Nomi Technologies (“Nomi”) provides brick-and-mortar retail outlets with a means to track consumers’ mobile devices as they move in and around their respective stores. This data can be used by retailers to gain insight into certain consumer behavior and associated commercial interactions. Nomi has recently agreed to settle Federal Trade Commission (“FTC”) charges that it misled consumers with regard to certain provisions of its privacy policy that promised consumers that they would be able to opt-out of the consumer tracking activity that Nomi facilitates.

How Closely Must You Adhere to the Terms of Your Privacy Policy?

Businesses Must Follow their Privacy Policies

In particular, Nomi’s privacy policy contained provisions assuring consumers that they would have the opportunity to successfully complete a mobile tracking opt-out at either the Nomi website or at the retail outlet(s) themselves. Relatedly, the Nomi privacy policy suggests that consumers would receive a notice when they were being tracked in and around a participating retail outlet.

Despite the assurances in the Nomi privacy policy, in reality, consumers did not receive notice of when they were being tracked, and did not have the ability to opt-out of being tracked at the applicable retail outlets. As reiterated in the FTC’s press release concerning this settlement, businesses must adhere to the terms of their privacy policies:

“It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “If you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them.”

Mobile and Website Privacy Policies Matter

The operators of mobile applications and websites are required, by law, to post privacy policies detailing the applicable app and/or site’s data collection, usage and sharing practices. In addition, various applicable rules and regulations require specific items, terms and disclosures to be included in each privacy policy. All of the terms included in a privacy policy must be strictly complied with by the business that publishes the subject privacy policy.

Failure to include the requisite disclosures in mobile/website privacy policies, and failure to adhere to the terms included in such privacy policies, could expose businesses to liability, including regulatory action and private litigation. Therefore, it is essential that any business that has a website and/or mobile application obtain the advice of qualified counsel, well-versed in emerging privacy law, to ensure that its operations and policies are compliant with applicable law.

The ongoing evolution of online and mobile privacy law warrants continued attention from Internet attorneys, technology attorneys and those interested in consumer privacy in general.