On January 18, the FTC issued a consent order prohibiting a digital platform and data aggregator from selling or licensing precise consumer location data on the grounds that it did not obtain consumer consent before collecting and selling the data to advertisers.
The company collected consumer data, including location data, purchase history, and other personal information, through its applications and third-party apps. The data was subsequently sold to advertisers who used it for targeted advertising. In its order, the FTC underscored the sensitive nature of the location data, which could reveal personal details like health information, political affiliations, and personal habits. The FTC alleged the company’s actions constitute unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act.
Under the order, the company is required to, among other things, delete the precise location data it previously collected, issue a notice to affected consumers informing them of the FTC’s decision, and refrain from future violations.
Putting it into Practice: This FTC order is emblematic of a broader push by regulators to enhance protections of consumer data and enforce stricter data privacy standards through cracking down on violators and new data privacy rule proposals (previously discussed here, here, and here). Without the proper consent protocols in place, companies engaging in the collection and sale of consumer data, for advertising or otherwise, could find themselves within the crosshairs of the FTC.