This is page 2 of:
FTC Report Slams Geolocation Data Use But Is Otherwise Retail-Friendly
“Rather than a rigid reliance on advance consent, commenters stated that companies should be able to provide choice before collection, close to the time of collection or a time that is convenient to the consumer. The precise method should depend upon context, the sensitivity of the data at issue and other factors,” the report said. “In some contexts, however, it may be more practical to communicate choices at a later point. For example, in the case of an offline retailer, the choice might be offered close to the time of a sale, but in a manner that will not unduly interfere with the transaction. This could include communicating the choice mechanism through a sales receipt or on a prominent poster at the location where the transaction takes place. In such a case, there is likely to be a delay between when the data collection takes place and when the consumer is able to contact the company in order to exercise any choice options. Accordingly, the company should wait for a disclosed period of time before engaging in the practices for which choice is being offered. The Commission also encourages companies to examine the effectiveness of such choice mechanisms periodically to determine whether they are sufficiently prominent, effective and easy to use.”
Beyond geolocation data, one other area that concerned the FTC was facial recognition systems in public places, such as at large shopping malls.
“The ability of facial recognition technology to identify consumers based solely on a photograph, create linkages between the offline and online world, and compile highly detailed dossiers of information, makes it especially important for companies using this technology to implement privacy by design concepts and robust choice and transparency policies,” the report said. “Such practices should include reducing the amount of time consumer information is retained, adopting reasonable security measures and disclosing to consumers that the facial data they supply may be used to link them to information from third parties or publicly available sources.”
The report then zeroed in on customized digital signage that is tied into mobile or facial recognition systems.
“For example, if a digital sign uses data enhancement to deliver targeted advertisements to viewers, it should immediately delete the data after the consumer has walked away. Likewise, if a kiosk is used to invite shoppers to register for a store loyalty program, the shopper should be informed that the photo taken by the kiosk camera and associated with the account may be combined with other data to market discounts and offers to the shopper. If a company received the data from other sources, it should disclose the sources to the consumer,” the report said.
What’s the significance of this FTC report? On the one hand, not much, given that these are merely guidelines with no enforcement muscle. But that’s not realistic. First, as consumer groups try and push privacy limits, this FTC report—which seems to strike reasonable compromises between privacy advocates and retailers—is likely to be seen as an acceptable benchmark.
Of potentially greater concern are congressional efforts to pass retail-oriented privacy laws. Members of both parties might look to the report as a good starting point for legislation that would have enforcement powers. Also, even if no one follows these guidelines, the FTC itself certainly will take them seriously. If a chain is brought before the FTC for any matter, compliance with these guidelines would certainly be helpful.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
