A Singapore-based mobile advertising network has agreed to settle charges with the FTC that the company illegally tracked hundreds of millions of consumers’ locations without permission. As part of the settlement, InMobi will pay $950,000 in civil penalties, and will further be required to implement a comprehensive privacy program.
By way of background, InMobi was founded in 2007 by Naveen Tewari, Mohit Saxena, Amit Gupta and Abhay Singhal. The mobile advertising company was founded to provide an advertising platform for mobile app developers and advertisers. In 2011, it was announced that SoftBank had pledged to commit a $200 million investment in the company.
FTC Alleged InMobi Illegally Tracked Consumers’ Locations
In its complaint, the FTC alleged that InMobi misrepresented to consumers that its advertising software would track consumers’ locations only when those consumers opted in and in a manner consistent with the consumers’ mobile device’s privacy settings. According to the FTC, the mobile advertising company was tracking consumers’ locations regardless of whether the apps using the tracking software asked for the consumers’ permission to do so, and even in cases where consumers had explicitly denied permission to access their location information.
The FTC says that InMobi’s advertising network has reached more than one billion devices worldwide through a variety of different mobile apps, and that InMobi offers multiple forms of location-based advertising to its customers, including the ability to serve ads to consumers based on their current locations, locations they visit at certain times, and on their location over time, the FTC states.
Jessica Rich, Director of the FTC’s Bureau of Consumer Protection has said:
InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences. This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.
The FTC’s complaint further alleges that InMobi developed a database that compiled information collected from consumers who gave their permission to access the consumers’ geolocation information. The company would combine its collected information with the nearby wireless networks to document the physical location of wireless networks themselves, and would then use that database to infer the physical location of consumers based on the networks they were near, even when the consumers had turned off location collection on their mobile device.
FTC Alleged InMobi Also Violated COPPA
In addition to violating Section 5 of the FTC Act, the FTC further alleged that InMobi violated the Children’s Online Privacy Act (“COPPA”) by collecting their location information from apps that are primarily directed to children. This is true despite the fact that the mobile advertising company specifically agreed not to collect its location information from apps directed to children, the FTC says. The FTC’s complaint complains that the software tracked locations in thousands of child-directed apps, which resulted in millions of users being tracked without complying with the specific requirements of COPPA. COPPA requires that a parent or guardian consent to collect and use a child’s personal information.
Settlement with FTC Requires InMobi to be Audited Every Two Years for Twenty Years
Under the specific terms of the settlement, InMobi is subject to a $4 million civil penalty, which has been suspended to $950,000 based on the company’s inability to pay. the mobile advertising company will also be subject to other nonmonetary obligations, including that it will be required to delete all information it collected from children, and will be further prohibited from violating COPPA in the future. Additionally, it will be prohibited from collecting consumers’ location information without the consumers’ express consent, and will be required to honor a consumer’s location privacy settings on their mobile device. It will also be required to delete any location information it collected from consumers without their permission, and will be prohibited from misrepresenting their own privacy policies.
While the InMobi settlement entails the usual civil penalties and other restrictions, what makes this settlement different from most others is that InMobi has agreed to institute a comprehensive privacy program that will independently audited every two years for the next twenty years. This means that until 2036, InMobi will be under the watchful eye of the FTC.
InMobi Says Case with FTC was Result of Technical Error
In response to the settlement, InMobi has said the tracking problem was the result of a technical error:
With best intentions to adhere to COPPA requirements, InMobi implemented a process to exclude any publisher’s site or app identified as a COPPA app from interest-based, behavioral advertising. During the investigation by FTC, InMobi discovered that there was a technical error at InMobi’s end that led to the process not being correctly implemented in all cases. As a result, some COPPA sites were served with interest-based campaigns on the InMobi Network. InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means deliberate. Any family safe ads that may have formed part of targeted campaigns would have been undertaken to target the adult owner of the device.
In certain instances, InMobi has inferred user location through the Wifi identifier as part of the SDK integration with publisher apps without express election by an user. While InMobi was not fined by the FTC for this practice, to implement best practices, going forward InMobi will only use WiFi information when serving location based targeted advertising campaigns when an app user has authorized the app to collect and transmit the same. The errors were corrected in Q4 2015, and since then, InMobi has been fully compliant with all COPPA regulations. InMobi operates across several countries and continents, and intend to adhere to the best practices related to the data and privacy requirements of all the countries.
The Settlement Represents the First Such Settlement with a Mobile Advertising Company Charged with Violating COPPA
The settlement with the FTC comes at a time when InMobi is struggling to raise funds and chart out a sustainable business model besides grappling with attrition in its senior & mid-level management, amid concerns about the company’s future and whether its new strategic initiatives are working or not. However, on a bigger scale, the FTC has said that the settlement represents the first settlement with a mobile advertising company the FTC has charged with deception and with violating the COPPA.
There are several important takeaways from the FTC’s settlement with InMobi, including the twenty year audit the company will face as part of the settlement, that companies also can be held liable for deceptive statements made to other businesses when those misrepresentations ultimately affect consumers, and the fact that the settlement represents the first such settlement with a mobile advertising company charged with violating COPPA. Other mobile advertising companies should learn from the lessons provided by the recent settlement, and should make sure they are obtaining consumers’ express consent to track their location, which tracking should be consistent with the consumers’ mobile device privacy settings. If not, then those mobile advertising companies may be under the thumb of the FTC for twenty years.
* Photo Cred.: indialivetoday.com