POSTED BY Lloyd Chebaclo
Although the growing awareness of the NSA’s expansive domestic and international surveillance program may inure you to any further notions of invasions of electronic privacy, whenever you take advantage of the free Wi-Fi perks at your local brick and mortar stores, consider that you may be awash in retailers tracking you too. Most consumers are savvy at this point about being tracked with respect to online purchases on Amazon, for example, but they may be surprised to learn that merely using the internet on their smartphones in a store may subject them to the watchful eye of the likes of Nordstrom, and Home Depot for example. RT.com looked at this phenomenon in its July 15 article, as did the New York Times.
Nordstrom has apparently stopped using this tracking system, which utilizes sensors, namely a product by Euclid Analytics used to “measure and optimize foot-traffic, visit duration, and repeat shopping.” According to Euclid’s website, they market to clients ranging from fast food restaurants (so-called “QSRs” or Quick Service Restaurants), coffee shops, specialty retail stores, and department stores. The sensors themselves are the size of a deck of cards and cover up to 24,000 square feet. The data on the customer is generated by the pings smartphones send, including the phone’s unique media access control or MAC address, as they search for Wi-Fi networks nearby. The site goes on to say that the company scrambles each MAC address using a one-way hashing algorithm for privacy purposes.
Stores who take advantage of this tool gather information about how long an individual shopper lingers in their establishment, track their number of visits to the store, and purchase history, among other details.
It’s not unusual for a cashier to request your email address at stores these days, and in that case the customer cannot be terribly surprised that not only do they get coupons and advertisements from the retailer who collects the address, but solicitations other third party sellers as well. With smartphone tracking in stores, retailers are being even more proactive, trying to capitalize even on the seemingly passive customer that walks in their doors without making a purchase.
Is there a privacy issue here? Does the consumer, for example have a reasonable expectation of privacy in their data, their internet surfing, their purchase history at the store, their locational data, after they join the store’s Wi-Fi network? A consumer might have a subjective expectation that they have some privacy in these activities, but legally there is likely no reasonable expectation of privacy there as the consumer is using a third party’s server to access the internet.
Is this practice something that is also implicit in the privacy policies that some stores may have on their page when you access their Wi-Fi that the carefree consumer does not peruse before enjoying the Wi-Fi? If the consumer knowingly consents, there would no longer be an expectation of privacy, though perhaps there is some argument that an average consumer will log on and glaze over the legalese that might bear the language forming the basis of their consent, bound by a sort of contract of adhesion in the terms of use and privacy policy they skirt as they access the network. Looking at Euclid Analytics’ website, it seems that a person can opt-out of this tracking by entering their MAC address on their website—so by default if you are using the Wi-Fi in one of their clients’ stores, you’re on their radar.
Android Wi-Fi has faced a class action lawsuit from similar practices involving the use of its customers’ data when they use locational services, which the company supposedly went ahead and sent to Google. Perhaps the outcome of that type of case will help determine in part whether or not retailers could face losing battles in court for Wi-Fi tracking in stores. Customers could probably feel better about this sort of tracking provided some clear notice, such as a clear display in retail store windows where such sensors are in use, and a friendly alert on your smartphone triggered by joining that retailer’s Wi-Fi network with an opt-out option as that arises. Some simply argue that the cleanest way to opt-out is to shut off your phone and take the battery out when you frequent these stores—which, incidentally, I don’t imagine is the most attractive option for the average consumer.
Journal of High Technology Law 