Written by: Haim Ravia, Dotan Hammer
The Federal Trade Commission (FTC) has taken action against Mobilewalla, Inc., a data broker, for collecting and selling sensitive location data without obtaining proper consent from consumers. The FTC’s complaint alleges that Mobilewalla gathered data from real-time online ad bidding exchanges and third-party aggregators, often without consumers’ knowledge. This data included precise locations of individuals, such as visits to health clinics and places of worship. The FTC asserts that from January 2018 to June 2020, Mobilewalla collected over 500 million unique consumer advertising identifiers paired with consumers’ precise location data, which was then sold to third parties, including advertisers, data brokers, and analytic firms.
The FTC alleged that Mobilewalla violated the FTC Act by selling sensitive location data, marketing audience segments based on sensitive characteristics, retaining data from advertising exchanges, and collecting data without verifying consumer consent. The raw location data was not anonymized, which allowed Mobilewalla to identify individual mobile devices and the sensitive locations they visited. This data was used to create audience segments such as those based on visits to pregnancy centers. Mobilewalla also used location data to create a report analyzing protesters of the death of George Floyd.
To settle the allegations, the FTC proposed a settlement order that would prohibit Mobilewalla from misrepresenting how it collects, uses, or discloses consumers’ personal information, particularly location data. The proposed order also bans the use, sale, or disclosure of sensitive location data from health clinics, religious organizations, correctional facilities, labor union offices, LGBTQ+-related locations, political gatherings, and military installations. Additionally, Mobilewalla is prohibited from collecting or retaining consumer data from online advertising auctions for purposes other than participating in the auction.
The settlement order requires Mobilewalla to establish a sensitive location data program, which includes creating a comprehensive list of sensitive locations and preventing the use, sale, or disclosure of this data. Mobilewalla must also implement a method for consumers to request deletion of their location data and must delete certain types of older data, including historical location data and any work product derived from this data. Further, the company is required to create a comprehensive privacy program, assess it annually, and train employees on handling sensitive data.
Click here to read the FTC’s press release on the enforcement action against Mobilewalla.
