Mar 14

Embedding Getty Images: Free or a Trojan Horse?

Getty Images, one of the big players in image licensing, recently announced that it allows free embedding of about 35 million pictures in its database. “Free” in the sense that you do not need to pay a licence-fee to Getty to use the images. But, really free? No. There are a few catches. But first, how does embedding a picture work?

How does it work?
It is really simple. You can search Getty’s database and click on the embed-button (“</>”) when you find a picture that you would like to use. You are then presented with a small piece of HTML-code that you can copy and paste into your website’s code. Below you find an example of an embedded picture. A nice pic of an early morning in the Italian Alps, made by Giorgio Fochesato, clearly sponsored by “gettyimages”:

In an article in the British Journal of Photography, Getty’s policy change towards free non-commercial use is explained by Craig Peters, senior vice president of business development:

“We’re really starting to see the extent of online infringement. […] In essence, everybody today is a publisher thanks to social media and self-publishing platforms. And it’s incredibly easy to find content online and simply right-click to utilise it.”

Getty’s solution is an embed-tool that enables to freely embed Getty images for non-commercial purposes. That of course seems like great news for bloggers and others that want to spice up their websites with nice pictures. Honestly, this blog looks a lot better with pictures on it, doesn’t it?

The conditions for use
The conditions for use of Getty’s images can be found in Getty’s terms. Images may only be used “for editorial purposes (meaning relating to events that are newsworthy or of public interest).”

Images may not be used “(a) for any commercial purpose (for example, in advertising, promotions or merchandising) or to suggest endorsement or sponsorship; (b) in violation of any stated restriction; (c) in a defamatory, pornographic or otherwise unlawful manner; or (d) outside of the context of the Embedded Viewer.”

What is commercial use?
Commercial use seems the be most important bar to use of Getty’s images. The difficulty is of course: how does one define commercial use in this context? Is use on a blog that generates some revenue through advertising commercial use? And what about a big news website? According to Getty Images, both parties would be allowed to freely embed pictures:

“Blogs that draw revenues from Google Ads will still be able to use the Getty Images embed player at no cost. “We would not consider this commercial use,” says Peters. “The fact today that a website is generating revenue would not limit the use of the embed. What would limit that use is if they used our imagery to promote a service, a product or their business. They would need to get a license.” A spokeswoman for Getty Images confirms to BJP that editorial websites, from The New York Times to Buzzfeed, will also be able to use the embed feature as long as images are used in an editorial context.”

Getty thus seems to allow everyone who writes in an “editorial context” to use the Getty images. That is quite revolutionary!

Where is the catch?
Well, there are a few catches. When you embed a picture, you literately import a webpage stored at Getty’s servers into your own webpage. In essence, this means that Getty stays in control over its content. If Getty changes anything to these picture-pages, your webpage automatically changes too. For instance, in its terms, Getty reserves the right to “in its sole discretion to remove Getty Images Content from the Embedded Viewer.” Getty may thus remove pictures from your webpage without you even noticing it.

Getty does not only stay in control of its own content, it also gains control over the content on your webpage. From Getty’s terms:

“Getty Images (or third parties acting on its behalf) may collect data related to use of the Embedded Viewer and embedded Getty Images Content, and reserves the right to place advertisements in the Embedded Viewer or otherwise monetize its use without any compensation to you.”

By embedding Getty’s pictures, you allow Getty to display advertisements on the embedded part in your webpage. And worse, Getty may “monetize” use of the embed-tool, which of course predicts little about what Getty will actualy put on your site. While, as of now there may be no advertisements on top or around embedded pictures, there may be in the near future:

“Getty Images will also look to draw additional revenues from its player through advertising. “We reserve the right to monetise that footprint,” Peters explains. “YouTube implemented a very similar capability, which allows people to embed videos on a website, with the company generating revenue by serving advertising on that video.” And while Getty Images has yet to determine how these ads will appear, Peters is confident that this capability will be introduced in the near future.”

