The U.S. Federal Trade Commission is once again taking action against data brokers, this time targeting InMarket with a settlement that puts a stop to the company’s sale of precise location data belonging to consumers. The enforcement agency announced its decision on Thursday, citing concerns over InMarket’s collection and use of sensitive consumer information without proper consent.
Texas-based InMarket, known as CheckPoints at TechCrunch Disrupt 2010, has built a platform for marketing that specializes in gathering private consumer data, including location, purchasing history, and demographics. This data, in turn, is handed off to brands and advertising agencies to aid in their targeted advertising efforts on mobile devices. According to the FTC, InMarket uses this data to assist in targeting specific demographic groups such as low-income millennials and Christian churchgoers.
The proposed order unveiled by the FTC revealed that InMarket failed to acquire consent from its own app users before using their location data for marketing and advertising purposes. The agency claims that InMarket’s apps, ListEase and CheckPoints, use prompts that are deceptive and do not adequately inform users of the data collection and usage practices.
Furthermore, the federal regulator alleges that InMarket makes little effort to verify whether users of third-party apps that incorporate its tracking code, also known as a software development kit (SDK), have been properly notified of their location data being used for targeted advertising.
According to the FTC’s complaint, one photo-editing app that incorporated InMarket’s SDK requested location permission with a prompt that stated the data would be used to offer rewards and discounts. However, the consumer was never informed that granting this permission would set off a chain of data collections by a third-party they likely had never heard of, allowing InMarket to gather a significant amount of sensitive data about them without their knowledge.
The FTC notes that InMarket’s own apps have been downloaded onto over 30 million unique devices since 2017, while its SDK has been integrated into more than 300 apps that have been downloaded onto over 390 million devices.
Additionally, the agency argues that InMarket’s policy of retaining geolocation data for five years was unnecessary and put consumers at risk of their sensitive information being disclosed, misused, or traced back to them.
Under the terms of the settlement, InMarket is barred from selling, licensing, or sharing any products that target phone owners based on sensitive location data. The company is also required to delete all previously collected location data along with any products created from this data unless it obtains consumer consent, and to inform affected app users about the FTC’s action and provide them with the option to opt out of any data collection.
In a statement given to TechCrunch, Jason Knapp, InMarket’s chief legal officer and chief privacy officer, stated that while the company disagrees with the FTC’s allegations, it is committed to improving its policies surrounding data disclosure and use.
“As a marketing solutions business, we have no interest in selling consumer location data. We have confirmed that we will not do so,” Knapp said. “Furthermore, we are expanding our existing measures to protect sensitive location data for consumers, with the aim of setting an example for the industry. We are also working closely with our SDK partners to ensure that their notice and consent processes are transparent.”
This announcement comes just one week after the FTC reached a similar agreement with data broker X-Mode, now known as Outlogic, which prohibits the company from sharing and selling users’ sensitive information to others. This marks the first time the agency has taken action against a company to prohibit the sale of sensitive location data.