• by Wendy Davis , December 3, 2024

In a ongoing crackdown on mobile data brokers, the Federal Trade Comission on Tuesday unveiled privacy charges against Mobilewalla, which allegedly obtained consumers' location data from real-time bidding exchanges.

“Mobilewalla exploited vulnerabilities in digital ad markets to harvest this data at a stunning scale,” FTC chair Lina Khan stated Tuesday.

Mobilewalla agreed to a settlement that includes a prohibition on collecting or retaining consumer data while participating in online real-time bidding ad auctions “for any other purpose than participating in such auctions.”

The company did not admit to wrongdoing.

While the FTC has previously brought charges against Outlogic (formerly X-Mode) and InMarket Media for allegedly selling location data, the case against Mobilewalla marks the first time the FTC has alleged that retaining data from real-time bidding auctions can be unlawful.

The broad restriction on Mobilewalla's use of real-time bidding data potentially includes even data collected from winning bids, Alan Chapell, a lawyer who represents advertising and technology companies, tells MediaPost.

The proposed settlement would also ban Mobilewalla from using or sharing location data from a variety of health clinics, religious establishments, jails, political gatherings and other sensitive locales.

The FTC alleged in its complaint, which was also unveiled Tuesday, that Mobilewalla collected information from other data brokers as well as from real-time bidding exchanges, and then saved a host of data it obtained from the exchanges -- including consumers' device identifiers and precise geolocation data -- regardless of the outcome of the auction.

It's not clear how much of the company's data originated with real-time bidding exchanges after June 2020. But between 2018 and June 2020, 60% of Mobilewalla's location data came from real-time bidding exchanges, according to the complaint.

The FTC alleged in its complaint that Mobilewalla harnessed location data for non-advertising purposes.

For instance, the company “created a 'geofence' around the home addresses of a set of employees and certain healthcare centers, in order for the client to 'poach these nurses from these centers to a competitor,'” the complaint alleged.

Mobilewalla also allegedly attempted “to geo-fence a work location to track where union organizers travel.”

The agency also said that on one occasion, a client provided Mobilewalla with mobile ad identifers for “devices of interest,” and that Mobilewalla then gave the client sensitive information -- including not only precise geolocation data collected from the devices, but also the apps the consumers were using when they were at those locations. Those apps included Grindr and Jack'd--Gay Chat & Dating.

The FTC additionally alleged that Mobilewalla uses location data to create ad targeting segments based on sensitive traits.

“Mobilewalla has offered standard audience segments such as 'Music Lovers' but has also created custom audience segments for clients, such as an audience segment specifically targeting pregnant women and young mothers,” the complaint alleges.

As with other cases against mobile data brokers, the FTC alleged that Mobilewalla collected mobile device identifiers that, though pseudonymous in themselves, could be used to identify particular consumers.

“Some data brokers advertise services to match [identifiers] with 'offline' information, such as consumers’ names and physical addresses,” the agency alleged in its complaint, also unveiled Tuesday. “Indeed, in a March 2020 email, a Mobilewalla’s chief executive officer explained that Mobilewalla’s ability to identify consumers’ home addresses using a consumer’s mobile device location history is more accurate than Mobilewalla’s competitors because of 'our ability to store longer periods of data cheaply due to compression schemes we have developed in house.'”

The FTC's complaint included claims that Mobilewalla engaged in unfair practices by collecting and selling the location data, and also by placing consumers into audience segments based on “sensitive characteristics, such as medical conditions and religious beliefs, derived from location data.”

The three Democrats on the FTC voted in favor of the enforcement action, while Republican Melissa Holyoak dissented, arguing that the agency didn't show how Mobilewalla's practices harmed consumers.

“The complaint alleges that the practice of collecting data was unfair in part because it caused or is likely to cause substantial injury,” Holyoak wrote. “But the complaint’s allegations are remarkably sparse when it comes to establishing how the collection itself caused substantial injury.”

Republican Andrew Ferguson concurred in part with the majority but also dissented in part. Ferguson said he agreed with the allegation that Mobilewalla acted unfairly by collecting data from real-time bidding exchanges, but disagreed that the company acted unlawfully by creating audience segments.

Mobilewalla has been under scrutiny since at least June 2020, when it published a report analyzing thedemographics of Black Lives Matter protesters in Atlanta, Los Angeles, Minneapolis and New York. Soon after that report came out, Wyden and other lawmakers questioned the company about its data practices.

Mobilewalla CEO Anindya Datta later acknowledged to the Senate that some of the location data it collected ended up in the hands of law enforcement when Venntel -- a subsidiary of Mobilewalla client Gravy Analytics -- licensed the information to law enforcement agenices.

In July 2020, Senator Ron Wyden (D-Oregon) and others asked the FTC to investigate the alleged use of bidstream data by Mobilewalla and others.

“Few Americans realize that companies are siphoning off and storing that 'bidstream' data to compile exhaustive dossiers about them,” the lawmakers wrote to the agency. “These dossiers include their web browsing, location, and other data, which are then sold by data brokers to hedge funds, political campaigns, and even to the government without court orders.”

“The identity of the companies that are selling bidstream data to Mobilewalla and countless other data brokers remains unknown,” the lawmakers wrote. “However, according to major publishers, companies are participating in [real-time bidding] auctions solely to siphon off bidstream data, without ever intending to win the auction and deliver an ad.”

Privacy advocate John Davisson, senior counsel at the Electronic Privacy Information Center, called the FTC's case against Mobilewalla “very encouraging.”

“This is the type of enforcement action that we need, and have been advocating for for a long time,” he says. Earlier this year, the organization urged the FTC to investigate Google for allegedly reneging on promise to shed data that could reveal smartphone users' visits to abortion clinics and other sensitive locales.

On Tuesday, the FTC also charged Gravy and Venntel with unfairly collecting and using consumers’ location data without their consent. Those companies were previously the subject of a report by the digital rights group Electronic Frontier Foundation, which examined how law enforcement obtains location data that was originally collected by mobile apps.

Gravy and Venntel agreed to resolve the FTC's charges by promising to refrain from selling or using sensitive location data, with some exceptions for law enforcement.