The Federal Trade Commission (FTC) and Nomi Technologies reached a settlement after charges the company implemented deceptive opt-out agreement. Nomi, which makes it possible for retailers to track the movements of consumers through their stores failed to follow promises made pertaining to a privacy policy.
As outlined in the FTC complaint, under Nomi’s guidelines the company would establish an opt-out option for stores where tracking is used. With this, customers are to be advised of where the technology is being used. However, the company did not follow through on that promise by failing to caution shoppers. In addition, for customers who did not want to be tracked Nomi did not provide an in-store opt-out mechanism.
In just the first nine months of 2013 alone, information from roughly nine million mobile devices was collected. When dealing with emerging technologies, it is critical for companies to keep promises to consumers when it comes to privacy.
As stated by Jessica Rich, director of FTC’s Bureau of Consumer Protection, if a consumers is told there are choices about privacy then all of those choices need to be made available.
Nomi’s tracking system consists of sensors being placed in stores whereby the 12-digit MAC address of every mobile device entering the store is obtained. In addition, the sensor conducts a search for a Wi-Fi network.
Nomi Technologies claims the addresses are hashed before being stored. However, each cell phone’s unique identifier remains accessible, which means over time it can still be tracked. According to the FTC, this is exactly what Nomi did. Through the system, consumers were tracked both inside and outside of clients’ stores, which included tracking of the MAC address, signal strength, device type, and other forms of data.
Once the information was collected, details were distributed through client reports. Instead of showing the number of people who entered the store, length of time inside, types of mobile devices used, number of repeat customers, and number of visitors that went to another location, the report highlighted the number of people who passed by the store.
While this was going on, Nomi maintained a privacy policy that clearly stated the company pledged to always allow consumers to opt out of the service by going through the website. The policy also stated that consumers had the right to opt out of any retailer using Nomi’s tracking technology.
Although this opt-out mechanism is offered through Nomi’s website, it is not an option at all participating stores. Making things worse, consumers were never advised that tracking was even occurring. While Nomi agreed, the company also said it would make a change to the current system.
According to the terms of the new agreement with the FTC, Nomi cannot ever misrepresent options for consumers by controlling information. In addition, Nomi cannot restrict the extent to which people are advised about practices of tracking.
While the complaint against Nomi Technologies is significant, this is the first time the FTC has had a problem with the company. In the first part of April, Microsoft released a statement that it would no longer enable the “Do not Track” for Internet Explorer by default. In other words, users are required to turn the option on manually in order for cross-site tracking by third-parties to be avoided.
Another company that has been in the spotlight specific to consumer tracking is Facebook. This company placed blame on a bug for the accidental tracking of non-users who went to third-party sites that have an embedded Facebook “Like” button. Since this came to light, the issue has been corrected.