Mobilewalla: Deriving Sensitive Information from Location Data Creates Legal Exposure

Highlights:

• The FTC’s case against Mobilewalla highlights how use of location data for advertising purposes may heighten legal exposure. 
• Businesses that collect or use location data through digital advertising should review their compliance practices and contracts with vendors under evolving privacy standards.

Mobilewalla: Deriving Sensitive Information from Location Data Creates Legal Exposure

If your business runs digital ads or works with vendors who do, the Federal Trade Commission’s recent enforcement action against Mobilewalla is worth paying attention to. It highlights a shift in how US regulators view the collection and use of sensitive personal information, and expansion of the FTC Act to include practices prohibited under the GDPR.  

Mobilewalla participated in real-time bidding (RTB) exchanges¹ — a hidden auction on digital marketplaces where advertisers bid in milliseconds for the chance to display ads based on data transmitted when an app or website is accessed, such as location, device details, and browsing behavior. Even advertisers who lose the bid can still collect and retain this personal data.² This behind-the-scenes data sharing, often invisible to users and conducted without consent, enabled companies like Mobilewalla to harvest precise location data that could be processed to reveal information about a person’s health³, religion⁴, sexual orientation⁵, union membership⁶, political activism⁷, and other sensitive characteristics.

Notably, the FTC did not accuse Mobilewalla of collecting sensitive personal information directly, but of deriving this information from location data without appropriate checks to ensure data subject consent⁸.  The FTC also challenged the following practices by Mobilewalla as unfair and deceptive:

• Collecting consumer location information in violation of the terms of RTB exchanges⁹;
• Failing to contractually require its suppliers to obtain consumer consent, and instead using vague assurances in its agreements¹⁰;
• Failing to take steps to verify that its suppliers obtained consumer consent, and relying instead on unverified questionnaires¹¹; 
• Failing to blacklist “sensitive locations” from its data feeds¹², including “locations associated with medical facilities, places of religious worship, places that offer services to the LGBTQ+ community, domestic abuse shelters, and welfare and homeless shelters.”¹³

What also stands out in this case is how closely the FTC’s reasoning aligns with European privacy standards, particularly the GDPR’s framework for protecting “special categories of personal data.” Under the GDPR, this includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data and information related to health or sexual orientation. 

For businesses, this signals a key shift: the bar for responsible data practices is being raised, even without a federal privacy statute. And the FTC is increasingly applying global privacy concepts—like those found in the GDPR—as part of its existing enforcement framework.

*Disclaimer: The content provided in this blog is for informational purposes only and does not constitute legal advice. Reading this blog does not create an attorney-client relationship with Ivory Law Group or any of its attorneys. For legal advice, please consult with a qualified attorney directly.

1. ---

    Complaint at 2, ¶ 9, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
2.  Complaint at 5-6, ¶ 34, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
3.  Complaint at 8-9, ¶ 55, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
4.  Complaint at 8, ¶ 53, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
5.  Complaint at 10, ¶ 67, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
6.  Complaint at 11, ¶ 68, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
7.  Complaint at 5, ¶ 31, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
8.  Complaint at 6, ¶¶ 39-42, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
9.  Complaint at 2, ¶ 10, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
10.  Complaint at 6, ¶ 41, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).
11.  Complaint at 7, ¶ 43, In re Mobilewalla, Inc., FTC Docket No. C-4811 (Jan. 13, 2025).

The following two tabs change content below.

• Bio
• Latest Posts

Ivory Law Group

We provide fractional general counsel support for growth-stage companies, offering flexible coverage across commercial transactions, contracting, governance, capital raising, M&A, employment matters, and legal operations. Our model delivers the legal support companies need, without the cost or commitment of a full-time hire.

Latest posts by Ivory Law Group (see all)

• What’s on the Legal Checklist for Successful M&A in Growth-Stage Companies? - April 9, 2026
• How Do You Increase Contract Velocity Without Increasing Legal Risk? 6 Proven Tactics - March 5, 2026
• Legal Ops for Non-Lawyers: 6 Ways Finance & Operation Leaders Build Scalable Legal Systems for Growth - February 6, 2026