Request a Demo
Request a Demo

Retailers: Are You Stealing Your Shoppers' Data Without Knowing It?

August 15, 2019

Mall operators can learn a lot by tracking their customers to offer them better experiences, but shoppers are right to worry that they’re being personally tracked. A series of recent articles by the Washington Post has outed sneaky tracking practices in popular apps and websites, with one headline, I found your data. It’s for sale.” Location tracking makes consumers feel especially violated. New York Times reporters proved that several popular apps report their users’ locations, even to third-party companies.

At Omnee, as we considered how best to support mall operators, mixed-use property developers, and retailers, in better understanding their audiences, privacy-by-design was crucial to us as we built our platform. Collecting data in itself isn’t bad, but it can, and should be, done responsibly.

Do you know where the data you rely on comes from?

It’s important for retailers to know that much of the consumer information collected by mobile apps isn’t done directly by the brand on the app. Companies don’t write every line of app code themselves. They build their apps on top of commercial software development kits (SDKs) that perform standard functions such as getting your location from your phone’s GPS hardware, or estimating it from Wi-Fi signals. A single app can include 30 to 40 SDKs.  

But SDKs can also be a trojan horse through which personal information is stealthily collected. Legally, you gave consent by accepting the app’s terms of use. But who reads those? Their dense legalese can hide an OK to share personally identifying information (PII) with the app maker or anyone else.

Why violate privacy? Because they can

Large companies commonly buy personal data collected by SDKs in bulk. They pay a small per-user fee—perhaps two dollars for 1,000 users. For an SDK installed on millions of phones, that can add up to solid revenue, whereas for a large platform personal data is a unique asset to hold onto. So it makes business sense for SDKs and apps to sneak data off your phone, and for platforms or big brands to buy it from as many of them as they can. That’s why some SDKs brazenly collect anything they can, in case it might prove valuable to them later.

The big platforms—Amazon, Facebook, Google, Microsoft—are the best known for amassing data, but consumers often don’t know that dozens of lesser-known apps on their phone are reporting info they’re unaware of, and that the collected data is often sold to bigger buyers. Some apps have been found to tap into users’ phone locations without permission. Some wait until after midnight to upload collected data unnoticed.

You can do some investigating yourself: On an iPhone, open the Settings app and tap Privacy -> Location Services to see a list of all apps allowed to read your location. You might wonder why some of these need to know where you are.

Personal data is often wrong 

Ethical issues aside, covertly collected data has a big problem: It’s often not accurate. A location reading can be off by blocks, as Uber customers have seen happen even with their consent. Besides Uber only a few apps, such as Facebook and Google’s, have true real-time access to location information. Many SDKs estimate location by other means and do so only sporadically, so reported locations can be both wrong and weeks out of date. It doesn’t matter how many data scientists pore over the results. Garbage in still means garbage out. A company that touts data on 100 million U.S. users may be selling information that’s not only invasive, it’s incorrect.

Doing the right thing for retail - by design

New laws—the GDPR in Europe and the California Consumer Privacy Act—are forcing companies to revise their data-collection habits and become much more transparent with consumers. 

At Omnee, we designed our audience analytics platform from the start to collect only the minimum viable data we need, and to scrub it of all personal identifiers. Individual mobile devices’ IDs are anonymized and the data on them aggregated into patterns, not people. The cameras in our system never store an image—they create metadata for each shot that can’t identify who is on camera, then delete the image. And even this anonymized information is encrypted.

The end result: No personal data on shoppers to sell, or to steal. The best way to avoid a privacy problem is to design so it can’t happen in the first place. Find out how we can help you respect your audiences’ privacy and help your business win by contacting us here

Subscribe by Email

No Comments Yet

Let us know what you think