Mobile ad company InMobi illegally collected location data from "hundreds of millions" of consumers, including young children, the Federal Trade Commission said Wednesday.
The Singapore-based company -- which says its mobile ad nework reaches more than one billion mobile devices -- has agreed to delete the geolocation data it collected.
The company also will pay a $950,000 fine for allegedly violating the Children's Online Privacy Protection Act by gathering geolocation data from children younger than 13 without their parents' consent, the FTC said.
Until December of last year, InMobi "undermined consumers’ ability to make informed decisions about their location privacy and to control the collection and use of their location information," the FTC alleged in a complaint unveiled Wednesday.
The agency alleged that InMobi -- which offers a platform for app developers and advertisers -- tracked consumers' locations and served them with geo-targeted ads, even when people sought to restrict access to their location data. InMobi accomplished this by collecting information about WiFi networks that consumers connected to, or that were nearby, according to the complaint.
The FTC also said InMobi misrepresented to app developers that it only gathered location data from people who had explicitly agreed to share the information. "As a result, application developers could not provide accurate information to consumers regarding their applications’ privacy practices," the complaint alleged.
InMobi said in a statement emailed to MediaPost that a "technical error" prevented the correct implementation of a process that was intended to ensure compliance with the children's privacy law.
The company also acknowledged that in some situations, it "inferred" users' locations through WiFi data. "Going forward InMobi will only use WiFi information when serving location based targeted advertising campaigns when an app user has authorized the app to collect and transmit the same," the company stated.
In addition to destroying data it collected, InMobi has agreed to establish a privacy program and submit to biennial audits for the next 20 years.
The charges that InMobi violated the children's privacy law stem from allegations that the company's software tracked location in apps directed at children younger than 13, without first obtaining a parent's consent.
The Children's Online Privacy Protection Act prohibits companies from collecting "personally identifiable" information from children under 13 without their parents' permission. Several years ago, the FTC broadened the definition of personally identifiable information to include geolocation data.
The FTC settlement with InMobi provides for a $4 million fine, with all but $950,000 suspended.
The sizable fine suggests the FTC remains particularly concerned about the collection of sensitive data, says privacy expert Greg Boyd, a partner in the law firm Frankfurt Kurnit Klein & Selz.
He adds that "children's information and location information are especially important" to the FTC. "If you combine children's information and location information together, you're really going to have their attention," he says.
Late last year, the FTC fined two app developers -- Retro Dreamer and LAI Systems -- a total of $360,000 for allegedly allowing ad networks to collect data from children in order to serve them targeted ads.
The agency also recently alleged that the developer of the Brightest Flashlight app deceived consumers by failing to disclose the app would transmit geolocation data and unique device identifiers to ad networks.