Nomi collected information on about 9 million mobile devices during the first nine months of 2013, the FTC alleged. It used a technique called "hashing" to obscure MAC addresses that could be used to identify a particular smartphone. But it still generated a unique code that was associated with those devices allowing them to be tracked over time and potentially revealing sensitive information about a shopper's movements, according to the FTC.
The company used the tracking information to give retailers insight into their customer base -- for instance, how many repeat customers they had during a given period and how long consumers stayed in the store, the FTC said.
Nomi did not provide a way for consumers to opt out of being tracked through the physical stores they were shopping in, as it promised in late 2012, the complaint alleged -- in fact, consumers were not told they were being tracked at all. It did provide a way to opt out through its Web site, but that was not enough, according to the FTC.
“It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection in a news release. “If you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them."
Under the terms of the settlement, Nomi agreed to abide by its privacy promises and not misrepresent consumers' options to block being tracked. The agreement will be open for public comments for 30 days before the commission finalizes it. The commission voted 3-2 to issue the complaint and accept the consent order, with Commissioners Maureen Ohlhausen and Joshua Wright dissenting.