Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 6th, 2015
FTC Settles with Mobile Tracking Services Company for Privacy Policy Misrepresentation
Your e-commerce company probably has a privacy policy (if it doesn't, then it should). But is anyone checking to see that the company follows the policy? Companies that don't follow their own privacy policies can get into legal hot water pretty quickly. That's what happened to a New York-based tracking service.
Nomi Technologies provides mobile-based tracking services to retailers. The company places sensors in its clients' stores, and those sensors track customer traffic patterns by analyzing customers' mobile phone signals. Nomi uses the customer data to report to its clients on the percentage of consumers passing by the store versus those entering the store, the average length of time the consumer spends in the store, the percentage of repeat customers, and the number of customers who also visited another client store location.
Nomi's privacy policy says it always allows consumers to opt out of Nomi's service on its website as well as at any retail store that uses Nomi's tracking service. However, Nomi did not offer an opt-out mechanism in the retail stores using its technology, and did not require its clients to give consumers notice they were being tracked. The FTC alleged that these misrepresentations were a violation of the FTC Act, and, after an investigation, the company agreed to settle the charges. Under the proposed consent order, Nomi agreed to cease misrepresenting the options by which consumers can exercise control over their data. Nomi also agreed to cease misrepresenting the notice consumers will receive about how data from or about them, or their devices, is collected and used. The order will remain in effect for at least 20 years.
The lesson here is simple: your privacy policy must accurately reflect how your company behaves. Set a calendar reminder for your company every year to review your privacy policy to make sure that all privacy choices articulated in the policy are, in fact, available to consumers.
For more information about privacy policies and other data security matters, please contact S. Gregory Boyd CIPP/US at (212) 826-5581 or gboyd@fkks.com, Jeremy Goldman CIPP/US at (212) 705 4843 or jgoldman@fkks.com, Jessica Smith at (212) 705-4876 or jsmith@fkks.com, or any other member of Frankfurt Kurnit's Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023
CPRA Regs: 8 New Obligations You Need to Know
On February 14, the CPPA, California’s new privacy regulatory agency, filed the first part of its proposed final CPRA Regs with California’s Office of Administrative Law (OAL). Read more.
February 21 2023
Privacy Considerations for 2023
2023 is around the corner. As a refresher, on January 1, 2023, two new comprehensive privacy laws – the California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCDPA”) – take effect. Read more.
December 6 2022
