Published, November 11, 2025
The dispute between utilizing technical possibilities for retail media and legal requirements protecting consumer integrity has entered a new phase. The arrival of truly digital retail media applications enables real-time interpretation of consumer behavior not just based on historical data. The jury is out now how available sharp real time data points can be materialized without infringing on individual shopper integrity.
“We have seen with our customers and consumer NGO’s that this is a very sensitive topic”, says Iman Nahvi, CEO of Swiss sensorics provider Advertima. “However, limitations and possibilities are difficult to assess theoretically. We believe it requires real life examples to understand fully that sensorics in retail media treat consumer data responsibly. A pilot project is the ideal starting point to understand and calibrate the mutual boundaries”, Nahvi continues.
Since its inception in 2016, Advertima has developed its technology guided by the privacy-by-design principle. To be considered as a “privacy-by-design” stack you need to fulfill several core conditions: No biometric interpretation, No image/video retention, On-device computation, Anonymous output and Aggregated audience signals
In the Advertima case, the company software has deleted the technology’s ability to store images. Pictures with people are considered as personal data and are not stored. The company solves legal requirements by extracting anonymized metadata from the images directly on its Edge AI player in the store. After that the images are deleted immediately and irrevocably. All this happens within 70-100 milliseconds. Not even Advertima has direct access to the images because they simply don’t exist.
“This is the big difference to Online, where loads of personal data are collected. With us, only anonymized, aggregated metadata leaves the edge computer into the cloud”, Nahvi explains. Following this process, the company considers itself as compliant to the European GDPR, the Swiss FADP and all common data protection laws in the world, including the USA.
Especially the EU has installed clear but strict regulations for data governance. The GDPR oversees personal data processing while the EU AI Act layers a risk-based framework for AI systems with phased obligations. ”European law can be difficult to implement in all its details, but we work constantly with incorporating its framework into our solution”, Nahvi comments.
“We have been dealing with legal requirements since our start almost ten years ago. Regarding data protection it is self-evident that we provide a complete governance kit consisting of DPIA templates, records of processing, signage packs, vendor security questionnaires, incident playbooks; regular calibration and audit trails aligned to EU guidance”, Nahvi adds.“
“Finally, we are innovators of the technology and one of our tasks is to spread knowledge to market participants that have entered the game recently. The next opportunity will be our webinar on xx November that will focus on data protection and consumer integrity”, Iman Nahvi concludes.
Webinar: Sensor Technology in Retail – Harness Opportunities, Protect Privacy
Join us on November 19, 2025, 10–11 AM CET to learn how AI-driven sensorics enhance customer experience and ensure data protection.
Glossary
DPIA – Data Protection Impact Assessment
GDPR – General Data Protection Regulation
EU AI act – First regulation on artificial intelligence in four levels: unacceptable, high, limited and minimal (or no) risk
NGO – Non-governmental organisation
