FTC settlement bars data broker from selling sensitive location info

Outlogic, a Virginia-based data broker, agreed to stop selling sensitive location data that helps track people’s whereabouts, as part of the Federal Trade Commission’s first data tracking settlement.

Tuesday’s accord resolves claims that Outlogic, formerly known as X-Mode Social, violated consumers’ privacy for several years by selling their data to advertisers, researchers, retailers and government contractors without permission.

According to the FTC, Outlogic had no policies until last May to remove doctor’s offices, domestic abuse shelters, reproductive health clinics, places of worship and other sensitive locations from raw data it sold.

Outlogic, which has marketed itself as the second-largest U.S. location data company, also agreed to delete all sensitive location data it collected illegally, and stop disclosing such data unless consumers agree, the FTC said.

“Openly selling a person’s location data to the highest bidder can expose people to harassment, stigma, discrimination or even physical violence,” FTC Chair Lina Khan said in a statement.

Americans deserve protection from “unchecked corporate surveillance,” she added.

The FTC said Norfolk, Virginia-based Outlogic typically gathers data through its own apps, software on third-party apps, and purchases from aggregators.

It also said Outlogic would provide data purchasers with “audience segments” for such disparate groups as “firehouses,” “military bases” and “size inclusive clothing stores.”

“The Commission rejects the premise so widespread in the data broker industry that vaguely worded disclosures can give a company free license to use or sell people’s sensitive location data,” Khan added.

X-Mode was purchased in 2021 by Atlanta-based Digital Envoy, and rebranded Outlogic.

In a statement, Outlogic said “we disagree with the implications” of the FTC announcement, and said there was no finding it misused location data.

Outlogic also said that since its 2013 inception, X-Mode has prohibited customers from “associating its data with sensitive locations such as healthcare facilities.”