FTC Clamps Down on Mobilewalla, Bans Sale of Sensitive Location Data

The Federal Trade Commission (FTC) has recently banned data broker Mobilewalla Inc. from selling sensitive location data. The settlement, finalized this week, not only reprimands the company’s questionable practices but also sends a strong message about the importance of consumer consent in the digital age.

Mobilewalla, a company that made its mark in the ad tech world, found itself on the wrong side of the FTC for allegedly collecting and selling sensitive location data without consumers’ informed consent. The allegations? That Mobilewalla tracked movements to deeply personal places—healthcare clinics, religious institutions, even LGBTQ+ support centers—and then sold this information to the highest bidder.

This case is about more than one company’s missteps. It’s a warning shot to an industry built on the quiet exchange of personal data. FTC Chair Lina Khan didn’t mince words, emphasizing that the unauthorized sale of such data “can reveal deeply personal details about individuals, making its unauthorized sale particularly harmful.”

The FTC alleges that Mobilewalla not only gathered sensitive location data but did so without verifying whether consumers had agreed to share this information. This practice, according to the complaint, exposed individuals to profiling, discrimination, and potential misuse.

A First-of-Its-Kind Restriction

What makes this ruling truly groundbreaking is its inclusion of restrictions tied to real-time bidding (RTB) advertising exchanges. Mobilewalla is now prohibited from collecting consumer data from these exchanges for any purpose beyond participating in the auctions. This move signals the FTC’s readiness to challenge practices that have long been considered standard in digital advertising.

The final order goes further:

• Prohibiting Data Misuse: Mobilewalla can no longer sell, transfer, or disclose data collected from sensitive locations such as health clinics, correctional facilities, or LGBTQ+ support centers.
• Ensuring Transparency: The company is banned from misrepresenting how it collects, uses, and safeguards consumer information, or claiming that sensitive location data is “deidentified” when it is not.
• Data Deletion Requirements: Mobilewalla must delete sensitive location data it previously collected and adopt stringent compliance measures to avoid future violations.

This isn’t just another settlement; it’s a cultural shift in how regulators approach the intersection of consumer privacy and corporate responsibility. Data brokers, once operating in the shadows, are now squarely in the spotlight. For Mobilewalla and its peers, the message is clear: consent is not optional, and transparency is non-negotiable.

For governance, risk, and compliance (GRC) professionals, this case raises the stakes. Companies can no longer rely on vague terms of service or assume that consumers aren’t paying attention. Regulators certainly are.

For GRC teams navigating this new landscape, the Mobilewalla settlement is a wake-up call to:

• Audit Data Practices: Understand where your data comes from, how it’s used, and whether consent mechanisms are both robust and verifiable.
• Strengthen Privacy Policies: Go beyond compliance checkboxes to ensure meaningful consumer protections are embedded in organizational practices.
• Prepare for Broader Scrutiny: As the FTC’s stance on RTB advertising exchanges demonstrates, entire business models may soon face regulatory review.

A Divided Commission

Interestingly, not everyone at the FTC was on board. Commissioner Melissa Holyoak voted against the settlement, arguing that the restrictions might be too broad or difficult to enforce. While her dissent highlights ongoing debates about the best way to regulate the data economy, the majority of the Commission clearly believes this action is a necessary step to protect consumers.

This ruling isn’t just a legal decision; it’s a shift in the balance of power between consumers and the companies handling their data. The FTC’s actions signal a broader trend that as the digital economy grows, so does the need to protect those participating in it.

For now, the industry watches closely, recognizing that this case may set the tone for how data practices are scrutinized—and penalized—in the future.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.