Beacon Technology or Bluetooth Low Energy Beacons (collectively, “Beacons”) are becoming a major technological advancement available to Canadian retailers. Industry experts believe that Beacons, which are already in use by some retailers, sports arenas, hotel chains and museums, will potentially revolutionize the customer experience. Beacons are essentially a form of mobile marketing that allows retailers and direct to consumer manufacturers to communicate and send offers to a customer’s smartphone or mobile device. They allow businesses to effectively target their customers and provide invaluable analytics about customer behavior.
However, while they provide useful information for consumers, Beacons have raised privacy concerns among consumer advocates, in particular regarding how Beacons are used to collect, use, and disclose personal information. This post focuses on dispelling some of the myths behind Beacons and discusses business considerations related to ensuring compliance with privacy legislation in Canada.
What are Beacons?
A beacons is a small battery powered transmitter that broadcasts by way of a Bluetooth low energy antenna. The Beacon transmits a unique ID number that is read by a corresponding app on a consumer’s mobile device. The app then looks up the location of the Beacon that sent the ID number and pushes notifications to the consumer’s mobile device based on his or her location.
Under the typical set up, Beacons themselves do not collect data. The Beacons simply transmit the unique identifier. The app on the customer’s mobile device receives the information from the Beacon and is the actual conduit through which data about customers is collected.
How are Beacons used by retailers?
While Beacons can be used in a variety of ways, two features and potential uses of particular interest to retailers are that they allow retailers to: (i) track and pinpoint where consumers spend most of their time in stores; and (ii) provide product information to a consumer at the time that the consumer is actively interacting with a product.
Legal Considerations for Retailers Using Beacons
- Be Transparent. The Terms should be transparent and should clearly and conspicuously inform the app user that data is being collected by the app.
- Be Clear What Type of Data is Being Collected. It is not enough to simply state that data is being collected. Rather, the Terms should disclose why the data is being collected and how it will be used. The Terms should also disclose how the data is collected, if it is shared with third parties, what data is shared and in what form, if data will be collected even when the app is closed and should provide contact information so that the consumer may contact the app provider with questions.
In addition, Retailers should ensure that they use reasonable safeguards to protect the personal data collected by the app and should keep the personal data for only as long as reasonably required. Employing reasonable safeguards and appropriate retention periods will reduce the risk of the customer data being lost in a security breach.
Canada’s Anti-Spam Legislation (“CASL”)
In addition to obtaining informed consent to the collection, use and disclosure of personal information, retailers should ensure that they obtain consent from customers for sending commercial electronic messages (“CEMs”) through the app.
CASL prohibits the sending of CEMs without the requisite consent. The term CEM is defined broadly to capture any electronic messages that encourage participation in a commercial activity. CASL takes a technology-neutral approach and captures all media and forms of electronic messaging. As a result, messages, push notifications and emails sent on behalf of a Beacon enabled app would likely be captured under the definition.
For this reason, it is recommended that retailers:
- Obtain Consent. Ensure you obtain consent to send CEMs and allow customers to opt-in to receive messages, push notifications, or emails. This request for consent can be obtained when the customer registers to use the app.
- Provide recipients with the prescribed information. CEMs must disclose prescribed information that identifies the sender, the sender’s contact information and information about the unsubscribe mechanism.
- Honour opt-out requests promptly. Opt-out requests must be honoured within 10 days.
- Monitor third parties. Ensure that third-party app service providers are knowledgeable about CASL and in compliance with CASL when assisting with and implementing marketing programs and services.
For more on Compliance with CASL, click here.