InMobi fined $4 million for tracking users without consent
Fri 24 Jun 2016
Indian advertising company InMobi has been fined $4 million, with all but $950,000 suspended, for tracking users including children without consent. The company offered geographically specific advertising to users on Android and iOs systems and collected user data even if they had attempted to restrict sharing their location with the service.
The U.S. Federal Trade Commission (FTC) alleged in its complaint that InMobi had been illegally tracking user locations and using that data to send geo-targeted advertisements without their consent. InMobi used data collected from their own app as well as that from other installed applications to access information about the WiFi networks that users were logged onto, or nearby, to coordinate a physical location.
By subverting the standard location data capture,the FTC argued that InMobi “undermined consumers’ ability to make informed decisions about their location privacy and to control the collection and use of their location information.” Also, InMobi misrepresented its use of geo-tracking data to the app developers and advertisers that were clients, saying that it only tracked users who had specifically agreed to share location data. As a result, the FTC alleged InMobi’s clients were unable to “provide accurate information to consumers regarding their applications’ privacy practices.”
In an emailed statement, InMobi said that a technical error prevented the implementation of a process that was intended to ensure COPPA compliance. And while they acknowledged that they had inferred user locations in the past, they said that, “Going forward InMobi will only use WiFi information when serving location based targeted advertising campaigns when an app user has authorized the app to collect and transmit the same.”
In response to the complaint, InMobi changed its data collection procedures effective December 2015. It will be required to destroy the data that had been collected, to establish a privacy program, and to submit to data audits for the next 20 years.
The $950,000 fine was implemented for violating the Children’s Online Privacy Protection Act (COPPA), as the company was gathering information from children under the age of 13 without their parent’s consent. InMobi was actually fined $4 million dollars in total, but the bulk of the fine was suspended due to the company’s financial condition.
InMobi, which calls itself a ‘technology powerhouse’, was rumored to be the target of a Microsoft acquisition earlier this year.