The New Mobile Privacy Debate: Navigating Between Discipline And "Icky"

Envision an in-store system that addresses every customer by name and points out to the customer—out loud, in earshot of other customers—prior purchases, including highly sensitive products. The system would know the customer's address, relatives, neighbors and friends, and might even mention embarrassing incidents involving the customer as a child. The name of this invasive system is "the friendly shopkeeper," and almost every corner pharmacy, grocery and hardware store had one back in the 1950s and 1960s—back when we like to think customers were very privacy conscious.

Conventional wisdom is that consumer resistance to invasive marketing consistently softens over time with each new retail tech innovation. But the friendly shopkeeper demonstrates that's not a linear trend. And there's a school of thought that says mobile technology may break that trend, too. The potential invasiveness of mobile payments is so intense that customers might rebel and resist all privacy-infringing efforts even more—making mobile dangerously likely to blow up in retailers' faces.

The problem isn't just privacy. Those store owners from yesteryear proved that consumers don't seem to object when a person knows all about them. But there's something about personal information being transmitted by computer that changes a consumer's sense of being violated. The very nature of a mobile device has the potential to trigger privacy problems in 50 different ways even before payments—with 24-hour geolocation tracking, records of everything you've searched for and even the ability to turn a private call into a public event with a speaker switch.

Once we acknowledge that it's not the information that is deemed private but how that information is used and—most critically—shared that is at issue, it's easier to see how mobile could set up retail for privacy blowups.

Sharon Biggar is CEO of Path Intelligence, which is the company behind a series of mobile data gathering tests in major shopping malls, including this one in Australia.

Biggar wonders if payments will indeed make consumers more sensitive to perceived privacy invasions. "Purely for the security implications, once you start making payments, you'll be a little more hesitant," she said.

In other words, once live banking and credit-card information goes into the virtual wallet—and PayPal, Google and others are encouraging consumers to pour everything they can into these virtual wallets—there's much more trust that will be involved. The greater the trust, the easier it will be to violate that trust.

But Biggar offers an interesting perspective from her mall tracking efforts. Her company's efforts track consumers via their mobile signals as they walk through the mall. And Biggar argues that such tracking shouldn't feel new to consumers, because it's little more than what they have experienced for years on Web sites.

"This works in the exact same way" as Web analytics, where "they might be following your dynamic IP address. We're just passively observing every time that phone connects to the network. It works entirely in the background."

One very interesting part about Biggar's mobile mall efforts is the issue of customer approval. Thus far, the company has concluded that, legally, it doesn't need signoff and it doesn't seek it.

Given that we already know privacy is a purely emotional interaction, the issue of signoff is crucial. The very act of seeking such signoff could signal to the consumer, "Hey! This is probably something dangerous or we wouldn't be asking for your permission. This is a heads-up that your privacy is about to be invaded. Be worried."

If consumers don't know they are being tracked, it's hard for them to get upset about it.If consumers don't know they are being tracked, it's hard for them to get upset about it.

But Biggar still puts wording into her firm's contracts asking that signs—which are overwhelmingly ignored—be posted, "very similar to the signage that goes up around CCTV." She adds that stores have "no regulatory requirements" to do so, at least in the countries where her firm has deployed these mobile trackers.

And Biggar herself is hesitant to push the privacy issues too far, which is why she says personalized data is something she wants to avoid right now.

"We won't say that a customer went from Starbucks to Macy's. We don't do it at the level of the individual. We're very careful that it's all at the aggregated level," she said, adding that the malls she tracks will house "30,000 (customers per day) on average. We're not interested in what one individual is doing. Individual-level data is icky."

The comparison has been made between E-Commerce and M-Commerce, suggesting that even the most aggressive mobile data efforts are merely replicating the type of track-every-move-you-make that retail Web sites have done for many years. But there's a very key difference: Someone chooses to go to a Web site for shopping. The phone is with them almost always, and the emotional connection is very different.

And there are always the demographic issues with privacy debates. Certain customer groups, especially teens and young adults, don't seem worried at all about privacy concerns—their whole lives are already on Facebook. Others are much more cautious as a group, though marketers have been able to loosen them up over time, especially when data is used to make truly helpful functionality. (Think about how quickly the extremely small backlash against Amazon's initial "people who bought that also bought this" efforts evaporated.)

But some chains have customer bases that span the demographic range, and that makes privacy decisions even more frustrating. At least a store focusing solely on teens or on the elderly or pregnant women or middle-aged athletes has an advantage in tailoring a privacy plan.

One major factor in how far a chain can—and should—go with mobile privacy is a dirty word in IT circles: discipline. That means texting messages, but doing so rarely and only when it's truly a helpful message. It means knowing the geolocation capabilities you have and choosing either to not use them or to again use them only when the value to the customer is very high. That is very difficult to do and even harder to enforce on others.

Banning geolocation marketing is straightforward, but telling those marketers, "Here's your commission plan, so go out and sell. But don't be greedy and don't push things too far." With sales and marketing teams, commissions and bonuses speak loudly and disciplinary cautions are faint whispers. They know they'll be fired if their revenue boost is insufficient, and they are likely to think that over-aggressive efforts will generate little more than a mild lecture.

The advantages of the information from various mobile efforts is huge, and we'd suggest that such data should not be left on the table. But the price for using that data will be disciplined control. If you can deliver and maintain that, the treasures of mobile data are yours and will come without much of a privacy penalty.