The Federal Trade Commission (FTC) has taken decisive action against Mobilewalla, Inc., a data broker accused of selling sensitive location data without verifying consumer consent. The proposed settlement order prohibits Mobilewalla from selling such data and restricts the company from collecting consumer information from online advertising auctions for purposes other than participating in those auctions.

FTC Chair Lina Khan highlighted the risks associated with persistent tracking by data brokers, stating, "Mobilewalla exploited vulnerabilities in digital ad markets to harvest this data at a stunning scale." The FTC alleges that Mobilewalla collected data from real-time bidding exchanges and third-party aggregators without consumers' knowledge.

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, emphasized the invasive nature of these practices: "Mobilewalla collected massive amounts of sensitive consumer data – including visits to health clinics and places of worship – and sold this data in a way that exposed consumers to harm."

The complaint outlines how Mobilewalla retained information even when it did not win bids on advertising exchanges. From January 2018 to June 2020, over 500 million unique consumer identifiers paired with precise location data were collected. This raw location data was not anonymized, potentially allowing individual identification.

Additionally, Mobilewalla used its location data to develop audience segments for targeted advertising. This included creating segments based on visits to pregnancy centers and analyzing protesters' racial backgrounds following George Floyd's death.

The FTC claims that Mobilewalla violated several provisions of the FTC Act by selling sensitive location data and audience segments based on characteristics like medical conditions and religious beliefs. The actions allegedly compromised personal privacy and exposed consumers to discrimination and other harms.

Under the proposed order, Mobilewalla is barred from misrepresenting its handling of personal information or using sensitive location data beyond specified purposes. It must also implement programs for managing sensitive locations, deleting certain types of older data upon request, establishing a comprehensive privacy program, setting up a supplier assessment program for consent verification, and providing methods for consumers to withdraw consent.

The Commission voted 4-1 in favor of issuing the administrative complaint and accepting the proposed agreement. Chair Lina Khan issued a concurring statement alongside Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter; Commissioner Melissa Holyoak dissented; Commissioner Andrew Ferguson issued both concurring and dissenting statements.

This case is part of ongoing efforts by the FTC to address unfair handling of sensitive location data by aggregators. Similar cases have been settled with companies like Kochava, X-Mode, and InMarket.

A description of the consent agreement will be published in the Federal Register soon for public comment before finalization. Violations may result in civil penalties up to $51,744 per occurrence once finalized as law.

David Walko and Gorana Neskovic are leading this matter within the FTC’s Bureau of Consumer Protection. The agency continues its mission to promote competition while protecting consumers through education about various topics related to fraud prevention.