Senator Charles Schumer, Location Analytics Firms Unveil Code Of Conduct For Tracking Shoppers By Cellphones

As companies like Apple and PayPal ramp up their in-store mobile commerce activities, privacy groups, location analytics companies and New York’s U.S. Senator Charles Schumer today unveiled a new code of conduct so that shoppers will clearly know when they are being tracked through their phones in stores, and give them instructions for how to opt out.

Along with the backing of Senator Schumer and the Future of Privacy Forum (FPF), the code of conduct — aimed at the increasingly common practice of data firms collecting information about shoppers based on their cellphone location and what they do on their smartphones when they are in stores — already has gotten the go-ahead from some of the bigger companies in the location analytics space. Those companies include Euclid, iInside (part of WirelessWERX), Mexia Interactive, Nomi, SOLOMO, Radius Networks, Brickstream and Turnstyle Solutions.

Will Smith, CEO, Euclid Analytics; Jim Riesenbach, CEO, iInside (WirelessWERX); Marc Ferrentino, CEO, Nomi and Glenn Tinley, CEO, Mexia Interactive are joining Schumer and the FPF today to make an announcement about the new service at 10.30 in Manhattan’s Columbus Circle (appropriately, outside the big shopping center there).

These companies may not be household names like Google or Apple, but they are large firms that work behind the scenes collecting data and working with other groups to then parse and put that data into action to better target marketing and advertising to consumers (and sometimes you specifically) in the future.

Schumer’s bid to improve consumer transparency in wireless data collection goes back to July, when he presented his case to the Federal Trade Commission and called for action.

“Over the past several months retailers around the country have increasingly been exploring technologies that use a shopper’s unique cell phone ID to follow their movements throughout shopping centers and individual stores. The technology allows shoppers to be tracked throughout a store, allowing a retailer to acquire information about shoppers without their permission,” Schumer wrote at the time in a letter to FTC Chairperson Edith Ramirez. “Retailers do not ever receive affirmative consent from the consumer for this type of tracking, and the only options for a consumer to not be tracked are to turn off their phone’s Wi-Fi, or to leave the phone at home. Geophysical location data about a person is obviously highly sensitive; however, retailers are collecting this information anonymously without consent.”

The practice of tracking consumers using WiFi is not new, nor is it restricted to the world’s biggest ad market (that is, the U.S.). Earlier this year, there was a summer storm of controversy around a practice in London where public recycling bins were being used to record data on people with smartphones who passed them by. The practice has now been stopped.

At issue in this new code of conduct are the times when data collection is tied to a specific user; if it’s anonymised, then it data companies, at least under this code, will be free to continue with their data collection. “Notice does not have to be provided when (1) the information logged is not unique to an individual device or user, or (2) it is promptly aggregated so as not to be unique to a device or user, and individual information is not retained,” the Code notes. “For example, simply logging device types encountered does not require notice, nor does counting the total number of times unspecified mobile devices have been detected by a network. If a company only provides aggregated data to clients but still collects and retains device-level information, this exception will not apply and notice must be provided.”

For those who oppose even anonymous data collection, your foes live to fight another day.

It’s probably a smart move for these companies to jump before they are pushed by regulators to make concessions, and to potentially end up paying fines to consumers who decide to sue them for privacy violations. The big question will be whether Schumer and Co. manage to get consent from others in the ecosystem to play ball as well. Pointedly, there are no retailers listed so far to sign on to the code of conduct, nor any of the big-name tech firms.

Indeed, it seems that Schumer himself realises this is just one move forward in the bigger process for better transparency.

“This is a significant step forward in the quest for consumer privacy,” said Schumer in a statement. “This agreement shows that technology companies, retailers, and consumer advocates can work together in the best interest of the consumer. There is still much more work to be done and I will continue to push for privacy rights to be respected and strengthened, but this represents real progress and I thank the Future Privacy Forum and these tech companies for their hard work hammering out this agreement.”

More to come.