Did you know that when you visit certain stores, some of your actions may now be tracked! Recently, an increasing number of retail stores are beginning to use WiFi enabled smartphones to track their customers movement within the store. The information being tracked seems innocuous. For example, data collected has included how long a customer is in a given store, which parts of the store the customer visited or whether he or she walked by the store but declined to go inside.
An article appeared in the New York Times last march which profiled a company called Euclid Analytics. They collect mobile location analytics (“MLA”) data for big retailers including Nordstrom and Home Depot. According to the article, between 40% and 60% of users can be tracked by their smartphones in some locations!
The important news from a privacy law standpoint is that many of the big MLA companies have now published a Code of Conduct disclosing this type of collection of customer data, how it will be used and how it will be secured. Upon pressure from some members of Congress, the FTC has been recently asked to investigate whether MLA tracking is an unfair and deceptive trade practice when a retailer fails “to notify shoppers that their movements are being tracked in a store or to give them an opportunity to opt out” of being tracked. Some of the major MLA providers have agreed to abide by this Code of Conduct in light of these concerns, which also applies to their retail clients.
Except in certain cases where data is aggregated or not unique to the individual, companies that utilize MLA technology will be required to notify consumers that their data is being collected and provide information about how the information will be used and about the company collecting it. Companies using MLA technology will also be required to either limit data collection to non-unique or aggregated data, promptly de-identify personal data or obtain the consumer’s prior consent. In other words, your favorite store would have to get your prior consent before it could collect and store any type of mobile unique identifier. Of course, conveniently, the Code does not require consumers to opt-in to being tracked!
Under the Code, companies using MLA that collect unique or personal data will be required to allow consumers to opt-out through a central website that will serve all participating MLA companies. Of course, the Code contains other restrictions limiting the use, transfer and storage of data collected through this type of mobile tracking.
There is no doubt this initial Code of Conduct has been adopted in response to the anticipated FTC determination that MLA practices are in fact deceptive without disclosure. Of course, any unfair or deceptive practice is a violation of Section 5 of the FTC Act. This means that companies employing MLA technology must ensure they use similar guidelines and disclose this practice to its customers. Otherwise, your company runs the risk it will violate the FTC Act and could face some pretty stiff penalties!
If your company is considering using MLA at any of its locations, contact us for more information on how to comply with the FTC Act.
*Image courtesy of stockimages at FreeDigitalPhotos.net