The US Federal Trade Commission has continued its crackdown on data brokers with a settlement that prohibits data aggregator InMarket from selling precise location data to consumers.
Texas-based InMarket, which debuted as CheckPoints at TechCrunch Disrupt 2010, provides a marketing platform that collects sensitive consumer data — including location data, purchase history, and demographic information — that brands and advertising agencies use to facilitate targeted advertising on mobile devices. Based on the data InMarket collects, brands can target shoppers who are likely to be low-income millennials or Christian churchgoers. According to the Federal Trade Commission.
in it Proposed system On Thursday, the Federal Trade Commission (FTC) charged InMarket with failing to obtain users’ consent before using their location data for marketing and advertising purposes. The FTC alleges that InMarket failed to obtain consent from users of its own apps — shopping list app ListEase and shopping rewards app CheckPoints — which the regulator said used claims that contained “misleading half-truths” and did not inform consumers of the apps’ data collection. and usage practices.
The federal regulator also alleges that InMarket “does little” to verify that users of third-party apps that include InMarket’s tracking code (also known as a software development kit, or SDK) are notified that their location data will be used for targeted ads.
The FTC said an unnamed photo-editing app, which includes InMarket’s SDK, requested location permission with a text message indicating the data would be used to offer rewards and discounts, according to the FTC complaint.
“The consumer would never know that by granting location permission to a photo-editing app, they had effectively set off a data collection cascade that enabled InMarket, a third party you’ve likely never heard of, to collect a mountain of sensitive data,” the FTC said. About her without her knowledge
According to the FTC, InMarket’s own apps have been downloaded on more than 30 million unique devices since 2017, while InMarket’s SDK has been integrated into more than 300 apps downloaded on more than 390 devices.
The FTC also says the company’s policy of retaining geolocation data for five years was “unnecessary” to carry out the purposes for which it was collected, and “increased the risk that this sensitive data would be disclosed, misused, and linked back to the network.” consumer.”
Under the terms of the settlement, InMarket will be prohibited from selling, licensing or sharing any product that targets phone owners based on sensitive location data. InMarket will also be required to destroy all location data it has previously collected — and any products created from that data — unless the company obtains consumer consent, notifies consumers whose location data has been collected through its apps about the action taken by the FTC and provides users with A way to opt out of any data collection.
In a statement provided to TechCrunch, Jason Knapp, chief legal officer and chief privacy officer at InMarket, said: “While we fundamentally disagree with the FTC’s allegations, we are pleased to reaffirm the steps InMarket is taking to strengthen our policies around data disclosure and use.”
“As a marketing solutions company, we have no interest in selling consumer location data, and we have emphasized that we will not do so,” Knapp added. “In addition, InMarket is expanding existing sensitive site protections for consumers to provide a model for the industry, and we are working closely with our SDK partners to ensure clear notification and consent processes.”
The announcement comes a week after the FTC announced a separate agreement barring data broker X-Mode, now known as Outlogic, from sharing and selling users’ sensitive information to others. The order marked the first time the regulator had struck a deal to prevent a company from selling sensitive location data.