But there is more. From the above outtake from Getty’s terms, it also becomes clear that Getty, or others on behalf of Getty, may collect data from your website. That points in the direction of a new business for Getty: with its embedding tool, Getty hopes to jump on the data collection train. With every embedded picture on a webpage, Getty has a beacon on that webpage that allows it to receive “data related to use of the Embedded Viewer and embedded Getty Images Content”, including data on visitors of your website. That is of course a vague description of the data that Getty could gather, which makes the privacy-implications of embedding Getty images hard to predict. Getty could collect only innocent data on for instant how many times an image is used, but it could also bring Getty closer to building a Googlesque database on internet use. Either way, one thus better updates his privacy policy to inform his vistors when allowing in this possible trojan horse.

Jul 12

Open Data and Privacy: Two Sides of the Same Coin

I’ve written on open data and privacy before here and here. The release of large amounts of public open data require a serious analysis of the privacy-risks. The more data that is out there, the easier it becomes to de-anonymize and de-aggregate the data. Think first, then act. In the Netherlands, a serious analysis of the impact of open data policy on privacy is still lacking.

In the UK, there seems to be a greater awareness of how the release of large amounts of public data could have a negative effect on privacy. Information commissioner Christopher Graham on the issue:

The Information Commissioner’s Office (ICO) has been closely engaged with the Cabinet Office in its work on this, Graham says. And he is glad that the ICO’s role is being recognised and some of the areas where it believes caution is required are being addressed.

They include the anonymisation of data where, Graham says, there is a lot of work still to be done. His office is currently consulting on a draft code of practice on anonymisation and it is tendering for a contract to set up a ‘good practice network’ for anonymisation, intended to develop expertise and spread good practice.

“It’s important to get this right, because there’s a view that anonymisation is a mirage, and that through two bits of information you can always work out who the individual is,” Graham says.

“We think that concern is overdone, in the sense that where things have gone wrong, research shows that it’s because a basic step hasn’t been taken.” (Source: The Guardian)

This greater awareness can be explained partly by the fact that in the UK, the promotion of access to official information and protection of personal information are both tasks of the Information Commissioner’s Office, whereas in the Netherlands, these tasks are separated. Freedom of information and open data are promoted by the the Ministry of the Interior, and data protection is a task of the Dutch Data Protection Agency.

Also in the UK Cabinet Office’s open data white paper, attention is paid to privacy:

We are announcing the appointment of a privacy expert to the Public Sector Transparency Board to make sure we bring in the latest expertise on privacy measures. More broadly, we’re making sure that privacy experts are brought into all sector panel discussions across Whitehall when data releases are being considered. […]

Therefore privacy is not to be considered as an afterthought. Privacy issues will be considered alongside transparency at the beginning of all discussions concerning the release of a new dataset, which is why we are appointing a privacy expert to the Public Sector Transparency Board. This appointment is one of the key recommendations of the O’Hara report.

Open data and privacy are two sides of the same coin. They need an integrated policy. I hope this gets through to the Dutch open data movement soon.

Apr 12

Some more thoughts on open data and privacy

Together with Bastiaan van Loenen, I wrote an article on open data policies and privacy: Brave New Open Data World?. The article is published in the International Journal of Spatial Data Infrastructures Research, volume 7 (2012). Feel free to contact me if you have any comments or questions. The article will be presented during the GSDI World Conference in Québec City, Canada.

There is a growing tendency to release all sorts of data on the Internet. The greater availability of interoperable public data catalyses secondary use of such data, which leads to growth of information industries and better government transparency. Open data policies may at the same time be in conflict with the individual’s right to information privacy as protected by the EU Data Protection Directive. This directive sets rules to the processing of personal data. Technological developments and the increasing amount of publicly available data are, however, blurring the lines between non-personal and personal data. Open data does not seem to be personal data on first glance because it is anonymised or aggregated. However, it may become personal data by combining it with other publicly available data. In this article, we argue that these developments extend the reach of EU privacy regulation to open data and may obstruct the implementation of open data policies in the EU.

Update: you can find a Dutch summary of the article at OpenDatarecht.nl