After settling charges with the Federal Trade Commission this week a mobile advertising company will pay nearly $1M after it was determined the company tracked customers – including children – without their consent. InMobi, an India-based firm with offices across the world, will pay $950,000 in civil penalties, the FTC announced via press release on Wednesday. The company was initially asked to pay $4 million but that figure was reduced to $950K because of the “company’s financial condition.”
According to the complaint (.PDF) the company, which bills itself as a mobile advertising platform that delivers users personalized ad experiences, was tracking the location of users whether or not apps using the software asked them for consent. Even when users denied permission to be tracked the app still accessed their location information. “InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.” The FTC claims InMobi’s network can reach more than one billion devices worldwide and that it deceptively tracked hundreds of millions of users. The company also violated the Children’s Online Privacy Protection Act, or COPPA, a law passed in 1998 designed to limit the amount of information companies can collect on children under 13 years of age. According to the complaint, InMobi’s platform is featured in thousands of apps directed at children and the company failed to follow through on steps required by COPPA to get a parent or guardian’s permission to collect data from those children via apps. Going forward the company will not be allowed to collect consumer information without getting users’ “affirmative express consent.” As part of the settlement its also being asked to delete all information it obtained from users without their consent and delete any and all information it obtained from children. In a statement provided to Threatpost on Thursday InMobi claimed its original intent was to exclude any publisher’s site or app identified as a COPPA app from “interest-based, behavioral advertising” but a technical error led to the process not being correctly implemented in all cases. “As a result, some COPPA sites were served with interest-based campaigns on the InMobi Network. InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means deliberate. Any family safe ads that may have formed part of targeted campaigns would have been undertaken to target the adult owner of the device,” the statement reads. For what it’s worth the company claims it addressed the errors in Q4 2015 and has been compliant with COPPA regulations since. The company claims it will only use WiFi information when serving location based targeted advertising campaigns going forward, assuming users have allowed the app to do so. The FTC has been vigilant in recent years when it comes to monitoring the type and amount of information companies collect on users. The agency has urged data brokers to make themselves known to customers and to be open and transparent about the information they collect. Julie Brill, who served as Commissioner for the FTC from April 2010 to March of this year, warned advertisers in January that some companies were going overboard in collecting information from consumers and that more sites should make it easier for users to opt out of being tracked across devices.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.