[sbarre]

> If you went into a retail store and an employee followed you around the whole time with a notebook and stopwatch writing down everywhere you walked and every product you looked at

I hate to break it to you, but retail companies are doing this today using security camera footage, to figure out what parts of the store customers start at, or spend the most time in..

[prirun]

They're also doing it with Bluetooth beacons / pings, explaining why every store has an app they want you to install:

https://www.nytimes.com/interactive/2019/06/14/opinion/bluet...

[PeterisP]

This is one of key applications of GDPR in Europe - the fact that you can collect data for one purpose (e.g. security cameras) does not necessarily imply that you're permitted to use the same data for any other purpose (e.g. marketing analysis of customer movements).

For the former purpose, it would generally be sufficient to inform visitors with a sign on the entrance with legitimate interest clause; for the latter example IMHO the only practical compliant solution would require anonymization of the data, so you could make and store density data iff you don't have any way to tie them back to customer identities including the purchases they made, which is a key difference from the facebook example, which (as far as I understand) uses unique IDs to link the conversions to specific FB accounts.