In a warning that American data brokers need to be careful about selling precise geolocation information of mobile phone users, the U.S. Federal Trade Commission has proposed banning a major company from taking advantage of all the data it can collect.<\/p>\n
Assuming the settlement<\/a> is confirmed, the FTC will forbid Outlogic LLC<\/a> from sharing or selling any sensitive location data. This would settle allegations that the company sold precise location data of mobile users, without their consent, that could be used to track people\u2019s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship, and domestic abuse shelters.<\/p>\n FTC also charged that Virginia-based Outlogic (the firm that acquired the operations of X-Mode Social in 2021, which is where the FTC investigation began) failed to put in place reasonable and appropriate safeguards on the use of such information by third parties.<\/p>\n \u201cGeolocation data can reveal not just where a person lives and whom they spend time with but also, for example, which medical treatments they seek and where they worship. The FTC\u2019s action against X-Mode makes clear that businesses do not have free license to market and sell Americans\u2019 sensitive location data,\u201d said FTC Chair Lina Khan. \u201cBy securing a first-ever ban on the use and sale of sensitive location data, the FTC is continuing its critical work to protect Americans from intrusive data brokers and unchecked corporate surveillance.\u201d<\/p>\n X-Mode collected precise consumer geolocation data from a wide variety of sources, the FTC explained. That included third-party apps with X-Mode\u2019s software development kit (SDK) built in, its own mobile apps, and information it bought from other data brokers and aggregators. The company then compiled consumers\u2019 location data and sold it to hundreds of clients for advertising, brand analytics, and other marketing purposes. According to the\u00a0 FTC complaint, the company also sold the raw data to private government contractors.<\/p>\n The FTC says this was done without consumers\u2019 informed consent and without disclosing all of the purposes for which consumers\u2019 data would be used, practices of unfair or deceptive conduct in violation of the FTC Act.<\/p>\n To settle the case, the company has agreed to make major changes to how it does business going forward, the FTC said. That includes putting substantial limits on sharing certain sensitive location data. The settlement requires the company to develop a comprehensive sensitive location data program to prevent the use and sale of consumers\u2019 sensitive location data. Outlogic also must take steps to prevent clients from associating consumers with locations that provide services to LGBTQ+ individuals or with locations of public gatherings like marches or protests.<\/p>\n In addition, the company must take effective steps to see to it that clients don\u2019t use their location data to determine the identity or location of a specific individual\u2019s home. And even for location data that may not reveal visits to sensitive locations, Outlogic must ensure consumers provide informed consent before it uses that data. Finally, X-Mode\/Outlogic must delete or render non-sensitive the historical data it collected from its own apps or SDK and must tell its customers about the FTC\u2019s requirement that such data should be deleted or rendered non-sensitive.<\/p>\n Outlogic must also give consumers an easy way to withdraw their consent for the collection and use of their location data, to require the deletion of any location data that was previously collected, and to request the identity of any individual and business to whom their personal data has been sold or shared.<\/p>\n Once the proposed settlement is published in the Federal Register, the FTC will accept public comments for 30 days, after which the commission will decide whether to make the proposed consent order final.<\/p>\n In response to the settlement, Outlogic told TechCrunch that it disagrees with the implications of an FTC press release. “After a lengthy investigation, the FTC found no instance of misuse of any data and made no such allegation. Since its inception, X-Mode has imposed strict contractual terms on all data customers prohibiting them from associating its data with sensitive locations such as healthcare facilities. Adherence to the FTC\u2019s newly introduced policy will be ensured by implementing additional technical processes and will not require any significant changes to business or products.\u201d<\/p>\n Meanwhile, the FTC continues with its investigation against data broker Kochava Inc.<\/a> for allegedly acquiring and selling consumers\u2019 sensitive, identifying, and mobile geolocation information without their consent.<\/p>\n The collection and sale of information by data brokers has worried consumers and regulators for years. In Canada, the federal Office of the Privacy Commissioner began an investigation into the practices of six data brokers in 2018.<\/a><\/p>\n Last November, the Irish Council for Civil Liberties warned\u00a0<\/a>extraordinarily sensitive information about key European and U.S. figures and military personnel is being sold to foreign states and non-state actors through online advertising\u2019s Real-Time Bidding (RTB) system.<\/p>\n Also in November, Duke University reported<\/a> that sensitive personal information about active-duty American armed forces members, their families, and veterans is being sold by data brokers for 12 cents a person.<\/p>\n The post American regulator slams data broker for selling mobile location data without consent<\/a> first appeared on IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The Federal Trade Commission says the data could have been used by organizations to track peoples’ visits to doctors or places<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[57,421,58,355,361],"tags":[391,396,275],"class_list":["post-43504","post","type-post","status-publish","format-standard","hentry","category-companies","category-governance","category-government-public-sector","category-legal","category-privacy","tag-di","tag-postmedia","tag-top-story"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=43504"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43504\/revisions"}],"predecessor-version":[{"id":43506,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43504\/revisions\/43506"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=43504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=43504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=43504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}