FTC Blocks Data Broker Outlogic From Collecting And Selling Sensitive Location Data
from the doing-the-bare-minimum dept
We’ve long noted how the U.S. has generally proven too corrupt to pass even a baseline privacy law or regulate data brokers. The result has been a long line of companies that over-collect all manner of sensitive consumer location and behavior data, fail to secure it, and sell access to it to pretty much any dipshit with a few nickels to rub together. The result: an endless parade of massive privacy scandals.
Instead of fixing the problem from a top-down level with meaningful reform, we’ve done things like… performatively and singularly hyperventilate about the dangers of TikTok.
The only exception has been the FTC, which has been increasingly ramping up pressure on data brokers that play fast and loose with consumer privacy. That continued this week, with the agency announcing that it has banned a data broker named X-Mode Social (recently renamed Outlogic) from sharing or selling users’ sensitive location data, and forced it to delete all collected data.
The FTC’s investigation found the the firm routinely collected and monetized all manner of sensitive geolocation data on consumers gleaned from mobile phones, apps, and other technologies. That data revealed movement behavior down to the meter as consumers visited sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.
Outlogic then failed to adequately secure this data or engage in much (if any) real controls as to which third parties had access to it:
“Geolocation data can reveal not just where a person lives and whom they spend time with but also, for example, which medical treatments they seek and where they worship. The FTC’s action against X-Mode makes clear that businesses do not have free license to market and sell Americans’ sensitive location data,” said FTC Chair Lina M. Khan. “By securing a first-ever ban on the use and sale of sensitive location data, the FTC is continuing its critical work to protect Americans from intrusive data brokers and unchecked corporate surveillance.”
As with most companies, Outlogic tried to pretend it had secured this data by claiming it had been “anonymized.” But as numerous studies have shown, that term is absolutely meaningless, given it only takes a tiny smattering of additional datasets to identify these supposedly anonymous individuals. In several of these cases, the FTC found companies didn’t even bother with anonymization.
Lina Khan gets criticized a lot for missteps coming from being a young regulator learning on the job. But she deserves ample credit for being one of the few people in DC taking the problem of unregulated data brokers seriously. Our corrupt refusal to regulate these dodgy companies will, sooner or later, result in some form of massive, unprecedented privacy scandal that will make past scandals look adorable by comparison.
Granted the FTC has limited staff and funding, and has generally had its authority over corporations steadily whittled down by decades of relentless corporate lobbying (something that’s likely to get worse with a number of looming Supreme Court decisions).
Keep in mind: this is just one regulator action against one company in an international data broker market filled with companies all doing the same thing. There are more than 4,000 estimated data brokers worldwide, and most of them are clever enough to at least create the fleeting illusion they care about privacy, letting them tap dance over, under, and around our swiss cheese privacy protections.
In other words, only the dumbest, clumsiest data brokers ever face any real penalty. You simply have to be marginally clever to avoid accountability for dodgy behavior.
Ideally you’d have Congress pass a more meaningful privacy law that specifically singles out data brokers and bad behavior. There are two reasons that doesn’t happen: one, a corrupt Congress has been lobbied into apathy by a long line of industries with bottomless pockets who don’t want to lose money. And two, the U.S. government has been exploiting this dysfunction to avoid having to get traditional warrants.
That makes meaningful reform hard to come by. Instead, what we’ve largely gotten is a bunch of performative simulacrum. Most commonly in the form of politicians posturing about the dangers of TikTok, eager to ignore that a long line of dodgy data brokers engage in the same or worse behavior (even selling U.S. consumer data to foreign intelligence agencies) at unfathomable scale.
Filed Under: apps, consumer rights, data brokers, geolocation, location data, privacy, scandal, warrants, wireless
Comments on “FTC Blocks Data Broker Outlogic From Collecting And Selling Sensitive Location Data”
Outlogic: “But, but the data is anonymized, we only provide the geolocation of your bedroom within your home, we don’t necessarily know which person actually lives in that bedroom”
Maybe should rebrand to…wait for it…Withoutlogic (drops mic)
Re:
How about Outoflogic?
Re: Re:
No-logic rando don’t give a fuck.
Nothing but PR. I just read the proposed settlement and it’s literally business as usual except some extra paperwork and administrative tasks.
relevance??
None, it’s spam. Just flag it.
It is spam talking about the previous article. Any conceivable relevance fled screaming into the fine print.