Adtech/data company "OpenX secretly collected location data and opened the door to privacy violations on a massive scale, including against children"
$2 million settlement b/c of COPPA and FTC Act violations, order to delete "all ad request data":
ftc.gov/news-events/pr…
As of today, OpenX 'strongly recommends' app vendors to include the user's exact GPS location in RTB bid requests, and thus broadcasts it to many other data companies in an uncontrolled way.
And btw. OpenX 'requires' apps to include the user's IP address.
docs.openx.com/publishers/s2s…
The FTC's investigation, however, did not focus on harvesting and sharing GPS location data (which it should) but on a specific form of Wi-Fi location tracking.
According to the complaint, OpenX used a 'backdoor method' to circumvent Android permissions.
ftc.gov/system/files/d…
The FTC ordered OpenX to collect future location data via SDK only if apps have 'affirmative express consent'. This goes beyond what is usually required in the US, doesn't it?
However, it covers SDK data only (why?) and I'm afraid the FTC's conditions for consent are too weak.
In 2019 we found that OpenX received personal data including GPS location during the use of the dating app Grindr in Norway. We filed a GDPR complaint against Grindr & OpenX. Grindr has now received a large fine. I hope, we'll see a decision on OpenX soon.
forbrukerradet.no/side/complaint…
According to the FTC docs, OpenX claims that it stopped the BSSID/Wi-Fi tracking in October 2018. As this is already documented very well in the FTC complaint, it is certainly worth adding it to the GDPR case, or better, open up another one.
Btw. OpenX now claims that it's EU main establishment is in Poland.
openx.com/legal/ad-excha…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.