The Federal Trade Commission’s (FTC) January 18th enforcement actions signal a significant shift in the regulatory landscape concerning consumer privacy and data protection. One of the most striking instances of this change is the proposed settlement with InMarket Media, a Texas-based data aggregator. This case is noteworthy not only for its direct implications for InMarket but also for the broader message it sends to the industry about the handling of sensitive consumer data, particularly location information.
The Case Against InMarket
InMarket, known for collecting location data through various sources, including its apps and third-party applications, faced FTC charges for not fully informing consumers or obtaining their consent before using their location data for marketing purposes. The company’s practices included creating audience segments based on consumers’ visits to specific locations, enabling targeted advertising. What is alarming is the scope of this data collection, with InMarket maintaining nearly 2,000 audience segment lists with categories as specific as “parents of preschoolers” and “Christian churchgoers.”
FTC’s Stance: Protecting Consumer Privacy
FTC Chair Lina M. Khan’s statement underscores the agency’s stance on protecting Americans from “unchecked corporate surveillance.” The FTC’s complaint highlights that InMarket did not obtain informed consent from users of its apps, such as CheckPoints and ListEase, while also failing to ensure third-party apps using its SDK had obtained this consent. Furthermore, the FTC criticized the company’s policy of retaining geolocation data for five years as excessive and risky.
The Settlement: A New Precedent in Data Privacy
Under the proposed order, InMarket is to cease selling or licensing precise location data, a first for the FTC. This includes a comprehensive set of actions to protect consumer data, such as deleting previously collected location data, providing mechanisms for consumer consent withdrawal, and establishing a privacy program. These measures reflect an unprecedented level of regulatory intervention in the realm of data privacy, particularly concerning location information.
Implications and Future Outlook
This case, along with the FTC’s action against X-Mode Social and Outlogic earlier this month, represents a growing trend in stringent enforcement against the misuse of consumer data. The penalties are severe, with each violation of the order potentially resulting in a civil penalty of up to $51,744. These actions signal a clear message to companies about the importance of informed consent and responsible data handling. As the industry adapts to these changes, we may see a significant shift in how companies collect, use, and protect consumer data, with a heightened focus on privacy and transparency.
A Turning Point in Data Privacy
The FTC’s recent actions, particularly the InMarket settlement, mark a turning point in data privacy regulation. These developments are likely to have far-reaching implications, not only for data aggregators but for all entities involved in the collection and use of consumer data. As regulatory bodies intensify their focus on protecting consumer privacy, companies must reevaluate their data practices to align with these evolving standards, ensuring that consumer rights are at the forefront of their operations.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –