A privacy think tank whose board includes chief privacy officers from such companies as American Express, Nordstrom, and Acxiom has introduced a service that will allow consumers to easily and quickly opt out of mobile location analytics at thousands of retail locations.
Eleven mobile data analytics providers signed on to the Mobile Location Analytics (MLA) Code of Conduct introduced yesterday by the Future of Privacy Forum (FPF), indicating that data collected from active mobile devices in retail locations would be used for aggregate location analytics and not make use of personal information. They also pledged to provide onsite signage telling people how they could opt out of having the Mobile Access Control (MAC) address on their devices included in any collection of data. Among the companies signing on were Aislelabs, Radius Networks, SOLOMO Technology, and Path Intelligence.
One FPF principal views the code as an attempt to head off controversies that might stymie the use of technology in commerce. “My goal throughout my career has been to find a responsible way to support friendly use of business data,” says the group’s executive director Jules Polonetsky, a former CPO at AOL who also served as Commissioner of Consumer Affairs for the City of New York in the late ’90s. “This code is an opportunity for marketers to show consumers they are going to use data in a robust, responsible way,” Polonetsky says. “Most people will not opt out, but there is always going to be a small minority that doesn’t want to be part of any data collection and we want to let those people out.”
Key provisions of the MLA Code of Conduct:
- Data companies are not required to give notice to consumers when logging the latter’s device type or when counting the total number of times unspecified mobile devices have been detected by a network. If a company only provides aggregated data to clients—such as retail traffic patterns—but still collects and retains device-level information, notice must be provided.
- MLA companies that collect location information from mobile devices for the purpose of providing location analytics shall limit the data collected for analysis to information needed to provide analytics services. Personal or unique device information is not to be collected unless it is promptly de-identified or depersonalized, or if the consumer provided consent.
- Code signers must provide consumers with the ability to decline having their mobile devices used to provide retail analytics services.
- MLA companies must set internal policies for data retention and deletion of unique device data and set forth a data retention policy in their privacy notices.
Signing onto the Code does not mean an end to personal data collection in stores. The provisions are trumped by individual mobile users who agree to have their data collected through, for example, retailer loyalty programs. “What we’re saying is that people should take over control of their proximal identities for those retailers they’ve engaged with,” notes Polonetsky. “It’s up to each individual consumer.”
True marketers who spend inordinate sums of money and effort building trust in their brands should be enthusiastic about MLA, says one code signer. “People’s sense of privacy and trust is important; it’s as informal as the relationship you have with your local druggist or grocer,” says Christina Ellwood, VP of marketing for Brickstream, a mobile data analytics company. “Our clients are very supportive overall. They work very hard to build that trust; it’s what loyalty to brand is all about. As a matter of fact, hesitation to use this kind of data is often based on a fear of abrogating this trust.”