And Herold said according to some reports, smartphones may be trackable even when they are turned off.
There are some organized efforts being made to give control over tracking back to mobile device users. The FPF and The Wireless Registry are reportedly working to build what would amount to a "Do Not Call" registry for MAC addresses. It would let device owners visit a web site, enter a MAC address, and be assured that tracking companies that have committed to the project will no longer track them.
But it is not certain how soon that will come into being. While the Post reported on Oct. 22 that the site was, "set to launch within the next few weeks," there is little evidence of that. The Wireless Registry website was, as of this week, nothing more than a page with the name of the company on it. Bradish and co-founder Patrick Parodi could not be reached for comment. A public relations spokeswoman said both were attending a conference.
The FPF also did not respond to multiple requests for comment.
And Chris Calabrese, legislative counsel to the American Civil Liberties Union (ACLU), is dubious about the value of such a registry anyway. He notes that joining the project would be voluntary -- there will be no law requiring that companies refrain from tracking users who sign up. "The danger is that it leads to more tracking rather than keeping you from being tracked," he said.
Another effort is an agreement announced last month between FPF and seven major location analytics companies -- Euclid, iInside, Mexia Interactive, SOLOMO, Radius Networks, Brickstream and Turnstyle Solutions -- to a Code of Conduct that will include, "in-store posted signs that alert shoppers that tracking technology is being used, and instructions for how to opt out."
The standards also limit the use and sharing of the data and how long it is kept. It requires the companies to de-identify the data and says it, "cannot be collected or used in an adverse manner for employment, health care or insurance purposes."
However, noticeably absent from that list of prohibited uses is law enforcement. So the agreement is small comfort to advocates like Higgins. "When a company starts collecting this data, it becomes a very attractive target for law enforcement," he said.
Herold adds that, "historically, new technologies such as this were viewed as privacy-benign -- until something bad happened." She said this is the kind of information that would be very attractive to law enforcement, divorce lawyers and criminals.
"Using the data to improve the retailer environment can be very beneficial. But you cannot ignore all the other possibilities for how that data may be used," she said.
Sign up for CIO Asia eNewsletters.