Data for Sale: Tips to Help Protect Your Private Information
On December 3, 2024, the Federal Trade Commission (FTC) announced a proposed settlement in legal action against a data broker named Mobilewalla, which was accused of using location data obtained through online advertising auctions to identify consumers by factors such as private home address and visits to health-care clinics and churches.
In an online auction, a data broker bids to place “real-time” ads for its clients on a consumer’s cell phone or other mobile device, based on consumer data shared in the auction, which typically includes a unique mobile advertising identifier (MAID) and the consumer’s location at the time of the auction. The FTC alleged that Mobilewalla retained data regardless of whether or not it won the auction and made no reasonable effort to determine if consumers had given permission to use their data.
According to the complaint, between January 2018 and June 2020, Mobilewalla collected more than 500 million MAID/location pairings and sold the raw data to advertisers, data brokers, and analytics firms. The company also used the data to create audience segments for their clients by processing it through virtual “geofences” around specific sites. For example, MAIDs that appeared within geographic coordinates around pregnancy centers were used to build audience segments targeting pregnant women. Other targeted sites included churches, labor offices, LGBTQ+ locations, and political or protest gatherings.
A gray area
Regulation of data brokers is a gray area, and this is the first time the FTC has alleged that obtaining consumer data from online advertising auctions for purposes other than participating in the auction is an unfair practice. On the same day the FTC released its proposed settlement, the Consumer Financial Protection Bureau proposed a rule requiring data brokers who sell certain sensitive consumer information to be considered consumer reporting agencies under the Fair Credit Reporting Act, which would require them to follow more rigorous practices regarding accuracy, safeguards, and consumer access to their own data. For now, however, this rule and the FTC settlement are only proposals.
Privacy vs. convenience
Regardless of government regulations, the burden for protecting your private information falls primarily on you. Personal data is a valuable commodity, and there will always be entities, whether criminals or legitimate businesses, who want to obtain and use your personal information. Protecting your data takes work, and you may have to choose between privacy and convenience.
Basic security
Data brokers like Mobilewalla are not directly stealing data, but there are plenty of criminals who try to do that every day. A sound security strategy starts with creating a unique strong password for every site and using two-factor authorization for any site containing sensitive information. Never click on links in a text, email, or website unless you know exactly where the link is going to take you. Don’t reply to emails unless you know the sender. Criminals can “spoof” an email address by making the name appear legitimate. Check the actual email address behind the name and look carefully at logos or other content used to make a spam email look legitimate — it’s usually fairly easy to see that it is not. For more tips on data security, see consumer.ftc.gov/articles/protect-your-personal-information-hackers-and-scammers.
Control what you reveal
Basic security measures may help protect you from criminals, but if you are like most people, you are giving away personal data every day. Here are some tips to limit what you offer.
Turn off tracking. The MAID number on your mobile device allows it to be tracked across websites. Unless you want personalized ads, there is generally no reason to allow tracking. On an iPhone or iPad, go to Settings > Privacy & Security > Tracking and turn off Allow Apps to Request to Track. This will prevent apps from tracking in the future and prompt you to revoke permission for any apps you have allowed to track. Apple also has its own targeted ad system, which you can disable at Settings > Privacy > Apple Advertising. On an Android device, go to Settings > Privacy > Ads and tap Delete Advertising ID. Or you can tap Reset Advertising ID to delete past tracking and create a new ID for future tracking.
Limit cookies and delete browser data. Cookies are small packets of data that allow a website to identify you. Some cookies are necessary, but most are not. Many websites offer an option to limit usage to functional cookies. You can set global rules for cookies in your browser and/or use private browsing mode. It’s a good idea to clear your cookies and other browser data regularly. This option can be found with browser settings, and you will typically be able to choose the type of data and timeframe to delete.
Limit geolocation data. Your phone goes where you go, so any app that has access to your location is tracking valuable private information. Some apps — such as a map or compass app — obviously need access to your location. But most apps do not. You can set location permissions for each app in your phone’s settings.
Be aware that your phone may be listening. If you use a virtual assistant app like Siri or Google Assistant, your phone has to be listening at all times in order to respond to your questions and commands. Apple and Google claim that those apps only listen for that purpose, but other apps may also be listening. Review the microphone settings for all your apps. If you are really concerned, turn off your voice-activated assistant.
Do not respond to online quizzes or other online questions. They may seem like fun, but the purpose is to obtain personal information that may be used to target you.
Be careful with social media. Your social media posts and the posts you click are a prime source of information for advertisers and other profilers. Look at the settings in your social media platform(s) and limit access to your posts and your account. But remember that anything you click can probably be tracked and anything you post can probably be found.