FTC Bans InMarket for Selling Precise User Location Without Consent

22.01.2024

The U.S. Federal Trade Commission (FTC) has taken further steps to restrict data brokers, announcing a settlement with InMarket Media that prohibits the company from selling or licensing precise location data. The settlement stems from allegations against the Texas-based firm, accusing it of using consumers’ location information for advertising and marketing without proper notification or consent.

As part of the settlement, InMarket is barred from selling, licensing, transferring, or sharing any product or service that categorizes or targets consumers based on sensitive location data. The company is also mandated to delete all previously collected location data with user consent and establish a mechanism for consumers to withdraw consent and request the deletion of their information.

This development follows a similar ban imposed on Outlogic (formerly X-Mode Social) a week prior, which faced accusations of selling location information that could be used to track users’ visits to sensitive locations such as medical facilities and domestic abuse shelters.

InMarket, like Outlogic, collects location data from its proprietary apps like CheckPoints and ListEase, as well as more than 300 third-party applications using its software development kit (SDK). The FTC complaint reveals that the company’s SDK obtains precise latitude, longitude, timestamp, and unique device identifier from users who grant access, transmitting the data to InMarket’s servers. This information is then used to categorize consumers into nearly 2,000 segments based on their visited locations, allowing tailored ads on apps featuring the SDK.

Despite claims of providing accurate and permission-based location data, InMarket allegedly failed to ensure that third-party apps embedding its SDK obtained users’ express consent. Additionally, the company’s five-year data retention policy was criticized as unnecessary and risky for customer data misuse.

To address these issues, InMarket is required to establish a sensitive location data program preventing the use, sale, or sharing of products or services targeting consumers based on sensitive location data. This development aligns with a recent joint study by Consumer Reports and The Markup, revealing that Meta-owned Facebook obtains user data from thousands of companies, highlighting the widespread data-sharing practices in the industry.