If you thought you only got tracked when you were on-line, think again. Many major US retailers are figuring out how to use location-based, indoor analytics. By observing WiFi connections (and in some cases other technologies, such as closed-circuit cameras or bluetooth beacons) retailers are now tracking when and where shoppers go in their stores.

This is all highly valuable data that has never been available before: where, and for how long,  consumers spent time in stores, movement patterns through the store, display impacts on  purchase decisions, and so on. All this is possible due to the fact that most consumers carry smartphones. While it represents a revolution for retailing, there are also important privacy implications.

As a result of this rush to do the same kind of data-driven analytics in the physical space that exist in the virtual space, Senator Charles Schumer and the Future of Privacy Forum announced a code of conduct that will govern indoor analytics and seek to protect consumer privacy.

The initial signatories to the code of conduct are Euclid, iInside, Mexia Interactive, Nomi, SOLOMO, Radius Networks, Brickstream and Turnstyle Solutions. While the participants don’t cover all the companies in the this space, it is likely that others will generally abide by these rules as a means to ward off oppressive legislation.

The code follows the usual set of principles that exist in any Fair Information Practice Principles (“FIPPs”) based privacy framework. It offers ways for consumers (other than keeping their phones off) to avoid being tracked in stores. It also requires consumer data to be anonymized,  and requires the posting of clear and conspicuous disclosures. Finally, the critical principles of collection and use limitation, and onward transfer (disclosures to third-parties) are also enshrined in the code. It is interesting that the principle of Security is not explicitly included in the code. Arguable, this isn’t necessary as the code requires all data to be anonymous (or at least pseudonymous for the EU perspective). However, security as a domain will still be required to ensure the other principles are adhered to – it is the control that is the foundation for all other FIPPs. Additionally, companies will also be required to get an “opt-in” from the consumer if retailers want to contact shoppers later based on their in-store behavior.

Finally the code says that any in-store data won’t be used for determining eligibility for employment, credit, health care or insurance. The challenge here is that it will be very easy for employers to misuse this technology to engage in highly detailed and secret tracking of their employees. While Federal law doesn’t provide and expectation of privacy for employees, many states have a different point of view. Also, where such surveillance may be used to prosecute misconduct, the evidence may not be admissible. While these are issues not addressed in the Future of Privacy’s code of conduct, they are issues that need to be addressed by any business that wants to deploy this type of technology.

The thought is that this technology will ultimately benefit consumers (e.g. staffing optimization, improved store layouts and reduction of lines and wait times). Also, it seems that consumers are willing to share their location for tangible rewards or benefits (e.g., deals, loyalty points). Indoor analytics and smartphone data are already being used by companies such as Placed and PlaceIQ to help track the offline impact of online and mobile advertising. In addition Google, Facebook and Twitter are also getting into the act, trying to connect the dots from digital ad exposures to in-store visits and purchases.

As is the case with any powerful technology, the potential to increase liability to the business is equal to the potential to increase benefits to the ecosystem. While the Future of Privacy Forum’s code supports the benefits of the retail ecosystem, the devil is in the details. Businesses will need specific advice on how to best deploy this technology if they want to avoid both brand tarnishment (due to the “spook” factor of the technology) as well as potential lawsuits from both consumers and employees.