The Federal Trade Commission(FTC) has charged Singapore-based mobile advertising company, InMobi for $950,000 in civil penalties stating that it is deceptively tracking the locations of hundreds of millions of consumers – including children – without their knowledge or consent to serve them geo-targeted advertising. FTC has also asked them to implement comprehensive privacy program to settle charges.
According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps using InMobi’s software asked for consumers’ permission to do so, and even when consumers had denied permission to access their location information.
Founded in 2007 by Naveen Tewari, InMobi currently has some 1,500 employees compared to twice that number when it was at its peak. Softbank had poured $200 million into InMobi in 2011 but wrote down most of that amount in 2014. InMobi, which was estimated to be valued at $1 billion, now generates between around $300 million in annual revenue.
The FTC alleges that InMobi, whose advertising network has reached more than one billion devices worldwide through thousands of popular apps, offers multiple forms of location-based advertising to its customers, including the ability to serve ads to consumers based on their current locations, locations they visit at certain times, and on their location over time. Jessica Rich, Director of the FTC’s Bureau of Consumer Protection said,
“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences. This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.”
Under the terms of its settlement with the FTC, InMobi is subject to a $4 million civil penalty, which is suspended to $950,000 based on the company’s financial condition. The company will also be required to delete the location information of consumers it collected without their consent and will be prohibited from further misrepresenting its privacy practices.
The FTC alleges that InMobi also violated the Children’s Online Privacy Protection Act (COPPA) by collecting this information from apps that were clearly directed at children, in spite of promising that it did not do so. InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users.
Going forward, InMobi will be prohibited from collecting consumers’ location information without their affirmative express consent for it to be collected, and will be required to honour consumers’ location privacy settings.
In a latest statement from InMobi:
With best intentions to adhere to COPPA requirements, InMobi implemented a process to exclude any publisher’s site or app identified as a COPPA app from interest-based, behavioral advertising. During the investigation by FTC, InMobi discovered that there was a technical error at InMobi’s end that led to the process not being correctly implemented in all cases. As a result, some COPPA sites were served with interest-based campaigns on the InMobi Network. InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means deliberate. Any family safe ads that may have formed part of targeted campaigns would have been undertaken to target the adult owner of the device.
In certain instances, InMobi has inferred user location through the Wifi identifier as part of the SDK integration with publisher apps without express election by an user. While InMobi was not fined by the FTC for this practice, to implement best practices, going forward InMobi will only use WiFi information when serving location based targeted advertising campaigns when an app user has authorized the app to collect and transmit the same. The errors were corrected in Q4 2015, and since then, InMobi has been fully compliant with all COPPA regulations. InMobi operates across several countries and continents, and intend to adhere to the best practices related to the data and privacy requirements of all the countries.