With the rapid development of technology, customer flow analysis has been widely applied in the retail and service industries as an important tool to optimize operations. Customer flow analysis refers to businesses using devices such as cameras to collect customer entry behavior data and using data modeling to determine customer movement paths, staying areas, etc., to optimize store layouts and improve sales efficiency. For example, by identifying high-frequency customer staying areas, businesses can prioritize displaying key products, thereby enhancing user conversion rates. However, customer flow analysis often involves collecting data related to customers, such as facial images and movement trajectories, some of which even constitute sensitive information, raising concerns among customers about personal privacy and security. This article aims to elaborate on the legal nature and main risks of data involved in customer flow analysis from a legal compliance perspective, with a view to providing actionable compliance operation references for businesses in retail and service scenarios.
During customer flow analysis, stores collect information such as customers’ gender, age, facial images, and activity trajectories through devices. Most of this information falls under personal information in a legal sense, while some constitutes sensitive personal information, subject to stricter compliance restrictions.
Article 4 of the Personal Information Protection Law stipulates that personal information refers to various information recorded electronically or otherwise that is related to identified or identifiable natural persons, excluding information that has been anonymized. GB/T 35273-2020 Technical Specification for Information Security—Personal Information Security (“Security Specification”) further lists common types of personal information, such as name, date of birth, ID card number, and personal biometric information.
Article 28 of the Personal Information Protection Law states that sensitive personal information refers to personal information that, if leaked or used illegally, could easily infringe upon a natural person’s personal dignity or endanger their personal or property safety, including biometric information, religious beliefs, specific identities, medical health, financial accounts, movement trajectories, and information of minors under 14 years old. The Security Specification explicitly states in its appendix that facial recognition features belong to sensitive personal information.
Combining legal provisions with the classifications in the Security Specification, the information collected by stores in customer flow analysis has the following legal attributes:
(1) Facial images: Generally classified as “sensitive personal information,” regardless of whether they are directly linked to identities (such as names), as they still fall under “information related to identified or identifiable natural persons” and “can identify specific natural persons alone or in combination with other information.”
(2) Gender, age, race: Generally classified as “general personal information.”
(3) Entry routes and preferred areas: The Security Specification lists “movement trajectories,” “web browsing records,” and “precise location information” as sensitive personal information. Collected customer entry routes and preferred areas share similarities and overlaps with the above concepts, carrying the risk of being classified as “sensitive personal information.”
When using customer flow analysis technologies, store enterprises, as personal information processors, must strictly comply with laws and regulations such as the Personal Information Protection Law, particularly when processing sensitive personal information (e.g., facial images).
Under the Personal Information Protection Law, stores must fulfill the basic procedures of “prior notification + obtaining consent” before processing personal information, especially when collecting sensitive information, where “separate consent” must be obtained. Unlike APP software, offline stores often lack natural interaction mechanisms, requiring more obvious ways to remind customers and obtain consent, such as: setting warning signs (e.g., voice prompts, warning lines) to inform customers of identification device usage in specific areas; placing written instructions at the entrances of areas covered by identification devices to clarify the purpose, method, and duration of processing; and obtaining customer consent in writing.
Customer flow analysis is often accompanied by building group user profiles of customers, focusing on the commonalities of customer groups in specific application scenarios to form role descriptions, such as “post-00s,” “adult males,” “white-collar workers,” and “freelancers.” When generating user profiles, businesses should note that the Security Specification explicitly prohibits including obscene, violent, or racially discriminatory information in profile content, as well as information that endangers national security, public order, or infringes on the legitimate rights and interests of others.
In addition to the above requirements, businesses as personal information processors must also comply with other obligations stipulated in the Personal Information Protection Law, such as data storage, security safeguards, and not using data beyond the scope of the collection purpose.
On March 21, 2025, the Cyberspace Administration of China issued the Security Management Measures for the Application of Facial Recognition Technology (“Management Measures”), which came into effect on June 1 of the same year. This is China’s first regulation specifically targeting facial recognition technology and applies to data processing activities using facial recognition technology to identify individual identities within the country. According to Article 2 of the Management Measures, the application of facial recognition technology only occurs when the purpose of processing facial information is “identity recognition.”
We tend to believe that if businesses collect facial information solely for data statistics and behavioural analysis without targeting specific individuals, the Management Measures’ special provisions do not apply. Therefore, the act of obtaining group profiles through customer flow analysis in stores generally does not qualify as facial recognition. However, once a business’s analysis involves identity recognition, verification, or comparison functions, it should be deemed “facial recognition” and must comply with the specific obligations under the Management Measures, including but not limited to the obligation to file with the cyber security authorities at or above the provincial level where the business is located when the number of stored facial information records reaches 100,000.
Against the backdrop of increasingly common digital and artificial intelligence scenarios, physical stores must take personal information protection as a core business principle when using customer data to optimize operations and services. Enterprises must strictly adhere to regulatory requirements, establish a full-lifecycle compliance management system covering data, especially protection mechanisms for special categories of information such as biometric data. Data application and compliance management are not opposing but rather symbiotic in achieving commercial value and social responsibility—by building a transparent data governance framework, businesses can accurately understand consumer needs to drive service upgrades while consolidating the foundation of brand credibility. In a market environment with growing consumer awareness of rights protection, transforming compliance advantages into sustainable competitive barriers can ultimately achieve a dynamic balance between commercial benefits and legal responsibilities.
I.Introduction With the rapid development of technology, customer flow analysis has been widely applied in the retail and service industries as an important tool to optimize operations. Customer flow analysis refers to businesses using devices such as cameras to collect customer entry behavior data and using data modeling to determine customer movement paths, staying areas,
Introduction In the wake of the United States’ recent tariff announcements, markets across the globe are adjusting to a renewed phase of economic uncertainty. Although a 90-day suspension of these measures was announced on April 9th, the underlying threat of their enforcement remains. The proposed tariff framework includes a 10% flat rate, with the potential
The Yangtze River Delta region (hereinafter referred to as the “Delta Region”) continues to stand at the forefront of China’s high-quality economic development and remains a crucial destination for foreign investment. Comprising the municipalities and provinces of Shanghai, Jiangsu, Zhejiang, and Anhui, the Delta Region plays a strategic role in China’s national development. As of
