FTC bans data brokers on Tuesday external logicformerly known as X-Mode Socialavoid sharing or selling any sensitive location data with third parties.
The ban is part of a settlement over the company’s “sale of precise location data that can be used to track people’s visits to sensitive locations, such as medical and reproductive health clinics, places of religious worship, and domestic abuse shelters.”
The proposed order also requires the destruction of all previously collected location data, unless with consumer consent or ensuring the data has been de-identified or rendered non-sensitive, and to maintain a comprehensive list of sensitive locations and develop a comprehensive privacy plan that establishes how long data will be retained. table to prevent abuse.
The FTC accused X-Mode Social and Outlogic of failing to put in place adequate safeguards to prevent downstream customers from misusing such materials. The development marks the first-ever ban on the use and sale of sensitive location data.
X-Mode, which first attracted attention in 2020 for selling location data to the U.S. military, works by providing precise location data collected from proprietary and third-party apps that incorporate its software development kit ( SDK) into its application. It is also said to obtain location data from other data brokers and aggregators.
After the incident came to light in 2020, both Apple and Google urged app developers to remove the SDK from their apps or face bans from their respective app stores.
“The raw location data sold by X-Mode/Outlogic is associated with mobile advertising IDs, which are unique identifiers associated with each mobile device,” the FTC said. “This raw location data is not anonymous and can be used to identify individuals for consumption. Match users’ mobile devices with the locations they visit.”
The agency further said that until May 2023, the company did not have any policy in place to remove sensitive locations from the location data it sold, which not only put users’ privacy at risk but also exposed them to potential discrimination, physical violence, emotional Distress and other harm.
The FTC also accuses X-Mode of being opaque about which entities will receive data when customers use third-party apps with SDKs, and failing to ensure that these apps seek informed consent from consumers to grant access to their location information in the first place. .
Finally, X-Mode allegedly ignored requests from some Android users to opt out of tracking and personalized ads.
In a statement provided to Reuters, Outlogic said it disagreed with the “meaning” of the FTC’s statement and did not find that it had misused location data.
“I applaud the FTC for taking strong action to hold this shady location data broker accountable for selling Americans’ location data,” U.S. Senator Ron Wyden said in a statement shared with The Hacker News .”
“In 2020, I discovered that the company was selling Americans’ location data to U.S. military customers through defense contractors. While the FTC’s actions are encouraging, the agency should not play the role of data broker whack-a-mole. Congress Tough legislation is needed to protect Americans’ personal information and prevent government agencies from bypassing the courts by buying our data from data brokers.”