FTC Report Slams Geolocation Data Use But Is Otherwise Retail-Friendly
Written by Evan SchumanFor retailers thinking about ways to use mobile data, the U.S. Federal Trade Commission on March 26 made things slightly more difficult. Mobile geolocation information has now officially been categorized as “sensitive data,” right alongside medical records, info about children and Social Security numbers.
That means the government will ask for—and Congress might insist on—extensive additional limits on using and even collecting such data. If a chain is going to collect specific geolocation data, the retailer needs to do more than inform those shoppers, said Peder Magee, an attorney in the FTC’s division of Privacy and Identity Protection. “You need to ask for permission,” he said.
Other than placing tempting geolocation info in the sensitive category and stressing that focusing on any one shopper—even if that shopper is never associated with a name—is also discouraged, the report was actually quite supportive of current retail CRM practices. Contrary to some reports, the FTC didn’t propose that retailers delete data right after a transaction or that shoppers need to be able to see what data a retailer has about them.
The government report did come down heavily on data brokers—which is nothing new—but it acknowledged that retailers have a right to collect CRM data and that such chains should be exempt from additional hardships. “Companies do not need to provide choice before collecting and using consumers’ data for practices that are consistent with the context of the transaction, consistent with the company’s relationship with the consumer,” which Magee said was referencing the typical retailer-shopper relationship.
“We treat differently the one-on-one relationships with a retailer. That’s more transparent, obvious, intuitive,” he said.
The report offered a few examples, referring to “choice” when it was referencing the obligation of a retailer to give shoppers the choice of whether or not such data can be captured. “The Commission has previously noted that online retailers and services such as Amazon.com and Netflix need not provide choice when making product recommendations based on prior purchases. Thus, if Amazon.com were to recommend a book related to health or financial issues based on a prior purchase on the site, it need not provide choice,” the report said. “However, if a health Web site is designed to target people with particular medical conditions, that site should seek affirmative express consent when marketing to consumers.”
The report also shared retailer concerns about the practical and pragmatic aspects of getting permission, especially in-store. Several people the commission staff talked with “discussed the offline retail context and noted that cashiers are typically unqualified to communicate privacy information or to discuss data collection and use practices with customers. One commenter further discussed the logistical problems with providing such information at the point of sale, citing consumer concerns about ease of transaction and in-store wait times.”
The report also talked about “the impracticality of offering and obtaining advance consent in an offline mail context, such as a magazine subscription card or catalogue request that a consumer mails to a fulfillment center. In the online context, one commenter expressed concern that ‘pop-up’ choice mechanisms complicate or clutter the user experience, which could lead to choice ‘fatigue.’ Another commenter noted that where data collection occurs automatically, such as in the case of online behavioral advertising, obtaining consent before collection could be impractical.”
The report stressed the need to give retailers a lot of flexibility to deal with privacy concerns in the context of their businesses.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
