Insights

10 January 2024

5 Key Takeaways on the FTC Location Data Ruling

The Federal Trade Commission recently imposed landmark penalties against location data companies X-Mode Social and Outlogic over privacy breaches related to selling sensitive consumer GPS data without consent.

The settlement order hands down strict prohibitions on precise location data sharing alongside tougher technical safeguarding mandates that together establish a new high-water mark for privacy and ethical data handling accountability.

Here are five big takeaways for GRC professionals to be mindful of:


Broad Ban on Monetizing Sensitive Location Data

The order bans the sale of location data tied to sensitive venues like medical facilities, places of worship, and domestic abuse shelters. Deemed high-risk by the FTC, these sites could allow tracking of protected groups or activities, enabling potential emotional, physical, or social harm.

Analytics firms must now maintain restricted location lists, auditing data flows to guarantee no associated consumer GPS trails ever get externally commercialized or de-anonymized. As raw location details remain identifiable, the FTC sees unpermitted sharing as an unchecked threat.


Opt-In Consent Mandatory for All Location Collection

Citing deceptive notice practices, the ruling requires explicit opt-in consent for location data collection rather than only instances tied to sensitive sites.

Governance teams must revisit current app permissions protocols, SDK integrator partnerships, and third-party data supplier relationships to ensure transparency in commercial uses—any continued location harvest absent express user approvals now courts action given expanded FTC prohibitions against misleading disclosures.


Orders Enhanced Due Diligence on Commercial Partners

The FTC also mandated stronger safeguards on location data after initial sale to third-party industries. New principles require firms to audit partners and halt sharing with those unable to prove compliant opt-in policies govern their location gathering.

For GRC leaders, this enlarged accountability across the supply ecosystem represents a priority, as downstream gaps could tarnish records indirectly.


Individual Access and Deletion Rights Expanded

On top of revamped handling rules, the order also upgrades individual transparency and control entitlements over historical location data by introducing rights around understanding commercial buyers and information deletion options.

While potentially spurring adjustments to data mapping and architecture planning to accommodate these access prerequisites, the shift removes the previous “free license” treatment for locations as a personally owned asset.


Signals Regulatory Expectations of Expansive Accountability

While the new rules directly target X-Mode and Outlogic, they indicate wider FTC expectations. The agency demands privacy and ethics embedded organization-wide for all firms monetizing personal data.

Preventing repeat unauthorized uses of location details necessitates comprehensive governance controls under executive supervision. The order sets a new norm as data misuse has regulatory consequences.

0
Search
Recent posts
LATEST INSIGHTS
2 August 2024
FDIC Proposes Sweeping Changes to Brokered Deposits Rules
The Federal Deposit Insurance Corporation (FDIC) has proposed a significant overhaul of its brokered deposits rules. This move, announced on July 30, 2024, could reshape the landscape for banks, neobanks, fintechs, and other financial industry players.
2 August 2024
Explaining the FCA's Public Offer Platform rules
The UK's Financial Conduct Authority (FCA) has released a consultation paper outlining proposed rules for the new public offer platform (POP) regime.
25 July 2024
What new ARGA legislation will mean for UK GRC
The King's Speech has unveiled plans for a Draft Audit Reform and Corporate Governance Bill, signalling significant changes in the UK's regulatory landscape. MBK Search has pulled out these crucial aspects that risk managers and compliance professionals need to understand:
24 July 2024
FTC sets its sights on surveillance pricing: Key points
The Federal Trade Commission (FTC) has launched a significant investigation into "surveillance pricing" practices, signalling a new frontier in consumer protection and data privacy. This will have implications for risk managers and compliance professionals across financial services. Here are five key aspects to consider:
css.php