Neiman Marcus (and Euclid) track you while you shop

Posted on by

A few weeks ago, my gorgeous wife and I went shopping at Neiman Marcus. We were just looking around on the third floor (AKA the “very expensive gadgets to make toast” floor), when I saw some water fountains near the customer service area. I went over, got a drink, and as I was walking back into the general shopping area, I saw this sign on the wall.

 

Euclid Elements Warning Sign

 

“To enhance our customer’s experience, we use Euclid to identiry mobile devices in and around our stores. Only the information that your device publicly broadcasts will be collected. If you do not want this information collected, or want to learn more information about Euclid, visit euclidelements.com/consumer.”

Wow. Tracking me in the store? Without my consent? That was a nice little “oh hell no” kind of surprise.

So I immediately visited euclidelements.com/consumer and on the main landing page was a bullet-point style mash of “we do not link any information we collect with the owner” and it’s only “aggregate and anonymous data.”

Fine. But if you really want to know how Euclid works, you have to go in and read their big long Privacy Statement.

Here’s a summary…

“If and only if you have a wifi-equipped phone AND wifi is turned on, Euclid’s sensors collect your phone’s unique MAC address, some information that describes the manufacturer, and data that is used to estimate its location in relation to the sensor. We calculate and analyze client traffic based on these signals sent from shoppers’ mobile devices.”

In other words, they can tell exactly where you are in the store at any given point and how long you stay in each area.

They then “anonymize and analyze this information in order to provide our clients with valuable analytics reports so they can improve their operations.”

They have a LOT more detail on the Privacy Statement section of their site about the whys and hows their tech works, but this particular part stuck with me…

“Our clients use Euclid Services to answer questions like: How many new shoppers did I have today? Last week? Do more people stop and enter the store with one window display vs.or another? Do more people usually tend to grab a coffee or an ice cream after going to the dentist? Answering these questions does not require that we know who you are. We only need to determine that you are a unique person. ”

…and…

“Turning off wi-fi on your phone or turning the phone off will stop sensor collection but you are still advised to visit our site to delete any records we already have.”

Good to know.

Is this a big deal? Not if it had been addressed properly in the first place. I would have preferred a notice on the store’s entrance to let me know I had the option to opt-out before walking in. Like a software EULA. Let me, the customer, decide before you get my data if you can have my data. That’s the really important part right there. Don’t print this warning on a itty bitty sign and bury it in the no-man’s-land part of the store. I want to see things like this front and center.

The other part of this whole thing that bugs me is Euclid’s own statement that they “anonymize… this information.”

So, by inference, the collected data from my phone isn’t anonymous in the first place, and it is up to Euclid to anonymize it before passing it on to their paying customer. Soooo what happens if some other company buys Euclid later on down the line? Or what happens if someone breaches Euclid’s security just to take a little look-see at what data they have?

Just about everyone has WiFi constantly enabled on their phones these days, and some phones even have the “connect to any open network automatically” option checked by default. Tech companies like Euclid are probably very well aware of this, and I think this kind of “silent observation” is going to be more prevalent as more stores figure out they can very extensively track their customers from entry to exit.

Euclid’s motivations may be as pure as a chubby baby angel’s smile, but I highly recommend you go to the OPT OUT section on the Euclid website so that you can be removed from their databases, and by proxy, all the retail stores they support.

For now, I have it in my mind to switch off my phone’s WiFi whenever I enter any retail storefront. I’ve got nothing to hide, but just because I have nothing to hide doesn’t mean I want everybody and their dear old Aunt Petunia looking at what I’m doing either.