Mobile advertising company InMobi, whose advertising network reaches more than one billion devices worldwide through thousands of apps, has settled with the Federal Trade Commission over charges that it “deceptively tracked” the locations of hundreds of millions of consumers without their knowledge or consent, in a deal announced June 22. Central to the case is an alleged Children’s Online Privacy Protection Act, or COPPA, violation, resulting in $950,000 in civil penalties and required implementation of a comprehensive privacy program.
What’s the Issue?
In their complaint, the FTC alleged that Singapore-based InMobi misled users regarding the collection of their location information and undermined their ability to control their privacy preferences. Using local Wi-Fi signals to infer a user’s location, InMobi allegedly tracked and delivered geo-targeted advertising to their consumers even when a user had explicitly denied such permissions.
“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection in a statement.
With a significant amount of these InMobi-integrated apps clearly targeted towards children, the FTC complaint included a major focus on protecting the privacy of young users. The FTC alleged that the data collection and use stemming from these child-directed apps constituted a violation of COPPA. As part of the settlement, which originally had a $4 million price tag that was later adjusted for the company’s financial status, InMobi will delete all information it collected from children as well as data it collected from adults who did not consent. In addition, the advertising company’s privacy program will be independently audited every two years for the next twenty years as part of the FTC’s terms.
What’s the Takeaway?
As we discussed in our recent coverage of the FTC and FCC privacy cases against AT&T, Cablevision, and Comcast, regulators in the US and abroad have taken a unique interest in the privacy arena. InMobi’s settlement follows a string of recent children’s privacy-focused regulatory activities, including FTC COPPA-related investigations, a new Colorado student data law, and a Philadelphia class action lawsuit, that are digging into issues such as consent, monitoring, data collection, and data use in apps and online. As regulators continue to examine new aspects of the digital ad age, privacy professionals should regularly review company privacy programs and vet developing technologies. The FTC’s allegations against InMobi appear to have arisen from the company’s activities in 2015, which indicates a quick turnaround on FTC’s investigations and settlement activities. The FTC has consistently focused on consumer choice, which highlights the importance of providing at least an opt-out mechanism and honoring these choices.
Before launching any app or new technology, make sure you have a meeting with the developers, the CPO, the CISO and CMO. Each of these individuals will play a role in the data collection, use, and maintenance. This will also be the first step in ensuring compliance with the applicable laws and regulations, to ensure that notice and consent are appropriate and practical.
Arent Fox’s Cybersecurity & Data Protection group monitors developments in the data privacy field. For more information, please do not hesitate to contact Sarah L. Bruno, Eva J. Pulliam, or Lourdes M. Turrecha.