Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 6th, 2015
FTC Settles with Mobile Tracking Services Company for Privacy Policy Misrepresentation
Your e-commerce company probably has a privacy policy (if it doesn't, then it should). But is anyone checking to see that the company follows the policy? Companies that don't follow their own privacy policies can get into legal hot water pretty quickly. That's what happened to a New York-based tracking service.
Nomi Technologies provides mobile-based tracking services to retailers. The company places sensors in its clients' stores, and those sensors track customer traffic patterns by analyzing customers' mobile phone signals. Nomi uses the customer data to report to its clients on the percentage of consumers passing by the store versus those entering the store, the average length of time the consumer spends in the store, the percentage of repeat customers, and the number of customers who also visited another client store location.
Nomi's privacy policy says it always allows consumers to opt out of Nomi's service on its website as well as at any retail store that uses Nomi's tracking service. However, Nomi did not offer an opt-out mechanism in the retail stores using its technology, and did not require its clients to give consumers notice they were being tracked. The FTC alleged that these misrepresentations were a violation of the FTC Act, and, after an investigation, the company agreed to settle the charges. Under the proposed consent order, Nomi agreed to cease misrepresenting the options by which consumers can exercise control over their data. Nomi also agreed to cease misrepresenting the notice consumers will receive about how data from or about them, or their devices, is collected and used. The order will remain in effect for at least 20 years.
The lesson here is simple: your privacy policy must accurately reflect how your company behaves. Set a calendar reminder for your company every year to review your privacy policy to make sure that all privacy choices articulated in the policy are, in fact, available to consumers.
For more information about privacy policies and other data security matters, please contact S. Gregory Boyd CIPP/US at (212) 826-5581 or gboyd@fkks.com, Jeremy Goldman CIPP/US at (212) 705 4843 or jgoldman@fkks.com, Jessica Smith at (212) 705-4876 or jsmith@fkks.com, or any other member of Frankfurt Kurnit's Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023