As of December 31, 2024, the Future of Privacy Forum will retire and no longer support the Smart Places Self-Regulatory Program, including the MAC Address Opt-Out previously hosted at www.smart-places.org. Read on to learn more about the history and the future of this initiative.
Brief History of Smart Places
The Smart Places Opt-Out and Code of Conduct (2013-2024) was a self-regulatory initiative administered by the Future of Privacy Forum that helped establish privacy standards for Mobile Location Analytics (MLA) technology. Through this program, participating venues and analytics companies committed to responsible data collection practices when tracking consumer movement patterns through WiFi and Bluetooth MAC addresses in physical spaces like stores, hotels, and airports.
Under the program’s 2013 Code of Conduct (updated in 2018), participating companies agreed to provide clear privacy notices, promptly de-identify collected MAC addresses, limit data retention, and honor consumer opt-out preferences submitted through a centralized opt-out system at smart-places.org. The program was designed to enable businesses to gather insights about customer traffic patterns and operational efficiency while respecting consumer privacy through transparency and choice.
After ten years, the Future of Privacy Forum is retiring this program in response to the changing technological and policy landscape regarding consumer MAC addresses.
What this Means for Participating Companies
Participating companies have been asked to update any internal or external policies that reference the smart-places.org opt-out mechanism, since it is no longer supported. We have also recommended that companies continue honoring existing opt-out signals for devices that were opted out between 2013-present, to the extent it is technically feasible, and that they take any other necessary technical steps, including deleting personal information where appropriate.
Although FPF is no longer supporting the Opt Out mechanism, participating companies remain committed to their own public statements regarding data privacy, and we invite them to continue to honor or exceed the privacy protections embodied in the 2013 Code of Conduct.
We have also asked our partners at PRIVO, the company that currently owns the technical infrastructure behind the Opt-Out, to delete any existing personal information related to devices that were opted out between 2013 and present. Read on to learn more about PRIVO.
What this Means for Individuals
For individuals who opted out by submitting any MAC address(es) for consumer device(s) between 2013 and present, we have requested that participating companies continue to honor those opt-out preferences to the extent it is technically feasible. Notably, the technological landscape with respect to MAC addresses has evolved in the last 10 years. For example, most leading consumer devices now randomize public-facing MAC addresses and other WiFi and Bluetooth signals. As a result, much of the previously opted-out information, particularly from older devices, may no longer be relatable to an identifiable person.
What’s Ahead: About PRIVO
In response to growing consumer demand for privacy, along with a tsunami of new youth associated privacy regulations, the minors’ privacy company PRIVO purchased the intellectual property for this initiative from FPF’s original vendor in 2023, and will be including it as an element of a timely, expanded program. The goal is to empower parents to take more control of their minor children’s data, while helping companies mitigate risks by leveraging a parent-authorized data protection service. PRIVO will be sharing more about the introduction of their new initiative, PRIVO PROTECT™ in coming months, and can be reached at [email protected].