news


Life360 reportedly sells precise, identifiable location data

privacy

Self-styled “family safety platform”, Life360, is alleged to have sold the precise location data of its users to many data brokers, which then sell it on to all kinds of customers.

Former employees of one of the most popular data tracking apps, Life360, have told The Markup, a New York-based non-profit organisation, that their former employer sells location data it collects from its own app to around a dozen data brokers including Cuebiq, X-Mode, SafeGraph, and Arity. These brokers then apparently sell it on to whoever wishes to buy, for example advertisers, insurance companies, and government agencies, former employees at two data brokers corroborated to The Markup.

Chris Hulls, Life360’s founder and CEO, did not deny the company sells data when approached by The Markup, and claimed that monetising data “allows us to keep the core Life360 services free for the majority of our users”, which is reasonable. Instead, Hulls defended his business on two fronts.

With regard to making data unidentified back to individual users, Hulls said the company de-identifies the data before selling it to customers, including removing usernames, emails, phone numbers, and other types of identifiable user information. However, the de-identification process does not remove the device’s latitude and longitude coordinates or its mobile advertising ID, which is more critical for targeted marketing than email addresses and phone numbers. Meanwhile, the former employees claimed that sometimes even the basic de-identification was not done.

When it comes to its customers re-selling data, Hulls said “Life360’s contracts prohibit its customers from re-identifying individual users, along with other privacy and safety protective practices.” Also, more broadly, “from a philosophical standpoint” as he put it, Hulls did not support the idea that government agencies, including the military and the CDC, which have been identified as customers to the data brokers, should buy data from the commercial market. By doing so the public agencies could compromise the individual’s right to due process. However, he also conceded that it’s a challenge to monitor what partners do with the data when the data is already in their hands.

So, in a way, the defence Hulls put up was a feeble one. Many companies sell data as a means of monetisation. However, selling data is different from selling identifiable data. Many telcos are in the market but they don’t sell data directly. Instead, they sell analytics produced using aggregated, anonymised data. What’s most worrying for Life360 users is the data related, and may be identified retrospect, to children. As Justin Sherman, Duke Tech Policy Lab fellow said to The Markup, “Families would probably not like the slogan, ‘You can watch where your kids are, and so can anyone who buys this information.’”

Among the identifiable data points, the unique advertising identifier of each device, called Identifier for Advertising (IDFA) for iOS devices and Google Advertising ID (AAID) for Android devices, is the most valuable one. It enables advertisers to target the users more accurately and more persistently, especially if it is paired with geolocation data, for example the latitude and longitude coordinates. The Financial Times estimated that Apple’s iOS update to make it harder for advertisers to trace individual devices cost Snap, Facebook, Twitter, and YouTube close to $10 billion income.

Life360 has been investing to make the data in its possession to be more comprehensive and more accurate, especially through targeted acquisitions. It has bought ZenScreen, which monitors screen time, and Jiobit, which traces wearable locations. More recently it acquired Tile, a company that sells tracking tags in competition to Apple’s own tags. Hulls told The Markup that the company does not plan to sell data generated from these recent acquisitions.

Life360 has not responded to Telecoms.com’s request for comments at time of writing.

 

UPDATE 09:00 9/12/21 – we received the following emailed statement from Life360:

To be clear: We do have data partnerships, but not a single one that permits children’s data to be personally identified. All of our partners have extremely strict contractual limitations to ensure privacy. We do not allow government enforcement agencies to purchase raw data.

We provide a clear and simple way for our members to opt out of sharing their data – this is not something we hide or obfuscate deep in our privacy policy.

Data partnerships enable us to provide our members – 80% of whom use Life360 for free – valuable safety features at no cost. We protect millions of members each month with our products and services.

We respect Tile and its users and will honor their existing data policies and practices.

  • BIG 5G Event


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Polls

Do you agree public funding should be used to support mobile operators to more broadly deploy Open RAN?

Loading ... Loading ...