FTC Takes Action Against InMarket for Unauthorized Sale of Precise User Location Data

inmarket precise location sold

The U.S. Federal Trade Commission (FTC) is intensifying its efforts to regulate data brokers, with its latest move being the prohibition of InMarket Media from selling or licensing precise location data without obtaining proper consent from consumers. The settlement follows allegations against the Texas-based company for not adequately informing or seeking permission from individuals before utilizing their location information for advertising and marketing purposes.

As part of the settlement terms, InMarket is now barred from selling, licensing, transferring, or sharing any product or service that categorizes or targets consumers based on sensitive location data. The FTC’s decision also mandates the company to delete all previously collected location data with users’ consent. Furthermore, InMarket is required to establish a mechanism allowing consumers to withdraw their consent and request the deletion of their previously collected information.

InMarket becomes the second data aggregator to face such regulatory action in recent weeks, with Outlogic (formerly X-Mode Social) also being banned for accusations of selling location information that could be exploited to track users’ visits to sensitive locations like medical and reproductive health clinics, places of religious worship, and domestic abuse shelters.

Similar to Outlogic, InMarket is implicated in harvesting location data from its proprietary apps, including CheckPoints and ListEase, as well as over 300 third-party applications that incorporate its software development kit (SDK). These apps have been downloaded onto more than 420 million unique devices since 2017.

The FTC complaint reveals that InMarket’s SDK, when granted access by users, collects precise latitude and longitude, timestamp, and a unique mobile device identifier. This information is transmitted to InMarket’s servers, allowing the company to create historical data profiles for users. InMarket then categorizes consumers into nearly 2,000 segments based on their visited locations, delivering tailored ads through apps featuring the SDK. The company’s services even extend to pushing location-based ads, such as promoting medicines to users within proximity to a pharmacy.

Despite claiming to provide accurate and precise, permission-based, SDK-derived location data, InMarket allegedly fell short in ensuring that third-party apps embedding its SDK obtained express consent from users. The company failed to notify these apps that location data, when provided through its SDK, would be combined with other data points to create consumer profiles.

The FTC also criticized InMarket’s five-year data retention policy, deeming it unnecessary for the purposes it was collected and posing a risk to customers by exposing their information to potential misuse.

To address these concerns, InMarket is now compelled to establish a sensitive location data program to prevent the company from using, selling, licensing, transferring, or sharing any products or services that categorize or target consumers based on sensitive location data.

This development coincides with a joint study by Consumer Reports and The Markup, revealing that Meta-owned Facebook obtains data on individual users from thousands of companies. The study found that, on average, Facebook received data from 2,230 different companies for each of the 709 volunteers, with some individuals having their data shared by an astonishing 186,892 companies.

One standout participant had their information sourced from nearly 48,000 different companies, raising questions about unusual app usage habits or potential suitability for microtargeted advertising. LiveRamp, a data broker, emerged as the company that shared data on the largest number of participants in the study.

The study’s findings highlight the extensive data-sharing practices prevalent in the digital landscape and underscore the need for increased scrutiny and regulation to safeguard user privacy. As authorities like the FTC take action against data brokers like InMarket, the focus on protecting consumer data and ensuring transparent practices in the industry becomes more crucial than ever.

1 thought on “FTC Takes Action Against InMarket for Unauthorized Sale of Precise User Location Data”

  1. Pingback: Apple: Update Required to Patch Zero-Day Vulnerability

Comments are closed.

Scroll to Top