Proximity marketing: the privacy implications for retailers
Retail & Supply Chain Sector - 28 February 2018
- The rise of new marketing practices in retail - proximity marketing
- Privacy risks for retailers
- Customer surveillance — what to watch out for
- What do you need to know as a retailer?
The shopping experience has undergone significant changes over the last decade. These days almost everyone has a smart phone and online shopping is now common place. At a time when consumers are empowered with choice, with many ways to shop and a number of retailers to choose from, new technologies can help retailers stand out from the pack. Proximity marketing is one way to do this.
Proximity marketing is a form of location-based marketing that uses cellular technology (most commonly, Bluetooth beacons) to identify consumers within a certain proximity to a store, or more specifically to a certain product. Using that information and a consumer's profile, preferences, wishlists, and shopping history, retailers can deliver personalised adverts and marketing messages to consumers through specific mobile applications.
Used wisely, proximity marketing gives retailers the opportunity to create a unique, highly personalised, and relevant shopping experience for consumers, which (in theory) leads to a higher conversion rate for sales.
One of the key concerns that consumers have with proximity marketing is privacy. While consumers must give permission or opt-in for a retailer to track their location, there is a fine line between consumers feeling like they are receiving useful information and like their privacy has been invaded.
The Privacy Act 1988 (Cth) (Privacy Act) regulates the way in which an individual's personal information is handled. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. What constitutes personal information will depend on a particular circumstance, and whether an individual is identifiable from that information. The Office of the Australian Information Commissioner has indicated that location information may be 'personal information', because it can reveal user activity patterns and habits.
It is important for retailers to understand their obligations under the Privacy Act and the Australian Privacy Principles. At a minimum, retailers must:
- Not collect information unless it is reasonably necessary for or directly related to one or more of the retailer's functions.
- Collect personal information by lawful and fair means and from the customer themselves, unless it is unreasonable or impractical to do so.
- Notify customers before or at the time (or as soon as practicable after) a retailer collects personal information about that customer e.g. pop-ups and app notifications to inform customers of the potential collection or use of personal information. Retailers should disclose that they will collect personal information for proximity marketing purposes
- Ensure it does not use personal information collected for the primary purpose for another purpose unless the customer would reasonably expect the retailer to use the information for the secondary purpose (this can be aided by disclosing the secondary use in the privacy notification).
- Give customers the opportunity to unsubscribe from direct marketing communications.
- Take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Under surveillance legislation in Victoria and New South Wales, generally it is an offence to install, use, or maintain a tracking device to determine the geographical location of a person or object (i.e. smartphone), without the express or implied consent of that person in lawful possession or having lawful control of the object. The definition of "tracking device" under the Victorian and New South Wales Acts differs slightly, but broadly means an electronic device which is capable of being used to determine or monitor the geographical location of a person or an object.
The risk for retailers in this instance is failure to get customer consent to their location being tracked.
Beacons cannot track customers in isolation, however when paired with a wifi or cellular connected device and the appropriate app, a customer's location can be tracked. Getting customer consent to such tracking will in most cases be obtained through a customer's acceptance of the app's terms and conditions at the time the app is downloaded.
Retailers should think carefully about how this is brought to a customer's attention, and ensure that this is highlighted during the download process and on first use of the app, and not buried in the fine print.
It goes without saying that all retailers must have clearly expressed and up-to-date privacy policies explaining why they are collecting a customer's personal information and how they will handle that information. Retailers should also consider the following when deciding whether to implement a proximity marketing campaign:
- Collection of information: Avoid over collecting personal information. If you don’t need it, don’t collect it. Be transparent about what information is being collected and why.
- Privacy-related communications: Use short form notices (no longer than a single screen) to explain what information is being collected. In relation to location information, ensure that this is emphasised at the outset of the app download process, and that express consent to this information being collected is obtained from the customer.
- Opt-out: Ensure that customers have the option to easily opt-out of providing personal information, including location information, at any time.
- Deliver a targeted marketing approach or brand experience: Pushing messages that are not personalised and relevant to the customer, or which do not accurately reflect a customer's preferences, fail to deliver a personalised customer experience and is one of the quickest ways to lose customer engagement.
- Taking it a step too far: While consumers are looking for a personalised and tailored shopping experience and are generally happy for their data (e.g. shopping history and preferences) to be used to deliver such experiences, retailers need to take care and recognise where the boundaries lie. If you think the interaction could be perceived as intrusive, don’t do it.
All information on this site is of a general nature only and is not intended to be relied upon as, nor to be a substitute for, specific legal professional advice. No responsibility for the loss occasioned to any person acting on or refraining from action as a result of any material published can be accepted.