The U.S. Federal Trade Commission (FTC) continues its crackdown on data brokers, banning InMarket Media from selling or licensing precise location data.
The settlement is part of charges that the Texas-based company failed to notify consumers or obtain their consent before using their location information for advertising and marketing purposes.
“InMarket will also be prohibited from selling, licensing, transferring or sharing any products or services that classify or target consumers based on sensitive location data,” the FTC said last week.
Additionally, it was ordered to destroy all location data previously collected with user consent and to provide consumers with a mechanism to withdraw consent and request deletion of previously collected information.
The development makes InMarket the second data aggregator to face a ban in weeks, following Outlogic (formerly X-Mode Social), which faces accusations of selling location information that could be used to track users’ concerns about medical and reproductive health Visits to clinics, places of religious worship and domestic violence shelters.
Like Outlogic, InMarket is said to obtain location information from its own proprietary applications such as CheckPoints and ListEase, as well as from more than 300 other third-party applications included in its software development kit (SDK). Since 2017, these apps have been downloaded to more than 420 million devices.
“If the user allows access, the InMarket SDK receives the device’s precise latitude and longitude as well as a timestamp and unique mobile device identifier on the frequency provided by the mobile device’s operating system — almost never when the device is idle, and every other time when the device is actively moving. seconds – and transfer it directly to [InMarket’s] server,” the FTC complaint reads.
This historical data is then used to segment consumers into nearly 2,000 segments based on location visited and deliver customized ads on apps that include the SDK. It also offers a product that can push ads to consumers based on their current whereabouts, such as drug-related ads when a person is within 200 meters of a pharmacy.
The company was previously exposed by The Markup in September 2021, claiming to provide its “customers with the most accurate, precise, permission-based, SDK-sourced location data available today.”
The FTC further said that InMarket took few steps to ensure that third-party apps embedded in the company’s SDK had obtained explicit consent from users, noting that it failed to notify third-party apps that location data provided through its SDK would be combined with other data. Essentials of building consumer profiles.
To make matters worse, the company’s five-year data retention policy is described as “non-necessary to achieve the purposes for which the data was collected” and puts customers at risk due to other types of misuse of the information.
As a mitigation measure, InMarket “will be required to create a sensitive location data program that prevents the company from using, selling, licensing, transferring, or otherwise sharing any products or services that classify or target consumers based on sensitive location data.”
A joint study published by Consumer Reports and The Markup found that Meta-owned Facebook harvested individual user data from thousands of companies.
On average, the company received data from 709 volunteers from 2,230 different companies, with some from more than 7,000 companies. A total of 186,892 companies shared participant data.
One participant’s information, drawn from nearly 48,000 different companies, indicated “unusual app usage habits” or might be an attractive candidate for micro-targeted advertising.
“The company that shared the most participant data was data broker LiveRamp, which shared data on 679 (about 96%) of the study participants,” the study said. “Of the approximately 186,000 companies that appear in our data, a large A portion appear to be small retailers or non-national brands (or not identifiable by name).”
