise the right to audit data processors.
Marabazzar shall prefer data processors that are SOC2 and/or ISO27001 certified, processors that are committed to Data Privacy Frameworks where the EU, the UK, or Switzerland are parties, and avoid processors from third countries where the data protection laws are not as strict.
Data Retention
Retaining data for longer than necessary increases the time frame during which a data breach or unauthorized access could occur, elevating the risk profile. It brings risks without potential benefits.
Indefinite or unclear data retention periods can also erode user trust, as individuals may be concerned about the long-term use or misuse of their personal data.
Over time, retained data may become outdated or inaccurate, leading to potential issues if used for decision-making or AI training.
Personal data will be kept only when necessary.
Having in regard that unnecessary data creates only risks without any benefits whatsoever, such data shall be removed from servers.
Data retention periods are already established for each data category processed.
Lack of Transparency
GDPR requires informed consent, meaning that a privacy notice that is not up-to-date leads to invalid consent.
Therefore, every single change in privacy practices related to the high-risk processing subject of this DPIA must be clearly laid down in the privacy policy or any other notice provided to the data subjects at the consent collection.
Processing personal data based on invalid consent would make the processing of such data invalid and may lead to data deletion.
The privacy policy must be up-to-date at any time and reflect the current privacy practices.
The privacy policy already has a separate section dedicated to informing users about AI data processing, which brings heightened transparency toward data subjects.
Marbazzar shall implement appropriate organizational measures to ensure the information flow between decision-makers and the persons responsible for the privacy policy and cookie banner updates.
For example, if Marbazzar starts to process body measurements for advertising purposes, the person making such a decision shall inform the person responsible for the privacy policy, and cookie banner updates for such changes.
Impact on Children and Young Adult Mental Health
The use of 3D avatars can amplify existing societal pressures around body image, particularly among vulnerable demographics like children and young adults.
The platform's design may inadvertently create a competitive or comparative environment, exacerbating issues of low self-esteem and self-worth.
The option to share or publicize avatars increases the risk of online bullying and harassment, with potentially severe mental health consequences.
The platform could inadvertently become a space for body shaming or other forms of online abuse.
Parents may have heightened concerns about the platform's impact on their children's mental health, leading to potential loss of user base and reputational damage.
Using the 3D avatars, after all, is the responsibility of the data subjects. Marbazzar cannot influence the societal and personal beliefs around body image.
Marbazzar shall closely follow the developments of risks associated with body image of users, provide links to mental health resources and offer in-platform support for users who may be experiencing emotional or psychological distress, and if necessary, revisit the platform's design elements to minimize features that encourage comparison or competition based on physical appearance.
Research in 2022 indicates that Gen Z, particularly those who are daily users of Snapchat, are significantly influencing how we communicate and shop, largely through the use of Augmented Reality (AR). The study, conducted in partnership with Crowd DNA, surveyed 19,000 people across 16 markets and focused on four key areas: identity, communication, commerce, and connection.
Gen Z values authenticity and is pushing for a more transparent online life. They are leading a shift towards more visual forms of communication, with 95% having used some form of visual messaging. When it comes to shopping, Gen Z prefers immersive experiences and often consults friends and family via Snapchat before making a purchase. AR is playing a crucial role in this, making shopping more convenient and social. Nearly half of Gen Z respondents said that using AR helps them feel more connected to brands.
The study suggests that brands looking to engage with this demographic should focus on these values and trends to build stronger relationships and offer more interactive and meaningful experiences.
The June 2023 Global Consumer Insights Pulse Survey emphasizes the importance for companies to empower consumers by providing them with the necessary tools and information for decision-making, including augmented reality and artificial intelligence.
Shopping platforms like Marbazzar are increasingly integrating Augmented Reality (AR) and Artificial Intelligence (AI) tools to offer consumers a more immersive and interactive shopping experience. These technologies can provide virtual try-ons, personalized recommendations, and even AI-driven customer service, enhancing the overall user experience and potentially boosting sales.
