Singapore-based InMobi has been fined US$950,000 for allegedly tracking the movements of consumers and serving their location-targeted advertising without their knowledge or consent.
Alongside the financial penalty, the mobile advertising company also would have to establish a "comprehensive privacy programme", the US Federal Trade Commission (FTC) said in a statement, adding that InMobi had agreed to the settlement. The vendor's ad network reached more than 1 billion devices globally through mobile apps, serving geo-targeted advertising to consumers.
FTC said the Singapore company had misrepresented its advertising software with claims that the tool would track only the location of consumers when they opted in and in accordance to the users' device privacy settings.
However, it was found to have monitored consumers' whereabouts regardless of whether the apps using InMobi's software sought the consumers' permission to do so, and even after consumers had denied permission to access their location data.
FTC further alleged that the ad vendor would use a database it had built, containing information collected from consumers, to sync up with the location of the consumers--based on the wireless networks they were near--even when they had turned off the location collection option on their device.
The US government agency added that InMobi had violated the US Children's Online Privacy Protection Act for extracting data from apps that were clearly targeted at children, and had failed to secure a parent or guardian's consent before collecting and using children's personal data.
FTC's director of consumer protection, Jessica Rich, said: "InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers' express privacy preferences.
"This settlement ensures InMobi will honour consumers' privacy choices in the future and will be held accountable for keeping their privacy promises," Rich said.
According to the FTC settlement, InMobi was subject to a US$4 million civil penalty but the fine was eventually fixed at US$950,000 based on the company's financial status. It also would be required to delete all data collected from children and consumers that had not given prior consent for the data collection.
Moving forward, the Singapore company also was expected to abide by consumers' location privacy settings as well as refrain from collecting their location data unless it had express consent for doing so. Its privacy programme would have to be audited by a third-party every two years, for the next two decades.