The FTC has been
cracking down on health privacy violations after the U.S. Supreme Court ruled there is no constitutional right to an abortion when it overturned Roe v. Wade in 2022. A
Biden executive order in July 2022 directed federal agencies to protect people’s privacy related to reproductive health care services.
With no federal law against selling location data from smartphones, cars, computers and other connected devices, companies are able to collect and share people’s whereabouts, which can track individuals to their homes, workplaces and other sites.
According to the FTC, in one contract, Outlogic collected location data on people who visited certain medical facilities and then went to pharmacies or specialty infusion centers, and the data broker then shared its information with a clinical research company for marketing and advertising.
While the company didn’t share any data related to abortion clinics, the FTC said Outlogic’s sales were still a significant privacy violation.
“The FTC’s action against X-Mode makes clear that businesses do not have free license to market and sell Americans’ sensitive location data,” FTC Chair Lina Khan said in a statement. “By securing a first-ever ban on the use and sale of sensitive location data, the FTC is continuing its critical work to protect Americans from intrusive data brokers and unchecked corporate surveillance.”
The settlement also requires Outlogic to delete all the data it previously collected without consent and provide a clear way for people to opt out of the company’s location data collection.
An Outlogic spokesperson said the company disagreed with the FTC’s announcement, arguing the agency’s investigation found no misuse of data. The company notes it has contractual restrictions preventing its customers from identifying people with data linked to sensitive locations like health care facilities.
“Adherence to the FTC’s newly introduced policy will be ensured by implementing additional technical processes and will not require any significant changes to businesses or products,” the company said in a statement.
Outlogic collects its data from over a hundred mobile apps, including software for navigation, weather and fitness. In 2020,
Motherboard revealed that Outlogic collected data from Muslim prayer apps, and in 2022,
The Markup found that the data broker was receiving location data from the family-tracking app Life360 as well as dating apps for the LGBTQ community.
Companies use location data to target ads to people who have been in specific areas, such as people who attended a campaign rally or shoppers who have visited certain stores.
Privacy advocates are concerned that law enforcement can use this location data to prosecute people seeking an abortion. Anti-abortion groups have also
used location data to target ads to Planned Parenthood visitors.
The FTC also has an ongoing case against the data broker Kochava, which the FTC alleged sold location data that allowed buyers to identify and track people who visited women’s reproductive health clinics.
Sen. Ron Wyden (D-Ore.), who has raised concerns about government agencies buying information from data brokers, called for stronger regulations after the FTC’s announcement.
“Congress needs to pass tough privacy legislation to protect Americans’ personal information and prevent government agencies from going around the courts by buying our data from data brokers,” Wyden said in a statement.
This story was updated with a comment from Outlogic and Sen. Ron Wyden.