I have a hard time with the concept that a person should expect “privacy” while they are in public. If you’re standing out on a street corner, or attending a large public event, how can you have the expectation of privacy? If you don’t want people to know where you are or what you’re doing, then stay inside. Amazon will deliver almost anything your heart desires right to your door.

It gets stickier when you get to the store. I’m not operating from a legal basis here, and I’m not a lawyer. But stores, to me, are semi-public spaces. They are places that are owned by a non-governmental entity – the retailer – and opened up to the public. The expectation is that the public will buy things and pay for them, and therefore the retailer will make money. But increasingly even that line is blurred, with retailers providing true public spaces – community meeting rooms, event spaces, etc. Spaces that are explicitly for public use, and not necessarily for selling stuff. Good will spaces. Should a consumer expect “privacy” when they are in a store? When they are using someone else’s space? A public space?

And now to complicate things further, come in-store tracking solutions. I’m a huge proponent of the concept. Retailers have learned a tremendous amount from understanding how consumers shop an eCommerce site. They’ve learned these things by watching customer behavior – what attracts their attention, what do they search for, how long do they dwell on a page, what do they add to the cart, where do they abandon a sale and where do they convert?

Right now, that information can be had for stores as well – up until the last few years, though, it wasn’t easy and it wasn’t cheap. I’ve seen cameras or RFID tags on shopping carts, I’ve seen video cameras embedded in glasses that shoppers wear, and people with video cameras following shoppers around through the store and asking them to talk through how they’re making product decisions. I’ve seen shopper intercepts outside of stores, where interviewers stop shoppers as they exit and interview them. I’ve seen, during times when cameras were neither small nor cheap, entire aisles wired up for video and for sound, all to get a better idea of what consumers are doing when they walk into stores.

Since January of this year, I have talked to at least ten companies that have a newer, faster, much cheaper – and much more reliable – way of understanding customer behavior in stores. Their solutions range from Bluetooth-enabled to Wi-Fi sniffing to passively using the camera on a shopper’s mobile phone to triangulate position based off of subtle light flashes programmed into the retailer’s lighting system. Little boxes that plug into the wall and emit high-pitched sounds beyond the range of human hearing. NFC chips embedded in signs or barcodes that encourage interactivity. All of it is geared towards getting a better understanding of how consumers shop stores.

So why, given that I do believe that if you’re in a retailer’s store they should be able to identify you and act on that information (you’re in their store – how can you have an expectation of privacy there?) – why, given that I strongly believe that understanding customer behavior in stores is going to be the next opportunity that unlocks game-changing value for retailers – why do so many of these solutions give me the creeps?

I have some ideas as to how to answer that question, and they’re worthy of writing about because when it comes to the mix of stores, tracking customers, and privacy, one bad apple could ruin the whole barrel.

Why do customer tracking systems give me the creeps? Well, first, it’s not all of the tracking solutions that creep me out. The ones that I like the least are the ones that sniff out MAC addresses over Wi-Fi. It’s sneaky in an underhanded kind of way, and the most open to abuse. How long did it take from when the story broke about the TSA backscatter devices that took very detailed pictures of people until leaked pictures hit the internet? And that was after the TSA swore up and down that the images were masked, and they weren’t kept in their original form, and on and on and on.

So when solution providers who use this technology as the basis of their store tracking solutions say, “Oh, we don’t keep the MAC address. We mask it right away” – on the one hand, I believe them. I don’t have a specific reason not to. But on the other hand, I’m thinking, “Yeah, right. You don’t keep them now. But how easy would it be to change your mind?”

What it comes down to is, the information being collected is way too detailed and it’s being done without providing enough information back to consumers about what information is being collected, and what the retailer intends to do with it. Yeah, consumers could be proactive and turn off the Wi-Fi radio on their phones. But some of these sniffing technologies use the cell signal – and the only way you can opt out of those is by turning off your phone.

And there’s no opt in. There’s no “Check here that you understand our privacy policy” as you walk in the door. Yes, the information being collected is currently being used for relatively benign purposes – to sell you more stuff – but it would be all too easy to start using that information way beyond “providing relevant messages to the consumer”. And even in a lot of these privacy notices, in-store tracking can easily be buried among the legalese, and put far enough down the page that 99% of consumers have glazed over by the time they reach those parts.

The most elegant solution, I think, is something similar to a Do Not Call list. I know there are industry efforts that are trying to put together a more comprehensive “Do Not Track” mechanism for online, but I don’t believe those efforts go so far as to address in-store. The industry needs one – it needs a mechanism to explain to the consumers who are creeped out and want to know more, what is being collected and what retailers are doing with it – and give consumers the opportunity to opt out. It’s not as good as an opt in, but at least it provides an outlet for the people who don’t want to be tracked, even if it fills their lives with less relevant marketing messages.

Retailers need to be firm with tech vendors about respecting consumers – respecting their privacy, and treating them like people instead of like cookie jars of data just waiting to be raided. And technology vendors need to take a leadership role in addressing privacy concerns, instead of offloading them onto retailers. One TSA-like publicity blow-up, and your business model will be toast. And frankly, if that happens, it will set the industry back considerably by hampering one of the biggest advantages that store-based retailers have: the store!