How Are Data Brokers Harvesting App Geolocation Data?
The data privacy lawyers at The Lyon Firm are investigating a wide range of potential federal geolocation privacy violations, some of which are allegedly instigated by large data brokers and online advertisers. Contact our attorneys if you believe your personal data and location data have been shared without your consent.
Personal data has immense value to marketers and advertising firms, which has driven the data brokering industry to new heights. But without the consent of consumers to share such data, it may be a clear data misuse violation that can result in legal action. We are reviewing new claims of geolocation tracking and data misuse, and representing plaintiffs nationwide in invasion of privacy lawsuits. Call for a free consultation and case review.
How are Data Brokers selling your Geolocation Data?
An article published in Wired gives a rudimentary summary of how some advertisers and data brokers are using roundabout tactics to collect and sell large amounts of geolocation data without the consent of individual consumers. The advertising industry is allegedly harvesting sensitive location data on a giant scale, with that specific data then stored and sold to the highest bidder. But how is any of this legal?
These data brokers have operated in gray areas of the law for many years now. New reports outline how they have been able to obtain so much data from consumers through the huge advertising ecosystem, without users’ or even the app developers’ knowledge. Essentially, data can be harvested simply by bidding on an in-app ad, even without the intention to purchase an ad.
So these data brokers that are selling data to commercial and government clients appear to be taking their data from online advertising bid streams, which is not necessarily illegal in most cases. When companies bid to place ads inside an app, they are able to harvest the location of consumers’ mobile devices.
The EU apparently has more privacy protections in place than the U.S., and geolocation data is not always protected under current state and federal law. The Federal Trade Commission has taken action on this issue, however. The FTC banned a location data company called Mobilewalla from collecting consumer data “from online advertising auctions for purposes other than participating in those auctions.” The FTC said the data broker Gravy Analytics, and an associated company called Venntel, collected data without obtaining user consent, and ordered the companies to delete historical location data.
Gravy Analytics is a data broker that has fair amount of influence in the location data industry. The company collates mobile phone location data from various sources, then sells it to commercial companies or, through its subsidiary Venntel, to US government agencies.
This all came to light when Gravy Analytics data trove was hacked and published by 404 media. The list of apps that have been allegedly tapped by Gravy include Tinder, Grindr, Candy Crush, Temple Run, Subway Surfers, My Period Calendar & Tracker, MyFitnessPal, Tumblr, Microsoft’s 365 office app and flight tracker Flightradar24. To be clear, it is not entirely clear whether Gravy collected this location data itself or sourced it from another company, but they were in possession of it.
All of the location data collected appears to be sourced through real-time bidding, which dictates who is responsible (not actually the app publishers themselves). A serious concern is how users may be able to protect their privacy when they are completely unaware that such an intrusion has taken place.
Consumer protection groups and privacy attorneys are filing class action lawsuits to prohibit such behavior and compensate plaintiffs for any damages. Call our legal team to discuss your geolocation data privacy or data misuse claims.