It may still be September, but to countless retailers, Halloween is already here. Passing by displays of spooky items while shopping, the ’80s haunted-house music video “Somebody’s Watching Me” comes to mind: “I always feel like somebody’s watching me, and I have no privacy” (yes, Rockwell has attribution, but Michael rocks the chorus).
The paranoid fellow in the video was worried about the IRS and the mailman – how quaint. In today’s world, high on many consumers’ “creepy stuff” lists is the use of mobile technologies by a growing number of retailers to track customers’ movements in their stores.
Mobile tracking by retailers has drawn the attention of the Federal Trade Commission. Last year the FTC hosted a seminar on mobile device tracking. And earlier this year the FTC announced that Nomi Technologies, a company whose technology allows retailers to track consumers’ movements through their stores, agreed to settle charges that it: (1) misled consumers with promises that it would provide an in-store mechanism for consumers to opt out of tracking; and (2) that consumers would be informed when locations were using Nomi’s tracking services.
According to the FTC’s complaint, Nomi placed sensors in its clients’ stores that collect the MAC addresses of consumers’ mobile devices as the devices search for WiFi networks. MAC addresses are unique 12-digit identifiers assigned to individual mobile devices. Nomi allegedly tracked consumers both inside and outside their clients’ stores, capturing the MAC address, device type, date and time the device was observed, and signal strength of consumers’ devices. In reports to clients, Nomi provided aggregated information on how many consumers passed by the store instead of entering, how long consumers stayed in the store, the types of devices used by consumers, how many repeat customers enter a store in a given period, and how many customers had visited another location in a particular chain of stores.
What’s interesting about the Nomi settlement is that the crux was not the propriety of proprietors using mobile tracking, in and of itself, but instead Nomi’s alleged failure to live up to the promises in its privacy policy. Nomi’s privacy policy said that it “pledged to… always allow consumers to opt out of Nomi’s service on its website, as well as at any retailer using Nomi’s technology.” Yes, Nomi did provide an opt-out mechanism on its website, but it failed to make such an option available at the physical location of retailers using Nomi’s service. According to the complaint, consumers were not informed of the tracking taking place in the stores at all.
“It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context,” said Jessica Rich, who heads the FTC’s consumer protection bureau. “If you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them.”
The FTC’s Nomi settlement is yet another reminder to reread your privacy policy and make sure you are honoring the promises you make. Sure, not every industry tracks consumers literally step-by-step the same way a retailer might, but cookies and other information collecting mechanisms are commonplace across industry lines. Specifically, review your privacy policy to make certain that opt-out provisions are adequately addressed (and more importantly, implemented), and that tracking mechanisms are properly disclosed.