There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity
. Fifteen years ago, TV host Jeremy Clarkson tested
an innovative new supercar that could quantify your driving habits. At the time, Clarkson glibly quipped that the car’s technology allowed you to “compare your drive home from work with the drive home last night.” Today, that type of data is regarded as so useful that some companies will give you the technology for free. Of course, if we can quantify driving habits, we can quantify shopping habits. Indeed, by using mobile location analytics, retailers gain valuable insight by comparing a customer’s “checkout dwell time” with the checkout dwell time last night. The problem is that customers are even less eager to be quantified than Clarkson was.
Mobile location analytics (MLA) works by placing sensors inside stores and using them to interact with the Wi-Fi and Bluetooth functions of smartphones. The resulting data is de-personalized and aggregated into analytics that tell retailers about customers’ walking paths, high-traffic areas, the duration and frequency of customer visits, the impact of advertising, and more. Retailers can use this data to help optimize their store layouts, place products, and adjust staffing levels. However, a recent FTC action highlighted the privacy concerns that temper widespread MLA use.
Not surprisingly, consumers generally disapprove of being tracked. A 2014 survey showed that 77% of shoppers disapproved of in-store tracking, and businesses also cite consumer privacy concerns as stalling their adoption of MLA. Currently, the law does not directly protect consumer privacy from the type of data collection used by MLA providers1. Instead, protection for both consumers and businesses comes in the form of privacy policies and codes of conduct that provide consumers notice and choice.
The most prevalent code of conduct is promulgated by the Future of Privacy Forum. In contrast to the Nomi case, participating companies only commit to taking “reasonable steps” to ensure there is in-person signage at stores where MLA is used. More concretely, they commit to providing detailed privacy notices on their websites. They also maintain a centralized procedure for consumers to opt out of MLA across all participating companies, although some groups advocate for an opt-in consent model.
Sean Kilian is an Associate in Locke Lord’s Dallas office. He can be reached at firstname.lastname@example.org.
1 Aside from invasion of privacy torts, theories of legal protection include violations of federal wiretap laws, state unfair business practices statutes, and state constitutional rights to privacy. The Location Privacy Protection Act of 2014, which was not enacted, would have criminalized the collection of a device's geolocation information without the consent of its owner. Additionally, in early 2015, The GPS Act was re-introduced in the House and the Senate. It would criminalize the interception of geolocation information pertaining to another person.