The sky seems like the limit when a business plans its mobile presence. Customers are increasingly using mobile devices to first access a retailer website and most likely make a purchase. Analytics, when applied correctly, can provide new insights for personalized offers and customer engagement. But to avoid storm clouds, retailers should conduct due diligence on how their analytic tracking could inadvertently breech privacy laws.
First generation mobile devices made such an avoidance easy. They were not designed to use cookies -- text files placed on a user's computer to recognize browser activity. Because cookie use is at the heart of many privacy issues, smartphones were initially exempt.
However, smartphones today have technological features that rival laptops, with browsers that use cookies. Smartphone users expect that their mobile experience will match that of a PC in terms of privacy maintenance. As a consequence, retailers must be as clear with analytics opt-ins for mobile devices as they are for a standard computer.
Analytic inconsistency, however, challenges that retailer objective. Measurement across varied mobile operating systems can overlook capability differences, giving a false indicator of which privacy measures would best match the typical mobile-base site visitor arrival.
Web analytic solutions can usually capture metrics from smartphones that support Javascript and cookies, but data from older, non-Javascript supported phones can be disregarded. This means a customer segment that does not carry the latest phones can be overlooked for privacy plans that are typically forward-thinking in strategy.
Another challenge is a compromised visitor experience, even before a privacy measure is applied. A Georgia Tech study, which was cited by TechJournal.org, noted that many browsers do not display secure socket layer (SSL) indicators or even https in a URL. This omission can leave users susceptible to revealing cookies and passwords to a copycat site instead of a legitimate destination. Thus, a comprehensive understanding of a visitor's experience is critical to preventing phishing attempts.
Finally, geographic regulations complicate compliance further. Depending on the location of the host server, a website must reveal its cookie usage and analytics intention. The EU Act, for example, requires European-based website hosts to provide site visitors opt-in choices before collecting and processing personal identifiable data in cookie-based measurement solutions.
Germany presents a more detailed compliance issue. It requires website owners to provide an opt-out for IP address collection. But many mobile phones use varying IPs that are not related to the phone itself -- some are gateways to providers, while networks even share IP access. Marketers can become uncertain if an identified IP is revealing a person or a system, and if a compliance breech is occurring:
Best practices to minimize risks
All these factors mean that retailers can have varied mobile customer privacy risks. To minimize breeches, retailers can enact the following practices for customer data safety:
Retail marketers can run a trial mobile campaign and see where potential difficulties can occur. A consideration of how visitors navigate through their mobile devices will ultimately give an opportunity for a secure online experience.
(This is an updated version of my original post for Digital Canvas Retail, posted Feb 2013)