Today, the FTC took him up on the request. The agency announced this morning that it intends to convene a seminar to discuss “mobile device tracking,” which involves tracking customers via their phones' MAC addresses -- 12-digit identifiers assigned to any device that's capable of connecting to the Web. “In most cases, this tracking is invisible to consumers and occurs with no consumer interaction. As a result, the use of these technologies raises a number of potential privacy concerns and questions,” the FTC said today.
The FTC says the seminar will address issues like potential benefits to consumers, whether the tracking is “anonymous,” and how companies can implement the FTC's recommendation of “privacy by design” -- which includes notifying consumers and allowing them to choose whether or not to be tracked.
Some analytics companies that perform this type of tracking say they only provide data about matters like how long people stay in a store, or how long they're in particular sections. For instance, earlier this year Euclid Analytics responded to a query by Sen. Al Franken (D-Minn.) by stating that it only offers retailers anonymous, aggregated information, such as: “Today 300 potential customers walked by your storefront and 150 entered. Of the 150, 15 percent stayed for less than 5 minutes, 55 percent stayed for 5-15 minutes and 30 percent stayed for longer than 15 minutes.'
Franken has gone on record as saying that companies shouldn't engage in this kind of tracking without people's opt-in consent, even if the data is aggregated and stripped of identifying features.
But analytics companies and their defenders say that this type of tracking can help storeowners as well as consumers. For instance, store managers can glean traffic patterns from the data, and then adjust staffing.
Earlier this autumn, eight mobile analytics companies agreed to follow a new privacy code that requires them to follow a new code of conduct that requires them to notify consumers about in-store tracking and allow them to opt out. The code contemplates a one-stop site, where consumers can opt out by entering their MAC address. Companies signing on to the new code include Euclid, iInside, Mexia Interactive, SOLOMO, Radius Networks, Brickstream and Turnstyle Solutions.
The self-regulatory code -- forged by Schumer and the think tank Future of Privacy Forum -- also requires the analytics companies to take steps to make sure the information can't be linked to an individual, such as replacing the original MAC address with a new string of characters.
The FTC's seminar will take place on Feb. 19.