In a groundbreaking move, the U.S. Federal Trade Commission (FTC) has taken decisive action against data broker Outlogic, formerly known as X-Mode Social. Recently, the FTC imposed restrictions on Outlogic, prohibiting the sale or sharing of sensitive location data with third parties. In this blog, we’ll discover the FTC Outlogic ban as well as the Outlogic location tracking investigation in detail.
It’s worth mentioning that this development follows allegations of the company being engaged in the sale of precise location data capable of tracking individuals’ visits to sensitive locations. This includes medical and reproductive health clinics, religious worship places, and domestic abuse shelters.
As part of the FTC Outlogic ban, the company is mandated to cease sharing or selling any sensitive location data and, furthermore, to destroy all previously gathered location data unless explicit consumer consent is obtained.
They must also ensure that the data is either de-identified or rendered non-sensitive. Additionally, Outlogic is required to maintain a comprehensive list of sensitive locations, establish a robust privacy program, and implement a data retention schedule to prevent potential data abuse.
The FTC asserted that Outlogic, previously operating as X-Mode Social, failed to establish adequate safeguards to prevent location data privacy violation. This marks a significant milestone as the FTC issues its first-ever ban on the use and sale of such data.
Outlogic, formerly known as X-Mode, gained attention in 2020 for selling location data to the U.S. military. The company collected precise location data from proprietary and third-party apps that incorporated its software development kit (SDK). Additionally, it sourced location data from other brokers and aggregators. Both Apple and Google responded to these revelations by urging app developers to remove X-Mode’s SDK from their apps, threatening app store bans for non-compliance.
The sensitive location information ban from FTC highlighted that the raw location data sold by X-Mode/Outlogic was associated with mobile advertising IDs, unique identifiers linked to each mobile device. This raw data, devoid of anonymization, had the potential to match an individual’s mobile device with the specific locations they visited.
Until May 2023, Outlogic reportedly lacked policies to remove sensitive locations from the sold location data, placing users’ privacy at risk. The FTC enforcement actions emphasized that this negligence not only exposed individuals to potential discrimination, physical violence, and emotional distress but also violated their consumer privacy rights.
The FTC raised concerns about X-Mode’s lack of transparency regarding the entities receiving data when customers used third-party apps with its SDK. Furthermore, the company allegedly failed to ensure that these apps obtained informed consent from consumers before accessing their location information.
Lastly, X-Mode faced criticism for neglecting requests from certain Android users who sought to opt out of tracking and personalized ads, indicating a failure to honor user preferences.
In response to the FTC’s announcement, Outlogic expressed disagreement with the “implications” of the decision, asserting that there was no finding of misuse of location data. However, U.S. Senator Ron Wyden commended the FTC’s action, emphasizing the need for comprehensive privacy legislation to safeguard Americans’ personal information and prevent government agencies from acquiring data through data brokers.
The FTC ruling on Outlogic signifies a pivotal moment in the data protection regulations, prompting a closer examination of data privacy practices in the digital landscape.
As technology advances, the responsible use of sensitive location data becomes paramount. The FTC’s intervention against Outlogic sets a precedent for holding data brokers accountable and underscores the urgency for cybersecurity measures as well as Location data security measures.
As the digital landscape evolves, striking a balance between technological innovation and safeguarding mobile app data privacy remains a crucial challenge for regulatory bodies and businesses alike.
The sources for this piece include articles in The Hacker News and FTC.
The post FTC Outlogic Ban: Broker Stopped From Selling Location Data appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/ftc-outlogic-ban-broker-stopped-from-selling-location-data/