A company making use of tracking technology reached a settlement agreement with the Federal Trade Commission after the agency charged that Nomi Technologies falsely informed consumers that they could opt out of being tracked.

According to the complaint—which the agency said was its first filed against a retail tracking company—Nomi placed sensors in the stores of its clients. Using WiFi connections, Nomi then collected the 12-digit MAC addresses of consumers’ mobile devices in order to track their activities.

Nomi’s 2012 privacy policy stated that the company “pledged to … always allow consumers to opt out of Nomi’s service on its website, as well as at any retailer using Nomi’s technology.” Although consumers had the option to opt out at Nomi’s Web site, no such option could be found at stores, the FTC said, and consumers were not informed when the tracking was actually taking place.

These deceptions enabled Nomi to collect information on roughly 9 million mobile devices and provide data reports to retailers such as how long consumers stayed in a store, how many consumers passed by the store instead of entering, and how many repeat customers entered a store in a given period, the agency said. In addition, although Nomi “hashes” the MAC addresses before storing them, the FTC noted that the hashing process resulted in an identifier that is unique to the consumer’s mobile device and can be tracked over time.

Pursuant to the agreement, Nomi is prohibited from misrepresenting the options provided to consumers for controlling “whether information is collected, used, disclosed or shared about them or their computers or other devices,” and misrepresenting the notification provided to consumers about its information practices.

The Commission split 3 to 2 in issuing the complaint and accepting the proposed consent order, with dissents from Commissioners Maureen K. Ohlhausen and Joshua D. Wright. In her dissenting statement, Commissioner Ohlhausen emphasized that Nomi was a start-up operation with limited funds as well as “a third party contractor collecting no personally identifiable information,” with no obligation to offer consumers an opt-out.

She also agreed with Commissioner Wright that Nomi’s privacy policy was “partly accurate,” as the company did allow opt-outs on its Web site, and that no evidence existed of consumer harm. “A representation simply cannot be deceptive under the long-standing FTC Policy Statement on Deception in the absence of materiality,” Commissioner Wright wrote in his dissent.

To read the complaint, the consent order, and the statements of the Commissioners in In the Matter of Nomi Technologies, click here.

Why it matters: “It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a press release about the case. “If you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them.” The Commission emphasized that the case stands for the proposition that the Federal Trade Commission Act still applies even to the latest mobile technologies.