Senator Charles Schumer (D-NY) held a press conference last Sunday in Manhattan and called on the Federal Trade Commission (FTC) to allow consumers to opt out of being tracked while visiting retail stores.
Senator Schumer suggested that the FTC should require retailers to inform consumers about their opt-out option by sending an electronic notice to their smartphones before starting to track them.
Senator Schumer also sent a letter to Edith Ramirez, the FTC chairwoman, asking the FTC to investigate this practice which he called unfair and deceptive.
Indeed, The New York Times reported this month that some brick-and-mortar stores track shoppers during store visits. The article explained how Nordstrom had tested a new technology which allowed the retailer to use Wi-Fi signals to track customers’ shopping habits.
Nordstrom stopped the experience following customers’ complaints, but the department store is not the only retailer interested in these new tracking technologies. American Apparel and Benetton are among retailers tracking their customers inside their stores.
CBS reported that Nordstrom used a company named Euclid for its tracking experiment. The Euclid web site explains how retailers may track consumers. Its system senses consumers’ smartphones when they come into a store and records the “ping” sent to the store’s Wi-Fi systems. The system scrambles the MAC address of each phone by using one-way hashing algorithms, and then data is processed, analyzed, and stored in the cloud, although it is unclear how long. Euclid calls this data “anonymous foot-traffic” and states on its privacy page that “[n]o personally identifiable data is ever collected or used.”
But privacy advocates know that rendering data anonymous may not be a fool-proof way to safeguard the privacy of data subjects. Therefore, it is welcome that Euclid is one of the companies which will participate in a Future of Privacy Forum group to develop best practices for companies in the business of retail location analytics.
Jules Polonetsky, Director of the Future of Privacy Forum, is quoted saying that “[c]ompanies need to ensure they have data protection standards in place to de-identify data, to provide consumers with effective choices to not be tracked and to explain to consumers the purposes for which data is being used.”
It remains to be seen if the issue will be tackled by a set of best practices, regulation, or both.