Phone app location data brokers are a growing menace to our privacy and safety.
Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder, from advertisers to police.
The FTC's complaint illustrates the dangers created by this industry.
The company collects our location data through software development kits incorporated into third-party apps, through the company's own apps, and through buying data from other brokers.
The complaint alleged that the company then sells this raw location data, which can easily be correlated to specific individuals.
The company's customers include marketers and government contractors.
The FTC's proposed order contains a strong set of rules to protect the public from this company.
X-Mode cannot collect, use, maintain, or disclose a person's location data absent their opt-in consent.
This includes location data the company collected in the past.
X-Mode must adopt policies and technical measures to prevent recipients of its data from using it to locate a political demonstration, an LGBTQ+ institution, or a person's home.
X-Mode must, on request of a person, delete their location data, and inform them of every entity that received their location data.
To implement this rule, the company must develop a comprehensive list of sensitive locations.
X-Mode can use sensitive location data if it has a direct relationship with a person related to that data, the person provides opt-in consent, and the company uses the data to provide a service the person directly requested.
The explosion of business models that monetize people's personal information has resulted in routine trafficking and marketing of Americans' location data.
As the FTC has stated, openly selling a person's location data the highest bidder can expose people to harassment, stigma, discrimination, or even physical violence.
X-Mode has disputed the implications of the FTC's statements regarding the settlement, and asserted that the FTC did not find an instance of data misuse.
The FTC's enforcement action against X-Mode sends a strong signal that other location data brokers should take a hard look at their own business model or risk similar legal consequences.
The FTC has recently taken many other welcome actions to protect data privacy from corporate surveillance.
In 2023, the agency limited Rite Aid's use of face recognition, and fined Amazon's Ring for failing to secure its customers' data.
In 2022, the agency brought an unfair business practices claim against another location data broker, Kochava, and began exploring issuance of new rules against commercial data surveillance.
This Cyber News was published on www.eff.org. Publication date: Thu, 11 Jan 2024 22:13:04 +0000