InMobi says technical error led to faulty implementation; to delete all information it collected

Federal Trade Commission (FTC), an independent agency of the United States government, has charged InMobi, the poster boy of Indian start-ups that attracted top investors from the technology industry, of deceptively tracking the locations of hundreds of millions of consumers – including children – without their knowledge or consent to serve geo-targeted advertisements.

The mobile advertising network will pay $950,000 or Rs. 6.4 crore in civil penalties and implement a comprehensive privacy program to settle the charges.

“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a statement. “This settlement ensures that InMobi will honour consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.”

InMobi is backed by top investors -- Japan's SoftBank, Kleiner Perkins Caufield & Byers and Ram Shriram's Sherpalo Ventures. It received an investment of $200 million or about Rs.1,348 crore from SoftBank in 2011, helping it to become a 'Unicorn' or a start-up with a market cap of over $1 billion or Rs.6,744 crore. Last July, the nine-year-old company launched an artificial intelligence discovery platform, Miip, touted to be InMobi’s path to billion dollar revenues.

Charges against the company

The FTC alleges that InMobi mispresented that its advertising software would only track consumers’ locations when they opted in and in a manner consistent with their device’s privacy settings. According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps using InMobi’s software asked for consumers’ permission to do so, and even when consumers had denied permission to access their location information.

The FTC alleges that InMobi, whose advertising network has reached more than one billion devices worldwide through thousands of popular apps, offers multiple forms of location-based advertising to its customers. This includes the ability to serve ads to consumers based on their current locations, locations they visit at certain times, and on their location over time.

The complaint alleges that InMobi created a database built on information collected from consumers who allowed the company access to their geo-location information, combining that data with the wireless networks they were near to document the physical location of wireless networks themselves.

InMobi then would use that database to infer the physical location of consumers based on the networks they were near, even when consumers had turned off location collection on their device.

The FTC alleges that InMobi also violated the Children’s Online Privacy Protection Act (COPPA) by collecting this information from apps that were clearly directed at children, in spite of promising that it did not do so. The complaint noted that InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users without following the steps required by COPPA to get a parent or guardian’s consent to collect and use a child’s personal information.

InMobi responds

In response to an email query, an InMobi spokeswoman said during the investigation by FTC, InMobi discovered that there was a technical error at InMobi’s end that led to the process not being correctly implemented in all cases. As a result, some COPPA sites were served with interest-based campaigns on the InMobi Network. "InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means deliberate," according to an InMobi statement. "Any family safe ads that may have formed part of targeted campaigns would have been undertaken to target the adult owner of the device."

InMobi said it will only use Wi-Fi information when serving location-based targeted advertising campaigns when an app user has authorised the app to collect and transmit the same. It said the errors were corrected in Q4 2015, and since then, it has been fully compliant with all COPPA regulations.

Company to delete location information

In addition to the fine, the company will be required to delete all information it collected from children, and will be prohibited from further violations of COPPA, according to FTC.

InMobi will be prohibited from collecting consumers’ location information without their affirmative express consent for it to be collected. It will be required to honour consumers’ location privacy settings.

The company will also be required to delete the location information of consumers it collected without their consent and will be prohibited from further misrepresenting its privacy practices.

The settlement also will require InMobi to institute a comprehensive privacy program that will be independently audited every two years for the next 20 years.