Are You Tracking Customers In Your Stores? The FTC May Have Something To Say About That

Published On February 25, 2014 | By Dan Sachs | Data Security, FTC & State AG, General, Litigation, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On February 19, the Federal Trade Commission (“FTC”) hosted a seminar on the collection of device identifiers contained in wifi and Bluetooth signals to track people’s movement around stores, shopping malls, airports, and other physical areas.

A representative of the National Retail Federation said retailers are interested in using mobile location tracking for loss prevention and improving the customer experience, which are similar to the practices considered “internal operations” under the COPPA Rule and self-regulatory codes of conduct, and therefore exempt from certain notice and consent requirements. It appears that the retail industry will resist any notice or choice obligations for such practices, which the industry sees as consistent with the expectations of consumers.

Several analytics companies that provide retailers with non-identifiable, aggregate statistical information about consumers’ movements around their stores have voluntarily adopted the Future of Privacy Forum’s Mobile Location Analytics Code of Conduct, which includes notice requirements and a global opt-out from tracking. The code participants are working to develop signage and visual cues to inform consumers about such tracking, including an AdChoices–esque icon that is used to provide notice and choice to consumers concerning targeted online advertising practices.

Seminar participants suggested that there might be greater privacy concerns and notice/consent obligations if companies create profiles based on mobile tracking information or merge mobile tracking information with other information about consumers (like web browsing history or information from social media profiles), but it is unclear how widely deployed such practices are and no companies engaging in such practices participated in the seminar.

The panelists disagreed about the value of hashing device identifiers and, assuming location information tied to device identifiers was accessed, how readily the device identifiers could be linked to individuals.

While the FTC Staff moderated, we expect that the Commission will soon provide its position and possibly some guidance on these practices. The FTC’s long-anticipated Big Data report will likely touch on issues such as longitudinal tracking and profiling that may be relevant to companies in the mobile tracking space.

About The Author

Dan Sachs, ZwillGen’s inaugural Fellow, assists ZwillGen attorneys on a broad range of matters, including litigation, investigations, product counseling, regulatory compliance, and policy. Prior to joining the firm, Dan worked at Facebook, where he assisted the Chief Privacy Officer for Policy in responding to federal, state, and international policy developments, engaging with regulators and stakeholders, and advising business units on privacy issues. During law school, Dan was a member of the George Washington Law Review and served as a research assistant to Professor Jeffrey Rosen, focusing on U.S. and international consumer privacy and surveillance issues. He was a legal intern with ZwillGen in the summer of 2012. Dan also worked as a legal intern with the U.S. Attorney’s Office for the District of Columbia.