Starbucks requires email for Wi-Fi now. Can users remove their info? Unclear

The Starbucks account page doesn’t seem to offer a way to
“access, correct, or remove your personal information” as promised in the privacy policy.

Starbucks change in Wi-Fi policy — forcing users to hand over their email address — gave me an excuse to look closer at the firm’s privacy policy, and I found something strange there.  If consumers get cold feet and want to remove the personal information they’ve shared with Starbucks at any time, it’s unclear how to do that.  The firm’s privacy policy says there’s a way to “access, correct, or remove your personal information by visiting www.Starbucks.com/account.”

But best as I can discern, there’s no way to do that on that Starbucks account page.

Starbucks did not answer questions posed about this specific issue.

Confusing matters more, the privacy policy suggests consumers can “remove” information provided specifically during Wi-Fi signup, but it’s unclear how to do that, too.  The policy directs users to a section called “Your Choices:  Promotional Communication Choices.” That section only tells users how to remove themselves from promotional emails, and then offers generic information on settings that let consumers use their own devices to block transmission of personal information such as location, voice communications, and cookies. There is no instruction on how to “remove” information.  Starbucks collects unique hardware identifiers known as “MAC addresses,” for example. There is no instruction on how to remove those. The policy also does not make clear how a consumer could remove name, email address and zip code information.

It is easy for consumers to stop receiving promotional emails. In typical fashion, they simply click on an opt-out link included in Starbucks emails.

When I asked Starbucks about how consumers could remove their information, the firm sent me an email statement to me that echoed its policy:

“We strive to ensure complete transparency to how we collect and use information, as well as how you can remove yourself from those services,” the statement read. “The section you’re referring to (How to Manage Your Account Information), is specific to managing your online account information. To remove the information provided when you voluntarily signed up for our Wi-Fi service, please reference the section titled “Your Choices:  Promotional Communication Choices,” which provides instruction on how to opt out of promotional communication. The terms of our policy provide customers choices in how they choose to share information with us as well as the ability to opt-out or modify what information we access. If customers have any questions about our privacy policy, we encourage them to contact us directly.”

The firm did not reply to follow up questions.

“I think that the Privacy Policy is confusing and misleading. Customers who relied on the promise of removing their personal information may feel deceived by the perpetual storage of their data,” said consumer lawyer and privacy expert Joel Winston. “when you login with your Starbucks account, you cannot remove personal information including name, address, and birthday. You also cannot access any of the location information or voice transmissions your Starbucks mobile app has been sharing.”

Winston said it’s “tricky” for firms to write privacy policies.
“There is no legal requirement for Starbucks to allow you to ‘manage your data’ or ‘correct errors.’ However, if Starbucks Terms of Service or Privacy Policy says you can manage your data and correct errors, but then does not actually have a mechanism to manage data or correct errors…” he said. “That’s what trips up so many companies – promising control to consumers and not delivering.”

It is not unusual for Wi-Fi providers to collect MAC addresses, typically used for network management.  It’s also not unusual for coffee shops, airports, and other locations that offer free Wi-Fi to require users to share their email address.  After all, many consumers clearly feel receipt of occasional marketing emails in exchange for free Wi-Fi is a fair deal.   Starbucks’ timing for the change is probably unlucky, as it comes at a time when Facebook’s privacy headaches are dominating headlines.  In an earlier story, I quoted several users complaining about the change. 

Starbucks’ Wi-Fi requirements are noteworthy because of the size of the company. Some 75 million people visit Starbucks stores each year, but only 15 million are signed up for its rewards program. Earlier this year, executives said they were making the Wi-Fi change in part so they could do a better job marketing to the remaining 60 million.  That’s a lot of data.

Users to who visit Starbucks now and try to connect see a simple signup screen that asks for name, email, and zip code, followed by two links: One to a Starbucks privacy policy, one to a special Google privacy policy for Starbucks Wi-Fi users.  The Starbucks policy comes in PDF form, with links to the firm’s generic policy on its website, last updated in November. The Google policy, updated in February, contains a few additional details, such as the usual disclosure that the firm “may collect information about your usage of This WiFi, such as when and for how long you use the network and the frequency and size of data transfers.”

That policy also makes clear that users are now allowed to change or “spoof” their MAC address in order to evade potential tracking by Starbucks — a suggestion made by some users in response to the Wi-Fi change.

“We will assign you a temporary IP address each time you access This WiFi. You may not program any other IP or MAC address into your device that accesses This WiFi,” the Google policy says.

A separate section of the Starbucks privacy policy makes clear that Starbucks accounts are permanent.

“Upon request we will provide you with information about whether we hold any of your personal information. You may access, correct, or remove your personal information by visiting www.Starbucks.com/Account. As required by law for taxes and other record keeping purposes, we are unable to completely delete an account,” it says.

AlertMe

If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Buy something from my NEW LIBRARY AND E-COMMERCE PAGE, click on an advertisement, or just share the story.


Marriott Hotels

About Bob Sullivan 1219 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


*