Outlogic, formerly known as X-Mode Social, just became the first US-based data broker banned from selling precise location data of American citizens by the Federal Trade Commission.
The federal agency said in a press release that the sharing and selling of such data violated consumers’ right to privacy. It’s the FTC’s first such settlement with a data broker concerning the collection and sale of sensitive location information.
The commission that Outlogic sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship, and domestic abuse shelters.
And because the firm, according to the FTC, has failed to put in place “reasonable and appropriate safeguards” on the use of such information by third parties, this data could be used to expose people to potential discrimination, physical violence, emotional distress, and other harms.
Users uninformed and exposed
“Geolocation data can reveal not just where a person lives and whom they spend time with but also, for example, which medical treatments they seek and where they worship. The FTC’s action against X-Mode makes clear that businesses do not have a free license to market and sell Americans’ sensitive location data,” said FTC Chair Lina M. Khan.
“By securing a first-ever ban on the use and sale of sensitive location data, the FTC is continuing its critical work to protect Americans from intrusive data brokers and unchecked corporate surveillance.”
For at least one of its contracts, the FTC said that Outlogic sold information about consumers who had visited specific medical facilities and pharmacies within a certain region of Columbus, Ohio. An unnamed private clinical research company bought the data.
The raw location data that X-Mode/Outlogic has sold is associated with mobile advertising IDs, which are unique identifiers associated with each mobile device.
"The FTC’s action against X-Mode makes clear that businesses do not have a free license to market and sell Americans’ sensitive location data,"
FTC Chair Linda M. Khan.
This raw location data is not anonymized and is capable of matching an individual consumer’s mobile device with the locations they visited. In fact, some companies offer services that help companies match such data to individual consumers, the FTC said.
Crucially, Outlogic failed to ensure that users of its own apps, Drunk Mode and Walk Against Humanity, were fully informed about how their location data would be used.
“The company also failed to employ the necessary technical safeguards and oversight to ensure that it honored requests by some Android users to opt out of tracking and personalized ads,” the complaint also said.
Congress urged to act
Under the settlement, Outlogic is required to delete or destroy all location data it unlawfully collected from mobile apps and any products produced from it – unless, of course, the broker desensitizes the data or obtains consent from consumers to keep it.
This is the first such ban the FTC has ever produced regarding the misuse of individual users’ geolocation data. Experts and some lawmakers think more needs to be done, though.
Oregon Senator Ron Wyden was the first to discover back in September 2020 that Outlogic, then named X-Mode Social, had sold location data to US military contractors. Google and Apple soon banned the broker’s tracking software from their app stores.
Wyden now commends the FTC for taking tough action to hold the data broker responsible for selling sensitive location data of American citizens. He now wants additional action from lawmakers.
“While the FTC's action is encouraging, the agency should not have to play data broker whack-a-mole. Congress needs to pass tough privacy legislation to protect Americans' personal information and prevent government agencies from going around the courts by buying our data from data brokers,” said Wyden in a statement.
It’s also risky because data brokers can suffer data breaches. And since data brokers sit on a treasure trove of personal data, including demographic details, court and criminal records, and Social Security numbers, information about millions of people can be exposed.
However, the fact that Congress hasn’t acted yet serves as an argument for the critics of the FTC, who say the agency is overreaching. Some even say the FTC has no legal standing until Congress specifically outlaws the sale of private user data without explicit consent from said user.
Your email address will not be published. Required fields are markedmarked