InfoBytes Blog
FTC alleges data broker company mishandled consumer location data
On January 9, the FTC released a proposed order and complaint against a data broker that sells consumer location data to companies. According to the complaint, which alleges seven violations of the FTC Act, the data broker company had no policies or procedures in place to remove any of the raw data from the location data sets that it sold, which could be used to identify sensitive personal information. The FTC alleges that because of this, the data broker company failed to provide “necessary technical safeguards” to ensure that consumers’ privacy choices were honored. The FTC also alleges that the data broker’s contracts with entities to purchase the data were “insufficient to protect consumers from the substantial injury caused by the collection, transfer, and use of the consumers’ location data” as they visit sensitive locations, such as churches, healthcare facilities, and schools.
The data broker company collected 10 billion location data points daily worldwide throughout its apps, but it failed to inform its consumers that it sold this data to advertisers, employers, or government contractors. The FTC further alleges that the data broker’s business practices are likely to cause substantial injury to consumers due to its lack of reasonable data security measures.
According to the proposed order, the company must comply with FTC mandates that include requiring it to prohibit misrepresentations using the data, prohibit the use, sale, or disclosure of sensitive location data, and implement a sensitive location data program. The data broker neither admits nor denies any wrongdoing and the FTC did not levy a money judgment.