Evan Schuman's StorefrontBacktalk

Eight months into a controversial customer-tracking mobile trial, Nordstrom (NYSE:JWN) has halted the effort. Although Nordstrom took a lot of criticism for the mostly misunderstood program from consumer media, it’s not clear whether the project ended as a result of the criticism or the trial had simply run its course.

The trial’s purpose was straightforward: to use routine signals coming from shopper’s mobile devices to count how many people showed at Nordstrom and, critically, which were repeat visitors (and, if so, how many times they had previously visited, dates they visited and where in the store they went). Nordstrom had maintained that it was only seeing anonymous data, meaning that it didn’t know the names of the shoppers being tracked.

The trial was controversial for a reason other than consumers’ fears that their privacy was somehow being invaded. (By the way, the invasion of privacy claim was rather silly. Is it any different from an associate recognizing a customer from a week ago and saying, “Mrs. Smith. How nice to see you again. Did that turquoise sundress work out for that function you told me about in New Orleans?” Sure, it is. The associate’s recollection is name-specific, making it far more intrusive.) The problem was that the vendor involved, a company called Euclid, said that it was also working for 35 other of the nation’s top 100 retailers.

And Euclid was able to see cross-retail activity. That means that it saw when, for example, a Nordstrom shopper left Nordstrom without visiting POS and then her mobile signal appeared 20 minutes later inside Macy’s, where she ended her visit with that always-desired visit to POS. (Note: That was just an example. Other than Nordstrom, we’re not identifying which retailers are using Euclid.) The fact that Nordstrom is only receiving anonymous data (or so it says) doesn’t mean that its rivals all are similarly limited.

This is a key industry problem with many forms of mobile information gathering. At an MCX panel at the NRF show, retail execs spoke quite a bit about their fears surrendering their most sensitive customer data to third-parties. Jay Culotta, the treasurer at regional convenience chain Wawa, said many of the mobile vendors say they are not—today—planning on sharing data, but they refuse to say what will happen down the road. “It’s not a forever situation,” Culotta said, adding that the temptations for leveraging such data will likely be overwhelming. “It’s unclear what their business case would be without monetizing that data.”

A Lowe’s executive on the panel—VP, Operational Controller John Manna—agreed and painted a scenario where a mobile vendor knew that a Lowe’s customer made regular purchases at Lowe’s and then walked right by an Ace Hardware store. And if an Ace Hardware corporate manager is then talking with that vendor, will the very substantial dollars that Ace would likely pay for that list of customers be set aside? Manna indicated that he would rather not find out.

Getting back to the Nordstrom trial, eight months is indeed quite a sufficient trial to determine if this data is useful and accurate and, to be candid, if it was has a practical ROI. This kind of effort likely does have a practical ROI, if you limit the equation to looking at the raw costs of the setup against increased sales potential (and reality). But there’s the amorphous other element that is more difficult to calculate. How much are you potentially helping your rivals by dumping all of your data with a third-party that is also taking their money?

The better question: Can such a program be done internally, solely with a retailer’s own resources? It would be more costly initially, but you would have complete control of the data, with almost no chance of it seeping into the knowledge base of rivals. That can indeed be a forever situation.

Nordstrom spokesperson Tara Darrow, in an e-mail sent to CBSNews, confirmed that the chain had halted the mobile trial. “We’d been testing Euclid since September and have said all along this was a test for us. We had been discussing what made sense in terms of concluding the test; after 8 months we’d felt like we had learned a lot and determined that it was the right time to end it,” Darrow said.

From the shopper reaction perspective, a big problem for Nordstrom had been signs announcing the program and giving people an option to opt-out. The signs were phrased vaguely enough that, to many shoppers, the program sounded a lot more intrusive than it really was.

This trial shutdown perhaps offers the best example why normal IT processes for dealing with third-party vendors may need to be re-evaluated when it comes to mobile.

The problem is data ownership. When a retailer invites a third-party in to track (or otherwise interact with) its customers, who owns that data? Does the vendor have the right to retain a copy? When that vendor works for competing retailers, can it use that information to help them? Does it need to only be in aggregated form? And who is going to police that? Is that low-cost third-party deal as good a deal as it sounds if your customer data ultimately helps a direct rival?

As the Lowe’s (NYSE:LOW) and Wawa execs point out, this is not a privacy issue nearly as much a business model issue. Shopper fears of having their privacy violated are misplaced, as this won’t violate their privacy any more than it’s been violated for decades.

Sidenote: Retail privacy has never really existed. Go back as far as you want. Those convenient corner grocers that your grandparents used? Those owners knew everything they bought and they remembered. It was sort of cerebral CRM. Technology today replaces the shopkeep’s memory. It may be much more efficient, but it’s hardly more intrusive.

But to the business model. The idea of retailers entrusting tons of ultra-sensitive data to third-parties is nothing new. Think about your payment processor, your QSA or even Visa directly. (Please, not before dinner.) What’s the difference? After all, those folk had access to every one of your transactions and they also take money from your direct rivals. Was it a matter of trust? (A retailer blindly trusting Visa? Please.) The difference is that those payment players made their money other ways.

The problem in mobile is that these third-party vendors are still trying to figure out how they’ll make money from all of this. The only answer we keep coming back to is data. Repurposing it, reselling it and packaging it. The third-party becomes the data broker and sells the interactions and movements of your customers to the highest bidder.

There is an alternative, of course: Do it yourself. Track your customers on your apps and keep all data internal. The third parties may make life a lot easier and cheaper—in the short term—but until this space solidifies and there’s a way to make money without repurposing your data, be warned. This data is also something you can never get back.

Think back to Papa John’s legal nightmare last year (it’s still going on) when a third-party company that was helping the pizza chain by texting its customers to come back for various promotions started going rogue. It eventually asked for that third-party to destroy all of the names. The allegations involve the third-party grabbing mobile numbers from customers when they asked for pizzas to be delivered. Did the third-party wipe all of that data when asked? What about backup systems? Employees of that vendor who had copies on laptops and thumb drives? Saying “yes, we destroyed it” is a lot easier than proving it.