InMobi to pay $950,000 Civil Penalty to Settle Illegal Location Tracking Charge

The FTC alleges that InMobi mispresented its opt-in policy
The FTC alleges that InMobi mispresented its opt-in policy

Mobile ad network InMobi will pay $950,000 (£684,000) in civil penalties to settle charges brought against it by the Federal Trade Commission (FTC) in the US that it tracked hundreds of millions of consumers’ locations – including children – without their permission to do so, in order to serve them geo-targeted ads.

Under the terms of the settlement, InMobi was actually required to pay a $4m civil penalty, but the FTC said it had suspended all but $950,000 of the penalty “based on the company’s financial condition”.

In addition to the fine, the company will also be required to implement a comprehensive privacy program that will be independently audited every two years, for the next 20 years. It will also be required to delete all information it collected from children. It will also be prohibited from collecting consumers’ location information without their affirmative express consent for it to be collected, and will be required to honour consumers’ location privacy settings.

The FTC alleges that InMobi mispresented that its advertising software would only track consumers’ locations when they opted in and in a manner consistent with their device’s privacy settings. According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps using InMobi’s software asked for consumers’ permission to do so, and even when consumers had denied permission to access their location information.

“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.”

The complaint alleges that inMobi created a database built on information collected from consumers who allowed the company access to their geolocation information, combining that data with the wireless networks they were near to document the physical location of wireless networks themselves. InMobi then would use that database to infer the physical location of consumers based on the networks they were near, even when consumers had turned off location collection on their device.

The FTC alleges that InMobi also violated the Children’s Online Privacy Protection Act (COPPA) by collecting this information from apps that were clearly directed at children, in spite of promising that it did not do so. The complaint noted that InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users without following the steps required by COPPA to get a parent or guardian’s consent to collect and use a child’s personal information.

Update:
InMobi has released a statement relating to the FTC action. In it the company says:

“With best intentions to adhere to COPPA requirements, InMobi implemented a process to exclude any publisher’s site or app identified as a COPPA app from interest-based, behavioral advertising. During the investigation by FTC, InMobi discovered that there was a technical error at InMobi’s end that led to the process not being correctly implemented in all cases. As a result, some COPPA sites were served with interest-based campaigns on the InMobi Network. InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means (sic) deliberate. Any family safe ads that may have formed part of targeted campaigns would have been undertaken to target the adult owner of the device.

In certain instances, InMobi has inferred user location through the Wifi identifier as part of the SDK integration with publisher apps without express election by an user. While InMobi was not fined by the FTC for this practice, to implement best practices, going forward InMobi will only use WiFi information when serving location based targeted advertising campaigns when an app user has authorized the app to collect and transmit the same. The errors were corrected in Q4 2015, and since then, InMobi has been fully compliant with all COPPA regulations. InMobi operates across several countries and continents, and intend to adhere to the best practices related to the data and privacy requirements of all the countries.”