Wednesday, April 29, 2015
Nomi’s Listen service, established in January 2013, collects mobile phone data, including each phone’s unique 12-digit media access control (MAC) address, which is broadcast when the mobile device connects with or searches for a Wi-Fi network. Nomi compiles reports for retail clients from aggregated mobile phone data. The resulting charts and graphs measure customer traffic patterns, average duration of customer visits, the types of mobile devices customers use, and percentage of repeat visits as well as visits to other locations in a store’s chain. While Nomi cryptographically hashes the MAC addresses it stores, hashed data contains “persistent identifiers” unique to each mobile device that can be tracked across multiple locations. The FTC’s complaint claims that even though Nomi doesn’t store MAC addresses, the service “does store a persistent unique identifier for each mobile device,” and that approximately 9 million unique mobile identifiers were stored between January and September 2013.
The FTC complaint also takes aim at ambiguities in Nomi’s opt-out policy, claiming the following are unfair and deceptive practices that violate the Federal Trade Commission Act:
The FTC complaint is open to commentary during a 30-day review period in which interested parties can contact the FTC and post comments on the agency’s website. Proposed settlement terms mandate that Nomi’s tracking policies must be consistent with its opt-out pledge and policy.
Other settlement provisions include a five-year probation period giving the FTC a chance to respond to “all consumer complaints directed at respondent, or forwarded to respondent by a third party, that relate to the conduct prohibited by this order and any responses to such complaints.”
Subsequent to the FTC, Nomi stated it had proactively adjusted its opt-out pledge, which had been put in place in 2013 when the company was in startup mode. The fact that Nomi no longer promises an opt-out mechanism to consumers is broadly interpreted by legal analysts to mean that the company no longer violates FTC rules and guidelines.
The FTC’s actions have fueled debate in the retail community about appropriate use of technologies that gather data on consumer and human behavior. Many retailers are concerned that opt-out messages might alarm their customers, creating concerns about their privacy.
Nordstrom Inc. participated in a pilot in 2013 with Euclid, a data analytics company that uses iBeacon technology to gather data from consumers’ mobile phones. All Nordstrom test locations had posted signs, advising customers who preferred not to be tracked to turn off their mobile phones.
Savvy consumers who are aware of emerging trends in data analytics may exercise their right to opt out of being tracked by visiting Nomi, Euclid and other data analytics websites and providing all of their mobile device MAC addresses. Payments and retail analysts predict that such opt-out mechanisms, like their annual privacy message predecessors, will be mostly overlooked by consumers.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.