• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

InMobi to Pay $950,000 to Settle FTC Charges that it Secretly Tracked Phone Users

June 30, 2016 By Privacy, Cyber & Data Strategy Team

The Federal Trade Commission (“FTC”) announced that InMobi, a Singapore-based mobile advertising company whose products are used by many Android and iOS app makers to deliver advertisements to consumers, will pay $950,000 in civil penalties and implement a comprehensive privacy program to settle FTC charges for deceptively tracking the locations of hundreds of millions of consumers, including children, without their knowledge or consent to serve them geo-targeted advertising.

The FTC alleges that InMobi represented that its advertising software would only collect consumer’s geo-location data when consumers provided opt-in consent, and that such collection would be completed in a manner consistent with consumer’s device’s privacy settings. However, according to the FTC complaint, InMobi’s software was actually tracking consumer’s locations irrespective of whether opt-in consent was given, and even when consumers denied permission to access their geo-location data. The complaint alleges that InMobi’s software used nearby WiFi signals to infer locations even when permission was not given, and that InMobi then archived the location data and used it to push targeted advertisements to consumers. According to the complaint, such collection occurred even when consumers had turned off location collection on their device. Specifically, the complaint states, “[e]ven if the consumer had restricted an application’s access to the location API, [InMobi] still tracked the consumer’s location and, in many instances, served geo-targeted ads, by collecting information about the WiFi networks that the consumer’s device connected to or that were in-range of the consumer’s device.”

The complaint also alleges that InMobi violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting geo-location data from mobile applications that were directed towards children. Under COPPA, an operator of a commercial website or online service that is directed towards children must obtain verifiable parental consent prior to collecting, using, or disclosing personal information from children under the age of 13. The FTC alleges that InMobi disseminated or caused to be disseminated statements stating that it “will continue to only use any data in the manner that COPPA prescribes” and that they had “identified all existing publisher sites and apps directed to children to ensure [they] are in full compliance with the . . . COPPA rules.”  However, according to the complaint, InMobi did not comply with COPPA as its software tracked the geo-location in thousands of child-directed applications without receiving the requisite consent. The complaint states that InMobi “knowingly collected and used information . . . from thousands of applications that had indicated . . . that they were directed to children.”

As we have noted in other blog posts regarding FTC enforcement, the FTC has not been shy in regulating issues related to data security and privacy. In this InMobi case, the FTC settlement terms are rather extensive. The FTC leveled a $4 million civil penalty, but suspended such penalty to $950,000. InMobi will be prohibited from collecting consumer’s geo-location data without their affirmative consent, and will be required to honor a consumer’s location privacy settings. InMobi must delete the geo-location data that it collected without consumers’ consent, and must also delete all information collected from children. Finally, InMobi must institute a comprehensive privacy program that will be independently audited every two (2) years for the next twenty (20) years.

Filed Under: Children's Privacy, Mobile Privacy Tagged With: Children's Online Privacy Protection Act (COPPA), Federal Trade Commission (FTC), Marketing, Mobile Technologies, Tracking

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.