‘Step Forward’ in Consumer Data Protection Still Has Loopholes, Some Privacy Advocates Say
A new code of conduct for in-store data collection via consumers’ mobile devices is a positive step for consumer privacy, but contains major loopholes and enforcement concerns, said privacy advocates, lawmakers and industry analysts interviewed Tuesday. The Future of Privacy Forum -- backed by many location analytics groups -- and Sen. Chuck Schumer, D-N.Y., unveiled the new code (http://bit.ly/1cbMan9) in Manhattan’s Columbus Circle Tuesday. No retailers have signed on to the code. Introducing in-store signs alerting customers to the tracking technology in use and providing opt-out instructions are at the code’s core. Some privacy advocates balked at the default opt-in for some data collection and the code’s limited reach, saying these issues were best handled through legislation.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The code has three main components, said Future of Privacy Forum Executive Director Jules Polonetsky. One, it’s a “commitment to making sure consumers know the technology is being used at stores,” he told us. Two, he said it puts restrictions on data that can be used for “discriminatory purposes.” Three, he said it “promises” companies will get an opt-in if personal information is being used. “Users want a basic one-stop way to say, ‘No thank you,'” Polonetsky said. “We're certainly providing them with that.” The in-store signs will direct shoppers to www.smartstoreprivacy.com, which contains the full code. Schumer called the code a “significant step forward in the quest for consumer privacy."
In-store tracking can be a “useful technology for both consumers and businesses,” Polonetsky said. The information can help retailers reduce check-out waiting times, better arrange a store’s layouts and understand customer shopping habits, according to the code. Technology industry analyst and consultant Jeff Kagan said the technology can also help companies strengthen relationships with customers. “In this case some customers will really like the idea,” Kagan said. “However, many others don’t want their privacy invaded.” The code “will protect customers from invading messages and companies from damaging relationships,” he said.
It’s “doubtful” the code “will truly protect consumers,” said Center for Digital Democracy Executive Director Jeff Chester, saying it has “huge loopholes.” Companies adhering to the code are excepted from giving consumers notice if the data collected is “promptly aggregated so as not to be unique to a device or user, and individual information is not retained,” the code read. Chester said that “even when data is aggregated, it can still be used for profile-based targeting and analysis.”
The code’s voluntary nature is also concerning, said David Jacobs, Electronic Privacy Information Center consumer protection counsel. While his reaction was “mixed” since “parts of the code, such as data minimization, will benefit consumers,” the code “also illustrates the flaws with self-regulation as opposed to comprehensive privacy legislation,” he said. Not only do companies not have to sign up, the code applies only to tracking in retail stores. “Consumers are tracked everywhere, not just in stores,” said Jacobs. Legislation based on the White House’s Consumer Privacy Bill of Rights would be more effective, he said. Location analytics companies involved in the working group to create the code were Euclid, WirelessWerx, Mexia Interactive, Solomo, Radius Networks, Brickstream and Turnstyle Solutions.
The code isn’t meant to be comprehensive, Polonetsky said. “We haven’t solved all location privacy issues; this is one important niche.” Schumer agreed, saying, “There is still much more work to be done and I will continue to push for privacy rights to be respected and strengthened.” He said he believes now that the framework is in place, retailers will soon start signing on.
That continued work might include the FTC, Polonetsky said. The mobile location analytics code drafting process included the agency’s input, and was spurred by two letters Schumer wrote the commission about the issue, one in 2011, another in July of this year (http://1.usa.gov/1eba95B), Polonetsky said. The working group briefed the FTC on the code and included the agency’s input in the final draft, he said. FTC Consumer Protection Bureau Director Jessica Rich applauded the working group’s participants for responding to “consumer concerns about invisible tracking in retail spaces,” calling it a “positive step” forward in self-regulation. “Our staff appreciated the opportunity to provide feedback in the process of creating the code,” said Rich. “This is a rapidly changing industry with critical consumer privacy implications, and the FTC is paying close attention how retailers are using these new technologies."
The FTC’s Nov. 19 Internet of Things workshop might be the next major “conversation” about future steps to ensure consumer privacy, Polonetsky said. “We expect this is something that might be debated and discussed there,” he said. “We're certainly optimistic.” (cbennett@warren-news.com)