However, the use of such advanced technologies comes with its own set of challenges, particularly concerning data privacy. Consumers, while keen on personalized and immersive experiences, may not be fully aware of the extent to which their data is being collected, stored, and potentially shared. This lack of awareness can be problematic, especially considering the stringent data protection laws in place.
Regulations like the European Union's General Data Protection Regulation (EU GDPR), California's Consumer Privacy Act (CCPA), and various other state-level consumer privacy laws in the United States mandate that businesses conduct thorough risk assessments before engaging in high-risk data processing activities.
Consumers know how they want to shop online, but they are not always aware of the privacy concerns. That’s why the laws require businesses to take privacy into account.
Taking into account the privacy risks related to the data processing of the AI and AR tool, alternatives to the data processing activities were considered.
However, the existing alternatives cannot provide the immersive and personalized experience that consumers want.
The most recent technological advancements enabled the creation of tools such as the 3D Avatar, and the processing of facial features and body measurements plays a major role in creating such tools.
Therefore, we concluded that the 3D Avatar feature and the high-risk data processing are necessary for providing the expected personalized shopping experience. We also concluded that the 3D avatar shall be provided only with appropriate data protection safeguards.
In order to refine the AI model and to provide users with the best possible user experience, Marbazzar needs to train the AI model with the data available. That also involves the processing of personal data such as body measurements and facial features.
Keeping in mind that the AI model needs to be trained on body measurements and facial features of real people in order to enable the shopping experience the users want, the AI model training is necessary.
The data processing is proportional to the processing purposes only where the minimum amount of personal data is processed to fulfill such purposes.
Marbazzar processes only body measurements and facial features, which are essential for providing the 3D avatar feature and for training the AI model. As a result, we can conclude that Marbazzar processes personal data that is proportional to the processing purposes.
Based on everything analyzed above, the following conclusions can be drawn:
User Demand for 3D Avatar Feature. The strong interest from data subjects in the 3D avatar feature underscores its importance as a value-added service. This demand justifies the need for data processing activities that enable this feature.
Reasonable Expectation of Data Processing. Given the interactive and personalized nature of the 3D avatar feature, data subjects are likely to understand and expect that their personal data, such as body measurements and facial features, will be processed. This expectation aligns with the service's core functionality.
Necessity of Data Processing. The unique selling point of the 3D avatar feature lies in its ability to accurately represent an individual. Therefore, the processing of sensitive data like body measurements and facial features is not just beneficial but necessary for the feature to function as intended.
Risks in Data Processing. While the feature offers significant benefits, it also introduces risks. The most notable is the processing of sensitive biometric data and the technical limitations that prevent the deletion or restriction of this data once it's embedded in the AI model. These risks could potentially infringe on data subjects' rights under data protection laws.
Data Minimization. Marbazzar is committed to the principle of data minimization, ensuring that only the absolute minimum data required for the intended purpose is processed. This approach helps to mitigate risks associated with data storage and processing.
Data Security. Marbazzar employs state-of-the-art data security measures, including encryption and secure data storage solutions, to protect against unauthorized access, data breaches, and other security risks. These measures are designed to safeguard the sensitive data being processed.
To mitigate the existing risks, Marbazzar shall implement the following recommendations:
Explicit User Consent. Marbazzar should not only obtain explicit consent but also ensure that the consent form is transparent and easily understandable. The form should detail the types of data being collected, the purposes for which they will be used, and the specific risks involved, including the inability to delete or restrict data.
Data Minimization. Marbazzar should regularly review its data collection and processing activities to ensure they align with the principle of data minimization. This could involve periodic audits and reassessments to identify any unnecessary data fields that can be eliminated. Furthermore, if the available technology in the future allows, Marbazzar shall consider using technologies that do not require the processing of personal data for the defined purposes.
Regular Security Checks. Routine security audits should be conducted to evaluate the effectiveness of the existing security measures. These audits can identify potential vulnerabilities and ensure that the security measures are up-to-date with the latest best practices in cybersecurity.
Transparency in Privacy Policy. The privacy policy should be comprehensive and transparent, providing clear explanations of how data will be used, stored, and protected. It should also inform users about their rights under data protection laws and the limitations they may face in exercising those rights, such as the inability to delete or restrict data. All the future versions