The U.S. Federal Trade Commission (FTC) continues its rigorous crackdown on data brokers, taking decisive action against InMarket Media by prohibiting the sale or licensing of precise location data without explicit user consent.
This settlement follows allegations that the Texas-based company, InMarket, failed to inform or seek consent from consumers before utilizing their location information for targeted advertising and marketing purposes.
Under the terms of the settlement, InMarket is barred from selling, licensing, transferring, or sharing any product or service that categorizes or targets consumers based on sensitive location data. The FTC directive also mandates the destruction of all previously collected location data with users’ consent and the establishment of a user-friendly mechanism for consumers to withdraw their consent and request the deletion of their previously collected information.
This development marks InMarket as the second data aggregator facing a ban within weeks, following the case of Outlogic (formerly X-Mode Social), accused of selling location information that could potentially be exploited to track users’ visits to medical facilities, places of worship, and domestic abuse shelters.
Similar to Outlogic, InMarket reportedly extracts location information from its proprietary apps such as CheckPoints and ListEase, as well as over 300 third-party applications incorporating its software development kit (SDK). These apps, downloaded on over 420 million unique devices since 2017, grant the InMarket SDK access to precise latitude, longitude, timestamp, and unique mobile device identifiers, facilitating the creation of detailed consumer profiles.
The historical data collected is then utilized to classify consumers into nearly 2,000 segments based on their visited locations, enabling the delivery of tailored advertisements through apps featuring the SDK. InMarket’s services extend to pushing location-based ads, such as promoting medicines when a person is within 200 meters of a pharmacy.
The FTC complaint highlighted InMarket’s lack of effort to ensure third-party apps embedding its SDK obtained express consent from users. The company allegedly neglected to inform these apps that the location data provided through its SDK would be combined with other data points to construct comprehensive consumer profiles.
Moreover, the FTC criticized InMarket’s five-year data retention policy, deeming it unnecessary for the original purposes of collection and posing a risk to customers by exposing their information to potential misuse.
As part of remedial measures, InMarket is now mandated to establish a sensitive location data program, preventing the company from utilizing, selling, licensing, transferring, or sharing any products or services that involve sensitive location data.
This revelation coincides with a joint study by Consumer Reports and The Markup, revealing that Meta-owned Facebook obtains user data from thousands of companies. The study disclosed that, on average, Facebook received data from 2,230 different companies for each of the 709 volunteers, emphasizing the extensive network of data sharing in the digital landscape.