FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket

The Case

In mid-February, the FTC announced a proposed settlement to resolve allegations that security software company Avast unfairly sold consumers’ granular and re-identifiable browsing information. This was after Avast informed consumers that its software would protect their privacy and that any disclosure of their browsing information would only be in aggregate and anonymous form.

In January of this year, the FTC announced proposed settlements with data aggregators X-Mode Social and InMarket to resolve allegations stemming from how those companies handled consumers’ location data. Both companies allegedly collected precise location data from consumers’ phones. The FTC alleged that X-Mode sold consumers’ location data to private government contractors without first telling consumers or obtaining consumers’ consent to do so. And InMarket allegedly used consumers’ location data to sort them into particularized audience segments which it then provided to advertisers.

Why Does This Matter?

The three recent enforcement actions reflect a heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data, reflecting common themes that highlight serious privacy threats to consumers by business models that monetize people’s personal information.

These actions underscore the FTC’s continued commitment to protecting people's information from unlawful collection, retention, use, and disclosure.

Going forward, the FTC’s proposed orders to ensure these companies comply with the law. In addition to prohibiting them from misrepresenting how they handle people’s information, the FTC’s rulings require these companies to design, implement, maintain, and document safeguards to protect the personal information they handle.

InnReg's Experience

Since its founding in 2013, InnReg has developed deep expertise in data privacy and cybersecurity. Whether you are a regulated entity or not, we partner with you to identify your current exposure and develop a strategy to remediate them. In the end, you will be equipped with a tailored compliance program to help you mitigate your specific risks.

Learn More About This Topic

For additional details, read how InnReg’s data protection compliance checklist can help your company develop data protection best practices that meet today’s evolving requirements as more countries and US states continue to pass privacy and disclosure legislation.

Subscribe for Compliance Insights

Subscribe for Compliance Insights

Subscribe for Compliance Insights

On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.

From January 2018 to present, MMA failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules governing outside business activities (OBAs). During this period, the firm failed to evaluate and document its evaluation of OBAs disclosed by its registered representatives as required by FINRA Rule 3270.

In a February 6, 2024 release, the Securities and Exchange Commission (SEC) adopted two new rules - Rules 3a5-4 and 3a44-2 - that expand the definition of “dealer” and “government securities dealer” under the Securities Exchange Act of 1934 (Exchange Act), requiring registration by market participants that take on significant liquidity-providing roles.

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131