Goldenshores Technologies, LLC developed The Brightest Flashlight Free app, which allowed users to use their mobile devices as a flashlight by simultaneously activating all of the device’s
light sources. According to the FTC, this app was downloaded millions (tens of millions, actually) of times. At the same time it was lighting up the user’s world, The Brightest Flashlight Free app was enlightening third parties to the user’s personal information, including precise geolocation and unique device identifiers. As described by the FTC:
While running, however, the application also transmits, or allows the transmission of, data from the mobile device to various third parties, including advertising networks. The types of data transmitted include, among other things, the device’s precise geolocation along with persistent device identifiers that can be used to track a user’s location over time.
The FTC’s complaint also alleges that the app’s end-user license agreement (EULA) provided “illusory choice” to users by giving users the option of accepting or rejecting the terms of the EULA while the app was actually collecting and transmitting personal information even before the user had a chance to make the choice.
Goldenshores entered into a settlement agreement with the FTC that requires it to delete any personal information collected via the Brightest Flashlight Free app prior to the settlement and prohibits it from further misrepresentations regarding the use of personal information. It also requires Goldenshores to adequately inform users of the extent to which users can control its collection, use, and disclosure practices relating to their data. In addition, Goldenshores must provide “just-in-time” notice (i.e., notice provided immediately prior to the initial collection of information and separate from any similar document) indicating how the information may be used and why, and requires Goldenshores to obtain “affirmative express consent” from its users within the just-in-time notice when geolocation information is collected.
The settlement agreement also mandates exactly what information must be disclosed to users through the just-in-time notice, including:
- That the app collects, transmits, or allows the transmission of, geolocation information;
- How geolocation information may be used;
- Why the app is accessing geolocation information; and
- The identity or specific categories of third parties that receive geolocation information directly or indirectly from the app.
Finally, under the settlement agreement, Goldenshores will have the FTC watching it more closely for at least 10 years. Under the terms of the settlement agreement, Goldenshores is required to report various of its activities to the FTC and keep its records open to FTC scrutiny. Having a regulator breathing down your neck is no fun – it is time consuming and stressful at best and can be very financially costly at worst.
Covering my bases: There is no legal advice contained in this post. Legal advice entails applying the law to specific facts. I don’t know what your facts are and any resemblance to them here is purely coincidental. Instead, this post is meant to provide general information, which may or may not be complete and accurate. If you need legal guidance, please feel free to contact me using the contact information on my firm’s web site – www.westbendlaw.com.