Bluetooth beacons can be a powerful tool for customer engagement. The 2015 holiday season saw retailers experimenting with this kind of proximity marketing, and 2016 is looking like it will see the large-scale deployment of Bluetooth beacons.

You can utilize beacons to understand how consumers interact with your store environment and also to enable hyper local targeted advertising to your customers. However, in order to protect your business and your customers you need to understand how Bluetooth beacons work, what data will be collected, who will have access to that data and how the data can be used.

Bluetooth Beacon Basics

Bluetooth beacons are hockey puck-sized devices that use Bluetooth Low Energy (BLE) radios to detect other nearby BLE devices, such as your smartphone. The beacon sends a unique user ID (UUID) to the detected device. This ping can be used to trigger notifications and geo-targeted mobile advertisements. The beacon itself does not collect data, but the application that is triggered does and may provide data to the beacon provider.

For example, a consumer could walk into a department store with a Bluetooth-enabled smartphone, and as the consumer moves through a sweater display, he or she receives a coupon via an app on the smartphone for a free sweater with the purchase of a sweater. The app pushing the advertisement could be either the retailer’s app or a third party app, such as a game app or weather app.

The diagram below shows how the Bluetooth beacon interacts with the app and which parties receive the resulting data. The beacon provider generally gives app developers a software development kit (SDK), which enables the app to be triggered by the beacons. Once the app is triggered, it may push an ad to the consumer (like the sweater coupon) and then use a web application programming interface (API) to communicate information to the beacon provider, such as the device ID and time and location information. Of course, the owner of the app is also able to collect and store this information, as well as other information, about the consumer and the consumer’s activities.

You may have noticed that one key entity is left out of the diagram above—the retailer. Although the retailer is providing the physical retail location and the consumer, it will not be receiving any data from the beacon provider or the app provider, unless the retailer also provides the mobile application. Any retailer contemplating installing beacons in its retail locations needs to consider the fact that it may be providing valuable data about its customers to third parties, which raises several issues necessary to address.

Privacy

In the drawing above, it should be clear that data is being collected about the consumer by the mobile app. If this is the retailer’s mobile application, then the retailer can ensure that its privacy policy discloses the collection and use of consumer data.

However, if beacons will trigger notifications and offers in third-party applications, then it will be up to the mobile app provider to disclose that information to consumers in its privacy policy. The only mechanism the retailer has to influence that policy is through its contract with the beacon provider. As a condition of permitting beacons to be installed in its locations, the retailer may want to consider requiring that any triggered mobile applications include specific terms in their privacy policies. The retailer may also want to consider specifying which mobile apps can be triggered by the beacon.

Potential Competitive Issues

As third-party apps may be triggered by a beacon, retailers need to consider the possibility of mobile apps targeting its customers to provide ads for competing retailers. Per the diagram above, unless the retailer is able to impose obligations on the beacon provider, and require the beacon provider to pass those down to third-party app providers, the retailer has no control over what ads are pushed by third- party apps once they are triggered by the beacon. For example, a customer in a department store could receive an ad for another department store’s sweater sale when the customer’s third-party mobile app is triggered by the department store’s beacon. This retailer may also want to consider specifying what types of advertisements are permitted to be displayed in its contract with the beacon provider.

Customer Data Also Collected Outside Retailer’s Locations

It is important to understand that the beacon providers are not simply providing beacons for a single retailer. Beacons are being installed in retail locations, movie theaters, restaurants, airports, etc. While the mobile app providers are collecting data about consumers at all of these locations, in at least some cases, the beacon vendors are also creating and maintaining consumer profiles based upon device ID that contain information collected from all of the mobile apps that use its SDK. These very detailed profiles contain significant information about the retailer’s customers, and although they are technically anonymous, many of the mobile applications will be able to identify the consumer.

Retailers should consider whether they want the mobile application providers and beacon providers to have detailed profiles of their customers. Using such profile information, the mobile app providers and beacon providers can identify which are the retailer’s best customers. Even if there are competitive restrictions on use of the data during the contract term, it is likely that such data will be available to use without restriction after the retailer’s contract terminates.

Prepare Agreement to Address These Concerns

In certain cases, some beacon vendors are not up front about what data is being collected or how it will be used. They do not explain their ability to push competing ads or that they are creating consumer profiles for analytics purposes. Retailers should work to address these issues in the contract with the beacon provider. A point of leverage is that the retailer’s customers are valuable to the advertiser, and the beacon is only valuable to the advertiser if the retailer allows it to be in its stores. If a vendor is unable to satisfy the retailer’s concerns, the retailer should consider an alternative vendor or a shorter, limited pilot agreement to give both parties a better understanding of what the other party is expecting to gain from the agreement. 

© 2016 Perkins Coie LLP