On April 23, 2015, the FTC and Nomi Technologies, Inc. (“Nomi”) settled the FTC’s misrepresentation charges related to Nomi’s “Listen” service, a multiple sensor technology that allows retailers to measure consumers’ in-store movements. Nomi’s sensors track consumers as they browse physical stores. According to the complaint, “Nomi places sensors in its clients’ retail locations that detect the media access control (“MAC”) address broadcast by a mobile device when it searches for WiFi networks.” Nomi hashes the MAC addresses, but it creates and stores a persistent unique identifier related to each consumer’s mobile device that enters a client retailer’s brick and mortar store.
According to the complaint, from November 2012 through October 2013, Nomi’s privacy policies stated: “Nomi pledges to…. Always allow consumers to opt out of Nomi’s service on its website as well as at any retailer using Nomi’s technology.” Nomi provided (and continues to provide) an opt-out on its website, but none at its clients’ retail stores. The FTC charged in its complaint that Nomi misrepresented or misled consumers by not providing an opt-out mechanism at its clients’ brick and mortar stores, and moreover, for not informing consumers that Nomi’s Listen service was even being used at the stores.
FTC’s action reflects its growing interest in privacy and data security issues related to new technology, particularly mobile technology. FTC’s press release quoted Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, saying, “It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context.” Under the settlement, Nomi will be subject to a consent order and prohibited from misrepresenting its consumer opt-out options and its consumer notification practices.