On March 26^th, the U.S. Federal Trade Commission called on Congress to enact legislation to regulate companies that collect and trade information about consumers. The proposed legislation is targeted specifically at companies like Google, Experian and Acxium, but would impact a growing and apparently lucrative ecosystem of companies who collect, “enhance “, and sell consumer data. This is the latest in a long-running battle between those companies and consumer advocacy groups that demand that “do not track ” options actually do what they say they’ll do.

The FTC action comes on the heels of the February gaffe by Google having to do with how the search engine was getting around privacy setting in certain browsers (Should You Care about Google’s Security Gaffe?, 2/21 Retail Paradox Weekly). At the time, RSR noted that the FTC under the Obama administration has indicated that privacy enforcement efforts will focus on companies that do not adequately make consumers aware of their data collection practices, even if they do not involve personally identifiable information or create a financial risk to individuals. The Administration plans to release a consumer bill of rights soon, which according to U.S. Deputy Chief Technology Officer Daniel Weitzner will be “voluntary but enforceable. “

Worth Watching

According to a 3/26 NY Times article, one unnamed industry source claimed that “do not collect is basically death for online advertising. ” While that would please privacy wonks, that’s not the end of it. Companies like Acxium are used by some retailers’ marketing programs to “enhance ” data collected at the in-store point of sale and from the digital channels in such as way as to enable the retailers to better target incentives to customers. This doesn’t necessarily have anything to do with a “loyalty programs “; the data is often “anonymous ” (i.e. even when a consumer has not specifically identified him/herself by presenting positive identification), but still able to be enhanced with demographic and psychographic attributes to help retailer better target information and incentives.

So how serious is this? FTC Chairman Jon Leibowitz put it bluntly: “‘Do Not Track’ from our perspective certainly means ‘do not collect’ — not ‘do not advertise back,’ If a real Do Not Track option doesn’t come to fruition by the end of the year, there will be, I don’t want to say a tsunami of support for Do Not Track legislation next Congress, but certainly a lot of support. “

The issue of consumer privacy is a drum that RSR has pounded on for years, at least since RSR partner Steve Rowen and I carried out a series of workshops on PCI, data security, and data privacy starting in 2005. While that workshop series is long-gone, the issue has only grown bigger. Our focus of those workshops, and the studies that followed, was mostly about the need to secure customer-specific data internally, but even in 2007 we were advocating that retailers view customer privacy as a Brand issue. Our 2007 benchmark study on the subject found that that “…failure to secure consumer-specific data will result in brand erosion and crippling scrutiny from regulatory agencies and financial networks. “

Now it’s a societal issue. In an effort to keep up with consumers’ omni-channel shopping behaviors, blending the digital and physical realms to make their purchases, many retailers have joined in partnership with commercial 3^rd parties to engage with consumers wherever they are. The question now is, with the apparent failure of data and technology companies to behave themselves having drawn the attention of the U.S. Federal government, will the future of omni-channel shopping be affected, and how?

Retailers need to 1) watch this issue carefully, and 2) pay attention to what 3^rd parties are doing in the Brand’s name with consumer data that is shared. As we mentioned in the 2/18 Retail Paradox Weekly column, the two big U.S. trade organizations are opposed to legislation like the Kerry-McCain Commercial Privacy Bill of Rights Act of 2011, which seeks to impose new rules on companies that gather personal data, including offering people access to data about them, or the ability to block the information from being used or distributed.

Just being opposed is not enough. The FTC has stepped in as the advocate for consumers, and presumably it has a bigger constituency than the trade organizations. It’s time for the industry to roll up its collective sleeves, and get to work to find a solution that’s mutually agreeable (that means compromise), before one is imposed that sets the industry back.