Where retail mobile privacy policies are concerned, perception is absolutely and fundamentally more important than reality. That's true for every player involved. For shoppers, if they perceive and believe that their privacy is protected, they will act accordingly, regardless of whether their privacy is in fact being protected. For retailers, if they are seen publicly working with vendors that are perceived to be protecting privacy, they'll not get into trouble, regardless of whether those vendors are in reality doing what they say. For vendors, as long as they can point to a document with their name on it that says "we're protecting everyone's privacy," they're fine.
Accepting those three reality-versus-perception facts is key to understanding the recent announcement from a group of mobile vendors—including Euclid, WirelessWerx, Mexia Interactive and ShopperTrak—that they are trying to align themselves with The Future of Privacy Forum "to develop best practices for retail location analytics."
What best practices can possibly be considered? Given that it's a group of companies selling these services, it's safe to say that "limit how much tracking you do given the sensitivities of your shoppers" is off the table. That leaves four safe topics: Shopper notification, shopper opt-out mechanisms; making all data anonymous; and respecting the privacy of retailers (the paying customers of these vendors) as opposed to consumer shoppers.
Officially, it's in the interests of everyone to loudly proclaim that shoppers need to be notified. It's equally in the best interests of everyone to make those notifications as easy to ignore as possible. In the early days of mobile tracking—and we are still in those early days—most consumers will have flawed understandings of what being tracked means and are likely to be scared by any notification that is explicit about "we are tracking the movements of your phone throughout this building and we will use that information to try and get you to give us more money. Happy Holidays!"
Bottom line: the guidelines will insist on notification, but will be impressively vague about phrasing. Those phrasing memos will be shared privately, suggesting that retailers emphasize the anonymity and benefits talking points, while doing everything in fine print near a dimly-lit entrance. Better yet, it will be buried within a very long T&C screen that will pop up when the app is launched.
It's in the interest of both vendors and retailers to loudly proclaim that they have such opt-out functionality—and to make it as cumbersome to use as possible. Some vendors require that the shopper go to their site and find the opt-out page somewhere within the site, an area that will ask many questions and will probably not load especially quickly.
There will also be the easy opt-out methods, such as telling shoppers that they can simply turn off their phones or block Wi-Fi and other connections. But that's not very viable these days, as malls are overloading shoppers with offers and incentives that require those connections to be open. Ultimately, it's not in the interests of merchants or vendors to encourage phones to kept turned off.
The claims of anonymous data speak to two very different issues. The first is that, quite often, retailers don't really care what the name of that prospect is. (Oh, it's certainly a "nice to have" but not much more than that.) They simply want to know that the woman standing in Aisle 9 right now—the one wearing the turquoise top—is the same shopper who made a $970 purchase for shoes at a rival one mile away and then made a $1,100 sweater purchase right before coming to your store. I don't want her name, just her spending habits.
The other reality is how much data the chain is given—or is collecting itself—in addition to the cellular tracking the vendor is offering. The vendor data may have no names, but does it provide enough specifics that the retailer's systems could, over time, figure out who it is?
The point is that telling a shopper that the data is anonymous sounds terrific to shoppers, but it may skip over the fact that it could still lead to unwelcome sales attention or to being later identified. Also, even if a vendor doesn't tell the retailer the name, that vendor can still take actions on behalf of that vendor, such as sending E-mails or making calls. If the part about "anonymous" that users like is not being bothered, this claim might be quite misleading.
Respecting Retailer (Not Consumer) Privacy
This simply means that data from one chain won't be shared with another chain. But vendors have an extremely strong incentive to keep this vague and temporary, as they don't want to limit possible future revenue sources.
Most critically, these kinds of industry guidelines typically have no penalties for non-compliance. Just because a vendor publicly pledges to support these guidelines doesn't legally force them to do so. The business plan for a mobile vendor is staying in business.