25 June 2019
Nomi provides brick-and-mortar retail outlets with a way to track their customers' mobile devices as they move around their respective stores, which can then be analyzed by the retailers to better understand consumer behavior and interactions.
Nomi pledges to always allow consumers to opt out of Nomi's service on its website, as well as at any retailer using Nomi's technology.
Nomi's policy also stated that consumers would receive notice of when they were being tracked, in and around the participating retail outlets. However, the consumers never received notice or the chance to opt out of the tracking, thus the company not adhering to its own policy.
It's vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context, ... if you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them.
What happened in Nomi's case is a stark example that the FTC considers that if a company offers an option for consumer control, it must be easily accessible and easy to use.
It's also notable from this case that the FTC is closely monitoring the collection and use of location data.
If you're a company or retailer that uses mobile location analytics, you should follow industry guidance such as the Mobile Location Analytics Code of Conduct issued by the Future of Privacy Forum.
As an operator of a mobile application or website, it's a legal requirement that you publish details of your data collection process, sharing and usage policies.
There are also specific terms, disclosures, and other specific items that must be included in your policy as specified by applicable regulations.
Nomi's opt-out system is now clearly displayed on their website, with their main privacy principles boldly stated as below:
There are two different places on the website's legal page a user can opt-out. The first is a big and bright button right at the top of the page:
The second is a link:
A similarity can be drawn to the unsubscribe mechanisms in email marketing campaigns.
If you're a Device Operator, like Nomi, you could produce something similar so that there will be an easy way for your users to opt out. It's important for your users to know how to opt out, at all times.
The way email marketing campaigns allow their subscribers to opt out can differ a little in form but they generally follow the same basic process. The emails usually contain a clear unsubscribe link which leads the user on how to carry out the unsubscribing process.
Marks and Spencer's unsubscribe web form has a survey asking why the user wishes to opt out but it also has a clear and simple opt out link at the bottom:
Innocent provides their customers with the opportunity to opt for a specified length of time or opt out straightaway.
Bed Bath & Beyond gives the user the chance to change the frequency of emails or simply opt out. They must go through a further step of entering their email address.
Whereas Apple requires the user's email address to be entered twice to confirm a opt-out request from that user:
By having an easy to access and clear way for your users to opt out, you'll be ensuring that you comply with all regulations.
Both the positive changes Nomi has made and the email unsubscribe mechanisms are good examples of clear ways you can provide an opt-out method for your users.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.