Skip to main content

FTC bans major data broker from selling invasive location tracking details

FTC bans major data broker from selling invasive location tracking details

/

Information sold by Outlogic (formerly X-Mode Social) could track consumers visiting sensitive locations like shelters, medical clinics, and places of worship.

Share this story

A blue, cream, and black grid of face silhouettes with red “lock on” frames over them.
The settlement comes over three years after Google and Apple banned X-Mode Social’s tracking software from their app stores.
Image: The Verge / Alex Castro

The US Federal Trade Commission (FTC) has prohibited Outlogic, the massive US data broker formerly known as X-Mode Social, from selling or sharing sensitive information that can be used to track people’s locations as part of the regulator’s first data tracking settlement. The settlement is intended to resolve accusations made by the FTC that Outlogic “did not implement reasonable or appropriate safeguards” to prevent the location information it sold from being mishandled by third parties and potentially endangering consumers. 

According to the FTC, the data associated with mobile advertising that Outlogic sold to hundreds of clients wasn’t anonymized and was capable of tracking specific individuals to sensitive locations like domestic abuse shelters, places of worship, and reproductive health clinics. For at least one of its contracts, the FTC said that Outlogic sold information about consumers who had visited specific medical facilities and pharmacies within a certain region of Columbus, Ohio to an unnamed private clinical research company.

In its complaint, the regulator claimed that Outlogic had violated consumer privacy by failing to implement policies for removing sensitive location information from the raw location data it sold until “at least May 2023.” Outlogic gathered detailed location data by purchasing it from other brokers, collecting it with its own Drunk Mode and Walk Against Humanity apps, and relying on third-party apps that integrated its location tracking software. The FTC criticized the company for allegedly failing to fully inform customers regarding how the location data it was collecting would be used and to honor requests from Android users to not be tracked.

Under the settlement, Outlogic is additionally required to delete or otherwise destroy all the location data it unlawfully collected from mobile apps, alongside any products produced from it — unless the broker renders the data non-sensitive or obtains consent from customers. The decision marks the first time that a settlement has been struck between the commission and a data broker regarding misuse of individual users’ geolocation data, but experts believe more still needs to be done.

“While the FTC’s action is encouraging, the agency should not have to play data broker whack-a-mole”

In September 2020, Oregon Senator Ron Wyden discovered that Outlogic (then X-Mode Social) had sold location data to US military contractors, prompting Google and Apple to ban the broker’s tracking software from their app stores. “I commend the FTC for taking tough action to hold this shady location data broker responsible for its sale of Americans’ location data,” Wyden said in a statement responding to the settlement. “While the FTC’s action is encouraging, the agency should not have to play data broker whack-a-mole. Congress needs to pass tough privacy legislation to protect Americans’ personal information and prevent government agencies from going around the courts by buying our data from data brokers.”

Cody Venzke, senior policy counsel at ACLU, echoed similar sentiments. “This settlement underscores that tech companies can and must honor our right to privacy and shines a light on why it’s essential for Congress to pass meaningful privacy legislation. We deserve to know who is collecting our information and how they are using it, and we need effective tools to stop companies from using our data against our wishes — or using it to harm us.”