The U.S. Federal Trade Commission (FTC) has prohibited data broker Outlogic, formerly known as X-Mode Social, from sharing or selling sensitive location data, marking the first-ever ban on the use and sale of such data. The ban is part of a settlement over allegations that Outlogic sold precise location data, allowing the tracking of individuals’ visits to sensitive locations like medical and reproductive health clinics, religious places, and domestic abuse shelters. Outlogic was accused of failing to establish adequate safeguards to prevent the misuse of this data by downstream customers. The settlement requires the destruction of previously gathered location data unless obtaining consumer consent or ensuring data de-identification, alongside the development of a comprehensive privacy program.
Outlogic, previously X-Mode Social, had attracted attention in 2020 for selling location data to the U.S. military. The company collects precise location data from proprietary and third-party apps that incorporate its software development kit (SDK). The FTC accused Outlogic of not having policies to remove sensitive locations from the sold data until May 2023, exposing users to potential privacy risks and harms. The agency highlighted the company’s lack of transparency about which entities would receive the data when a customer used a third-party app with its SDK, and failure to ensure these apps sought informed consumer consent for accessing location information.
The FTC’s action is in response to privacy concerns related to the sale and use of sensitive location data by data brokers. Outlogic disagreed with the “implications” of the FTC announcement, stating that there was no finding of misuse of location data. However, the regulatory move underscores the need for robust privacy legislation to protect individuals’ personal information. U.S. Senator Ron Wyden commended the FTC’s action, emphasizing the importance of comprehensive privacy legislation to prevent data brokers from potentially compromising individuals’ data.